Recent Discussions
Linux Collectors: Expanded OS Support
We recently expanded our list of supported Linux distributions by adding Oracle, Chainguard, and Rocky Linux. Also, at the end of June we'll no longer support CentOS, as this distribution is end of life and no longer maintained. https://www.logicmonitor.com/support/adding-collector#h-collector-server-requirements Excerpt support list for Collector OS: Amazon Linux CentOS Linux (LogicMonitor End of Support: July 1, 2026) Chainguard Debian GNU/Linux Oracle Linux Server Red Hat Enterprise Linux (RHEL) Rocky Linux Ubuntu With this, over 93% of all Linux collectors used by our customers are using a LogicMonitor-supported Linux distribution. However, a little south of 5% of Linux collectors are still running CentOS that reached end-of-life four years ago, so if this applies to please make plans to migrate to a supported Linux distro to mitigate risk of monitoring disruption and to maintain a strong security posture.
Collector Status Alerting
The settins/collectors pages show alert ahainst collectors e.g. Watchdog etc. However these alerts do not appear in the general Alerts GUI or against the collector host resource. We have some single collectors that when fail will cause all the resources underneath to alert (host Status). However I would like an alert agains the collector or its host that can be sent to ServiceNow (I do not want a Host Status alert for each resource under a single collector to raise a ticket). I simply want the alert that is generated (collector Down) in the escalation chain to be visible in the GUI with it's ServiceNow ticket. I can see it in the Integration Log(ServiceNow) with a ticket reference generated but this is time consuming and not visible to all users.Clone dashboard group using API
Hi all, We have a process which triggers the cloning of a group of dashboards using the v3 API. It is not often called so I can't say for sure when it stopped working but we've noticed recently that the dashboard group and the contained dashboards have been cloned but do not contain any of the widgets widgets that are present in the "template". Looking at the REST API v3 Swagger documentation, we have noted a (new?) POST method /dashboard/groups/{id}/asyncclone which looks to also be what is called when cloning a dash group in the UI. We have tried to call this method but receive the message Authentication failed 1401 This seems unusual because the same API credentials are being used to add and create devices. If it were a permission issue (API account has full Manage permission of all dashboards), we would expect to see 1403? We've also attempted to use the SDK to achieve the same, although we're seeing different behaviour here - the audit logs suggest the dashboard group has been cloned successfully and references both the ID of the new group and its parent, yet it is nowhere to be found. I will be raising a support ticket but I thought I'd post here to see if we're the only ones experiencing this and might be doing something wrong or if it's a wider issue? Matt
Recommendations monitoring Windows Core 2025
We recently upgraded a client environment to HPE windows core 2025 servers running Hyper-V and are configured with HPE cluster manager for failover. In addition, we are Azure stack HCI configured for the environment. I added the Core Windows 2025 servers in LM but didn't discover anything based on WMI. From what I see, WMI is not included in the core installation, and I'm seeing Microsoft is depreciating it. There are mentions of using WMIC via powershell. I also see there are some logic modules for HPE and may logic modules for Azure. With that said, I'm looking for recommendations and best practices to monitor an HPE core environment with Hyper-V, cluster manager and Azure HCI stack.AWS / Azure Service Health
Reposting...as somehow old post is removed !! Hi All, I am trying to make sense of AWS/Azure service health data source and how we can utilize it effectively. From what we understand, it takes updates from RSS feed of AWS and Azure but it doesn't have capability to co-relate multiple events into a single alert due to which it becomes impossible to proactively notify our consumers. For example, an issue occurring on azure storage has 100s of events and all have same information. Please let me know if you have used it an effective manner or if there is any workaround. Thanks AKReal-Time Insight: Webhook Events as Logs Now Available in LogicMonitor
As highlighted in our recent v228 platform release notes, we’re excited to announce that Webhook Events as Logs is now generally available. This enhancement makes it easier than ever to bring external alerts and events directly into LogicMonitor—no Collector required. If you’re using a platform like Cisco Meraki, Rubrik Security Cloud, or CommScope Ruckus One, you can now configure those systems to send webhook alerts straight to your LogicMonitor portal. Why It Matters Traditional log collection methods (like syslog or scripted collection) rely on a Collector to process messages. With Webhook Events as Logs, external platforms securely deliver event data via HTTPS directly to LM Logs. This means: Faster insight: Events are ingested in real time, not on a polling interval. Simpler setup: No Collector configuration or maintenance needed. Flexible processing: Use LogSources to filter, enrich, and map webhook messages to LogicMonitor resources, and extract key fields for use in alert rules, messages, or queries. Getting Started To use Webhook Events as Logs, you’ll need: LM Logs enabled in your LogicMonitor account A platform that supports Bearer Token Authorization (either natively in its UI or via custom header configuration) Once configured, external systems can send events directly into LM Logs—triggered by real-world actions rather than scheduled polling. Real-World Examples Here are just a few examples of events that can now flow directly into LogicMonitor via webhooks: A camera detects motion A panic or lockdown button is pressed (e.g., Alyssa’s Law compliance) A wireless client joins or disconnects from a network A device becomes unreachable A backup job fails A virtual machine shuts down A configuration change occurs (e.g., in a Cisco Meraki network) Any webhook-capable system that can send a Bearer-authenticated POST request can now send event data to LogicMonitor. Verified Integrations We’ve validated this capability with: Cisco Meraki Rubrik Security Cloud CommScope Ruckus One …but the feature is built to work with any platform that supports webhook notifications. Learn More For setup details and examples, check out: Product Documentation for Webhook Events as Logs: https://www.logicmonitor.com/support/webhook-events-as-logs LogicMonitor Webhook Integration for Cisco Meraki: https://developer.cisco.com/meraki/webhooks/logicmonitor-custom/
Servicenow incident Priority Getting changed after acknolwedgement
Hi All, Any one faced the issue with Incident Priority getting changed form P4 to P3 after some one acknowledges the Incident as part of Servicenow logcimonitor ITSM Integration I don't see any thing in the payload that will update the Priority of the incidentLM Config/SonicWall Firewalls
Is anyone using LM Config with SonicWall Firewalls? A recent SonicOS upgrade is causing SSH retrieval failures on our SonicWall Firewalls that are now running SonicOS 7.3.X. I have a ticket open with support but wanted to see if anyone else is experiencing this and/or if you have a fix. The release notes from SonicWall reference an update to OpenSSH occurred in this release.PowerShell module auto-load
Hi all I'm struggling with something so thought I'd see if anyone else has experienced this... We have a customer running Azure Local which is essentially a Windows Server cluster running Hyper-V and Storage Spaces Direct. We've configured a least priv user for monitoring, this is working fine for WMI queries but none of the PowerShell based modules are working. I've done a load of troubleshooting and found that WinRM will allow connections, but we can't even run basic cmdlets like Write-Host because it doesn't find the commands. It works fine though if we explicitly load the required modules (e.g. Import-Module Microsoft.PowerShell.Utility). We can test and this works fine This proves that the modules we need are there and that there is nothing preventing us from using them (there is no "Just Enough Admin" setup to block it for example). I suppose I could work through all the modules in the platform, identify all the module dependencies and write in code to check and load them, but that would be quite an undertaking and I really can't justify running custom versions of all the LM modules to workaround an issue on a single customer environment. Has anyone run into this before and have a solution? A few things I've ruled out: The modules exist on the system (we're just trying to use built-in/standard modules at the moment) The environment vars have the right Modules path set (and we can import modules manually, so that is working) Ruled out execution policy (if we manually import a module, it works fine) Ruled out a Constrained Session.... at least, I believe so because $execution.context.sessionstate states LanguageMode=FullLanguage Rules out Just Enough Administration being in place... again, I believe so because $PSSenderInfo states ConfigurationName=Microsoft.PowerShell (I believe this would be different if we were operating under a different JEA enforced profile configuration). Also, there's nothing stopping us from manually importing and using modules. It looks to me like it's just module auto-load that is disabled but, as I understand it, this has to be explicitly disable and the customer hasn't done so. I understand from the customer that it works fine with an admin account, perhaps there is some hardening that Microsoft applies automatically as it's a customised Azure Local specific version of Windows Server. I did try and explicitly enable auto-load by creating a profile file for my non-admin user and setting the value $PSModuleAutoloadingPreference='All' but that seemed to have no effect. I'm not convinced it's even looking for a profile file to be honest. When I use WinRM to run "$PROFILE | Select-Object *" then nothing is returned. The customer has opened a ticket with Microsoft about this, although is getting fairly vague suggestions around JEA (which I don't believe is in place) and that Azure Local may have some hardening. So I thought I'd put it to the community :) I'll also raise it with LM support. Dave
