Minimal Monitoring alerter

Question

This is the most ridiculously simple datasource, possibly ever.

Where devices end up in&nbsp;the 'Minimal Monitoring' dynamic group (i.e. the collector has not been able to find the&nbsp;device properties)&nbsp;the only way you know is by choosing to look in that group.

NOTE: The&nbsp;'Minimal Monitoring' dynamic group does not exist in all accounts. It's a problem-catching group that we only invented a year or so back, and like any group it can be deleted. You may also have created your own 'Minimal Monitoring' group for other purposes, so check in your account FIRST, before importing this datasource.

The&nbsp;'Minimal Monitoring' dynamic group this datasource is intended for has a dynamic group custom query&nbsp;of:

system.sysinfo == "" &amp;&amp; system.sysoid == "" &amp;&amp; isDevice() &amp;&amp; !(system.virtualization) &amp;&amp; (monitoring != "basic")

This datasource then has the very simple&nbsp;AppliesTo of:

join(system.groups,",") =~ "Minimal Monitoring"

The datasource is a datapump type that both returns and alerts on a value of 1 for all devices, set to alert on the second 10-minute poll, so you get a warning alert from every device within Minimal Monitoring. The poll interval and alert trigger delay combine to give a modest grace period to permit new devices to have AD run against them, to avoid false alerts.

Once changes are made such that the device properties are found, the devices will be removed from the Minimal Monitoring group and the datasource will therefore de-associate, removing the alert.

FXK3HP

Once changes are made&nbsp;such that the device properties are found, the devices will be removed from the Minimal Monitoring group and the datasource will therefore de-associate, removing the alert.

FXK3HP

antony_hawkins · Answer

With or without alerting, a very simple 'Problem Devices' dashboard is also very easy to construct - just a text widget with an explanation, and a NOC widget listing each device in the 'Minimal Monitoring' device group:

andrey_kitsen · Answer

@Antony Hawkins&nbsp;do you find customers are quite interested in this ? or is this something particular to larger companies ?

antony_hawkins · Answer

@Andrey Kitsen&nbsp;I created the alerter and the dashboard, and&nbsp;have subsequently&nbsp;used them, for cases&nbsp;where a customer has run a netscan on an inadequately-prepared (for LogicMonitor purposes) network, for example where SNMP credentials were unknown or SNMP was&nbsp;not running, resulting in large numbers of unmonitored devices. This is only a small proportion of customers, so I don't have a statistically significant sample to comment on.

It's probably most useful in large&nbsp;environments with&nbsp;small numbers of non-responsive devices, as these are the cases where a large number of&nbsp;monitored devices in groups can appear to be "everything" - it's easy to overlook the fact that there are a few devices missing from hundreds or thousands across multiple groups. These cases tend to be where a small number of devices have non-standard SNMP configs, etc - maybe their community string differs from what should be the network standard and therefore the group-level snmp.community value doesn't permit a response.

However, it does have uses in smaller environments, and clearly also if all N00 or N,000 detections&nbsp;from a netscan arrive in Minimal Monitoring, it will quickly flag this up too.

andrey_kitsen · Answer

On 6/20/2017 at 3:46 AM, Antony Hawkins said:

@Andrey Kitsen&nbsp;I created the alerter and the dashboard, and&nbsp;have subsequently&nbsp;used them, for cases&nbsp;where a customer has run a netscan on an inadequately-prepared (for LogicMonitor purposes) network, for example where SNMP credentials were unknown or SNMP was&nbsp;not running, resulting in large numbers of unmonitored devices. This is only a small proportion of customers, so I don't have a statistically significant sample to comment on.

It's probably most useful in large&nbsp;environments with&nbsp;small numbers of non-responsive devices, as these are the cases where a large number of&nbsp;monitored devices in groups can appear to be "everything" - it's easy to overlook the fact that there are a few devices missing from hundreds or thousands across multiple groups. These cases tend to be where a small number of devices have non-standard SNMP configs, etc - maybe their community string differs from what should be the network standard and therefore the group-level snmp.community value doesn't permit a response.

However, it does have uses in smaller environments, and clearly also if all N00 or N,000 detections&nbsp;from a netscan arrive in Minimal Monitoring, it will quickly flag this up too.

&nbsp;

I'll take note of this.&nbsp;

lkvitek · Answer

Wondering why you use:&nbsp;
	join(system.groups,",") =~ "Minimal Monitoring"

shouldn't this work:
	contains(system.groups,"Minimal Monitoring")

I can't get "contains" to work like this though?! &nbsp;Does it not work in AppliesTo ??

Forum Discussion

Minimal Monitoring alerter

Related Content

How can we minimize licensing cost in Logic Monitor

SNMP Traps - Baseline for alerting

Linux collector, system in Minimal Monitoring

Process Monitoring

Meraki monitoring within Logic Monitor

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards