Recent Discussions
Problems monitoring Cisco Meraki using API
Hello, I am trying to monitor a Meraki network using LogicMonitor. I followed the instructions found in (https://www.logicmonitor.com/support/cisco-meraki-monitoring). Step 8 is about the filter section and how to filter on specific device categories. I am not sure on how to filter on specific categories and add them to a specific folder based on the response. I added two screenshots; one from the LM documentation page about Meraki and the other from the current configuration on LM. Meraki NetScan: *Note: I know that I need two extra properties in order to look for duplicate entries. My question: How do I apply specific filters in order to only monitor switches and wireless access points. And is it possible to categorize devices based on their type under different sub-folders?
Real-Time Insight: Webhook Events as Logs Now Available in LogicMonitor
As highlighted in our recent v228 platform release notes, we’re excited to announce that Webhook Events as Logs is now generally available. This enhancement makes it easier than ever to bring external alerts and events directly into LogicMonitor—no Collector required. If you’re using a platform like Cisco Meraki, Rubrik Security Cloud, or CommScope Ruckus One, you can now configure those systems to send webhook alerts straight to your LogicMonitor portal. Why It Matters Traditional log collection methods (like syslog or scripted collection) rely on a Collector to process messages. With Webhook Events as Logs, external platforms securely deliver event data via HTTPS directly to LM Logs. This means: Faster insight: Events are ingested in real time, not on a polling interval. Simpler setup: No Collector configuration or maintenance needed. Flexible processing: Use LogSources to filter, enrich, and map webhook messages to LogicMonitor resources, and extract key fields for use in alert rules, messages, or queries. Getting Started To use Webhook Events as Logs, you’ll need: LM Logs enabled in your LogicMonitor account A platform that supports Bearer Token Authorization (either natively in its UI or via custom header configuration) Once configured, external systems can send events directly into LM Logs—triggered by real-world actions rather than scheduled polling. Real-World Examples Here are just a few examples of events that can now flow directly into LogicMonitor via webhooks: A camera detects motion A panic or lockdown button is pressed (e.g., Alyssa’s Law compliance) A wireless client joins or disconnects from a network A device becomes unreachable A backup job fails A virtual machine shuts down A configuration change occurs (e.g., in a Cisco Meraki network) Any webhook-capable system that can send a Bearer-authenticated POST request can now send event data to LogicMonitor. Verified Integrations We’ve validated this capability with: Cisco Meraki Rubrik Security Cloud CommScope Ruckus One …but the feature is built to work with any platform that supports webhook notifications. Learn More For setup details and examples, check out: Product Documentation for Webhook Events as Logs: https://www.logicmonitor.com/support/webhook-events-as-logs LogicMonitor Webhook Integration for Cisco Meraki: https://developer.cisco.com/meraki/webhooks/logicmonitor-custom/
Servicenow incident Priority Getting changed after acknolwedgement
Hi All, Any one faced the issue with Incident Priority getting changed form P4 to P3 after some one acknowledges the Incident as part of Servicenow logcimonitor ITSM Integration I don't see any thing in the payload that will update the Priority of the incident
LM Config/SonicWall Firewalls
Is anyone using LM Config with SonicWall Firewalls? A recent SonicOS upgrade is causing SSH retrieval failures on our SonicWall Firewalls that are now running SonicOS 7.3.X. I have a ticket open with support but wanted to see if anyone else is experiencing this and/or if you have a fix. The release notes from SonicWall reference an update to OpenSSH occurred in this release.PowerShell module auto-load
Hi all I'm struggling with something so thought I'd see if anyone else has experienced this... We have a customer running Azure Local which is essentially a Windows Server cluster running Hyper-V and Storage Spaces Direct. We've configured a least priv user for monitoring, this is working fine for WMI queries but none of the PowerShell based modules are working. I've done a load of troubleshooting and found that WinRM will allow connections, but we can't even run basic cmdlets like Write-Host because it doesn't find the commands. It works fine though if we explicitly load the required modules (e.g. Import-Module Microsoft.PowerShell.Utility). We can test and this works fine This proves that the modules we need are there and that there is nothing preventing us from using them (there is no "Just Enough Admin" setup to block it for example). I suppose I could work through all the modules in the platform, identify all the module dependencies and write in code to check and load them, but that would be quite an undertaking and I really can't justify running custom versions of all the LM modules to workaround an issue on a single customer environment. Has anyone run into this before and have a solution? A few things I've ruled out: The modules exist on the system (we're just trying to use built-in/standard modules at the moment) The environment vars have the right Modules path set (and we can import modules manually, so that is working) Ruled out execution policy (if we manually import a module, it works fine) Ruled out a Constrained Session.... at least, I believe so because $execution.context.sessionstate states LanguageMode=FullLanguage Rules out Just Enough Administration being in place... again, I believe so because $PSSenderInfo states ConfigurationName=Microsoft.PowerShell (I believe this would be different if we were operating under a different JEA enforced profile configuration). Also, there's nothing stopping us from manually importing and using modules. It looks to me like it's just module auto-load that is disabled but, as I understand it, this has to be explicitly disable and the customer hasn't done so. I understand from the customer that it works fine with an admin account, perhaps there is some hardening that Microsoft applies automatically as it's a customised Azure Local specific version of Windows Server. I did try and explicitly enable auto-load by creating a profile file for my non-admin user and setting the value $PSModuleAutoloadingPreference='All' but that seemed to have no effect. I'm not convinced it's even looking for a profile file to be honest. When I use WinRM to run "$PROFILE | Select-Object *" then nothing is returned. The customer has opened a ticket with Microsoft about this, although is getting fairly vague suggestions around JEA (which I don't believe is in place) and that Azure Local may have some hardening. So I thought I'd put it to the community :) I'll also raise it with LM support. DaveCisco FMC Modules - Virtual
Hello All, Bit new to the forum but here I go! Currently have a client running the below FMC: Cisco Firepower Extensible Operating System (FX-OS) 2.14.1 (build 167) Secure Firewall Management Center for VMware I have come across the module for Cisco FMC Module but it seems to be all wrong. The API endpoint it is referencing is always api/chassis or api/login or api/logout, you get it, it's api/<endpoint>. Looking at the api/api-explorer ont the FMC box it looks like all the api endpoints are more like the below. Instead of (current module): /sys/chassis/chassis-env It should be: /api/fmc_config/v1/domain/{domainUUID}/chassis/fmcmanagedchassis I can see from the documentation here (https://www.logicmonitor.com/support/monitoring/networking-firewalls/cisco-firepower-chassis-manager-monitoring) that the Module was only tested on physical Chassis FMCs not virtual ones. Has anyone come across this? Do you know of any modules that work with virtual ones? Just before I start writing my own :) PS: I have looked at the "CiscoFirepowerSNMP" based modules, and they also only support Hardware Based FMCs / FTDs. Thanks in advance, David
New-LMWebsite for internal check not working properly
Hello, I'm trying to use the module to create about 300 website checks: lm-powershell-module/Documentation/New-LMWebsite.md at main · logicmonitor/lm-powershell-module · GitHub Unfortunately that fails with an issue where checkpoints are not added and the page check doesnt work. The line creating the website is: New-LMWebSite -WebCheck -name $web.name -WebsiteDomain $web.name -HttpType "https" -GroupId "4" -OverallAlertLevel "warn" -IndividualAlertLevel "warn" -IsInternal $true -TestLocationCollectorIds @(1, 15, 18) With this result: id name description type isInternal status -- ---- ----------- ---- ---------- ------ 281 mtc92.mom.domain.com webcheck True dead-collector To make it work I need to get to the site check and manually select collector group and collector id. Any suggestions to sort this out?
