Recent Discussions
Deep Dive troubleshooting question
I'm having difficulties tracking down the source of a Service Account Lockout occuring in a fairly complex domain structure. I've found it necessary to set WMI creds at the top of the heirarchy, with sub-groups having different WMI creds, as well as individual devices with their own. On the domain controller that would be targeted with a sub-group WMI cred set, I see most 'Sources collecting correctly, but a few times a day, the SA is locking out. I find the 4740 on the DC, but can't quite track down the specific event (should be a 4625) causing the lockout. The only 4625 I'm finding show the Main group WMI creds... which are in a different domain. Seems as though some 'Sources are using the wrong WMI creds (or defaults based on the Collector's SA). The question: Is there a way to get a !TLIST showing the WMI.USER being leveraged in the debug console for each job?
Where are LLDP and CDP categories set?
I have some devices that I expected to pick up the LLDP Neighbors and/or CDP Neighbors datasources, but those require LLDP and/or CDP categories, but I'm not sure which part of LM would make that assignment. I dont see any property sources specific to LLDP or CDP, and I dont usually get too deep into the weeds on debugging category code. Any suggestions on which property source this comes from, or if its from sysoid maps or something else? Thanks!How to alert when we STOP receiving logs?
We recently had an issue where we needed to review logs from a router during a P1 outage, but found that LM had stopped receiving logs from the device 2 weeks ago. We need a way to have a "No Data" type of alert for logs, so that if a device stops sending us logs we can be notified and resolve the issue. Instead of finding out 2 weeks later when the logs are needed during an outage. We can't use the Log Usage datasource for this because it is based on push metrics and does not have a collection interval.
Real-Time Insight: Webhook Events as Logs Now Available in LogicMonitor
As highlighted in our recent v228 platform release notes, we’re excited to announce that Webhook Events as Logs is now generally available. This enhancement makes it easier than ever to bring external alerts and events directly into LogicMonitor—no Collector required. If you’re using a platform like Cisco Meraki, Rubrik Security Cloud, or CommScope Ruckus One, you can now configure those systems to send webhook alerts straight to your LogicMonitor portal. Why It Matters Traditional log collection methods (like syslog or scripted collection) rely on a Collector to process messages. With Webhook Events as Logs, external platforms securely deliver event data via HTTPS directly to LM Logs. This means: Faster insight: Events are ingested in real time, not on a polling interval. Simpler setup: No Collector configuration or maintenance needed. Flexible processing: Use LogSources to filter, enrich, and map webhook messages to LogicMonitor resources, and extract key fields for use in alert rules, messages, or queries. Getting Started To use Webhook Events as Logs, you’ll need: LM Logs enabled in your LogicMonitor account A platform that supports Bearer Token Authorization (either natively in its UI or via custom header configuration) Once configured, external systems can send events directly into LM Logs—triggered by real-world actions rather than scheduled polling. Real-World Examples Here are just a few examples of events that can now flow directly into LogicMonitor via webhooks: A camera detects motion A panic or lockdown button is pressed (e.g., Alyssa’s Law compliance) A wireless client joins or disconnects from a network A device becomes unreachable A backup job fails A virtual machine shuts down A configuration change occurs (e.g., in a Cisco Meraki network) Any webhook-capable system that can send a Bearer-authenticated POST request can now send event data to LogicMonitor. Verified Integrations We’ve validated this capability with: Cisco Meraki Rubrik Security Cloud CommScope Ruckus One …but the feature is built to work with any platform that supports webhook notifications. Learn More For setup details and examples, check out: Product Documentation for Webhook Events as Logs: https://www.logicmonitor.com/support/webhook-events-as-logs LogicMonitor Webhook Integration for Cisco Meraki: https://developer.cisco.com/meraki/webhooks/logicmonitor-custom/Resource Explorer Alert Filters ConfigSources?
I would like to use the Resource Explorer to display and group devices based on Alerts, specifically ConfigSource alerts. However it seems that only DataSource options appear in the list on the resource explorer page: I can filter for Datasource datapoints but none of my ConfigSources show up here. Is there some other way to do this, or is this something on the roadmap? Thanks!
RDS Storage Alert Expression Adjustment for Auto Grow Disk
Hi All, I have an RDS instance that keeps triggering a warning alert on storage usage, even though the disk is configured to auto-grow. Currently, storage is just over 200 GiB and can grow up to a hard limit of 500 GiB. Our Current expression mentioned is in the attached screenshot with the proposed expression? Since the disk can auto-grow up to the 500 GiB hard limit, should we update the expression to the proposed? Please confirm if this adjustment would be the correct approach? Thanks,
Bests practices for WMI failures
Hi All! we recently identified a monitoring gap: a server was responding to ping but not collecting WMI data, so it didn't issue an alert. We discovered it was in a hung state. We are considering enabling critical alerts around WMI Uptime. This should help by detecting a WMI failure on nodata or identifying if a device was rebooted during business hours without authorization. Based on your experience, is there a better approach for this? Thinking it will also work well for SNMP.Historical SDT en reporting
Hi community, I'm running into a limitation with reporting on Scheduled Downtime (SDT) in LogicMonitor. Right now, i' m able to pull alerts that occurred during SDT' s but i cannot generate a single report that shows all historcal SDTs across all my resources/devices. For my use case, it's important to: Filter per resource group Include this data in regular reporting and analysis to highlight structural SDT usage My questions to the community: is there any way to generate such a historical SDT report, does someone have a script or code to share to get that trough the API Thanks in advance!
SNMPv3 Support on Logic Monitor
Hi Team, I am trying to implement SNMPv3 in our environment. We mainly use Cisco devices (IOS, Nexus, ASA, etc.). Our LogicMonitor collector is running on: Virtualization: Xen Operating System: CentOS Linux 7 (Core) When I run the following command on the Linux device, I receive a successful response: " snmpwalk -v3 -u username -l authPriv -a SHA -A 'Mypassword' -x AES128 -X 'Mypassword' 192.168.x.x " However, when I test with snmpget from the LogicMonitor collector’s debug console, I get the following error: Authentication protocol not supported - AES java.lang.IllegalArgumentException: Authentication protocol not supported - AES at com.santaba.agent.util.snmp.SnmpUtil.getAuthProtocol(SnmpUtil.java:77) at com.santaba.agent.util.async.SNMPClient._setAuthInfo(SNMPClient.java:1101) at com.santaba.agent.util.async.SNMPClient.initialize(SNMPClient.java:163) at com.santaba.agent.util.async.SNMPClient.initialize(SNMPClient.java:143) at com.santaba.agent.debugger.SnmpDebugTask._handle(SnmpDebugTask.java:243) at com.santaba.agent.debugger.DebugTask.run(DebugTask.java:176) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1583) Question: Does LogicMonitor support AES for SNMPv3? I’ve used the same configuration successfully with other monitoring tools, such as PRTG, and it works without issues.Servicenow incident Priority Getting changed after acknolwedgement
Hi All, Any one faced the issue with Incident Priority getting changed form P4 to P3 after some one acknowledges the Incident as part of Servicenow logcimonitor ITSM Integration I don't see any thing in the payload that will update the Priority of the incident
