Forum Discussion

Rattana's avatar
Rattana
2 years ago

can not find old Post

Several weeks ago, I was sent this link by our colleague and now I’m getting a page not found. Is there a way I can retrieve this article again?   There are some posts at the end of this article tha...
alerts
powershell
  • Kevin_Ford's avatar
    Kevin_Ford
    2 years ago

    Until we can locate the original article, I’ll post it’s PowerShell script here. The key instructions are in the comments at the top of the script.

    # ----
    # This PowerShell script can be used as a starting template for enabling
    # automated remediation for alerts coming from LogicMonitor.
    # In LogicMonitor, you can use the External Alerting feature to pass all alerts
    # (or for a specific group of resources) to this script.
    # ----
    # To use this script:
    #    1. Drop this script onto your Collector server under the Collector's agent/lib directory.
    #    2. In your LogicMonitor portal go to Settings, then click External Alerting.
    #    3. Click the Add button.
    #    4. Set the 'Groups' field as needed to limit the actions to a specific group of resources.
    #    5. Choose the appropriate Collector in the 'Collector' field.
    #    6. Set 'Delivery Mechanism' to "Script"
    #    7. Enter "alert_central.ps1" in the 'Script' field.
    #    8. Paste the following into the 'Script Command Line' field:
    #       "##ALERTID##" "##ALERTSTATUS##" "##LEVEL##" "##HOSTNAME##" "##DSNAME##" "##INSTANCE##" "##DATAPOINT##" "##VALUE##" "##ALERTDETAILURL##" "##DPDESCRIPTION##"
    #    9. Click Save.

    Param ($alertID = "", $alertStatus = "", $severity = "", $hostName = "", $dsName = "", $instance = "", $datapoint = "", $metricValue = "", $alertURL = "", $dpDescription = "")

    ###--- SET THE FOLLOWING VARIABLES AS APPROPRIATE ---###
    # LogicMonitor API account information - the API user will need "Acknowledge" permissions...
    $accessId = ''
    $accessKey = ''
    $company = ''
    # OPTIONAL: Set a filename in the following variable if you want specific alerts logged. (example: "C:\lm_alert_central.log")...
    $logFile = ""
    ########################################################


    # Function for logging the alert to a local text file if one was specified in the $logFile variable above...
    Function LogWrite ($logstring = "")
    {
    	if ($logFile -ne "") {
    		Add-content $logFile -value $logstring
    	}
    }

    # Function for attaching a note to the alert...
    function AddNoteToAlert ($alertID = "", $note = "")
    {
    	# Encode the note...
    	$encodedNote = $note | ConvertTo-Json

    	<# API and URL request details #>
    	$httpVerb = 'POST'
    	$resourcePath = '/alert/alerts/' + $alertID + '/note'
    	$url = 'https://' + $company + '.logicmonitor.com/santaba/rest' + $resourcePath
    	$data = '{"ackComment":' + $encodedNote + '}'

    	<# Get current time in milliseconds #>
    	$epoch = [Math]::Round((New-TimeSpan -start (Get-Date -Date "1/1/1970") -end (Get-Date).ToUniversalTime()).TotalMilliseconds)

    	<# Concatenate General Request Details #>
    	$requestVars_00 = $httpVerb + $epoch + $data + $resourcePath

    	<# Construct Signature #>
    	$hmac = New-Object System.Security.Cryptography.HMACSHA256
    	$hmac.Key = [Text.Encoding]::UTF8.GetBytes($accessKey)
    	$signatureBytes = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($requestVars_00))
    	$signatureHex = [System.BitConverter]::ToString($signatureBytes) -replace '-'
    	$signature = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($signatureHex.ToLower()))

    	<# Construct Headers #>
    	$auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch
    	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    	$headers.Add("Authorization",$auth)
    	$headers.Add("Content-Type",'application/json')

    	<# Make Request to add collector#>
    	$response = Invoke-RestMethod -Uri $url -Method $httpVerb -Body $data -Header $headers
    	# Write-Host "API call response: $response"
    }



    # Placeholder variable for capturing any note we want to attach back to the alert...
    $alertNote = ""


    # --------------------
    ### CUSTOMIZE THE FOLLOWING AS NEEDED TO HANDLE SPECIFIC ALERTS FROM LOGICMONITOR...

    # Actions to take if the alert is new or re-opened (note: status will be "active" or "clear")...
    if ($alertStatus -eq 'active') {

    	# Perform actions based on the type of alert...
    	if ($dsName -eq 'HTTPS-' -and $datapoint -eq 'CantConnect') {
    		# Insert action here to take if there's a website error.

    		# Attach a note to the LogicMonitor alert...
    		$alertNote = "Action X performed on this alert"

    	} elseif ($dsName -eq 'Ping' -and $datapoint -eq 'PingLossPercent') {
    		# Insert action to take if a device becomes unpingable.
    		$job = ping -c 4 $hostName

    		# Restore line feeds to the output...
    		$job = [string]::join("`n", $job)

    		# Add ping results as a note on the alert...
    		$alertNote = "Ping results: $job"
    	}

    }


    # --------------------
    # Update the LogicMonitor alert if 'alertNote' is true...
    if ($alertNote -ne "") {
    	AddNoteToAlert $alertID $alertNote
    	# Optionally log the alert (if a filename is given in the $logFile variable)...
    	LogWrite "$alertID, $alertStatus, $severity, $hostName, $dsName, $instance, $datapoint, $metricValue, $alertURL, $dpDescription"
    }