Forum Discussion

Rattana

2 years ago

can not find old Post

Several weeks ago, I was sent this link by our colleague and now I’m getting a page not found.

Is there a way I can retrieve this article again? There are some posts at the end of this article that is helpful.

https://communities.logicmonitor.com/topic/6279-example-script-for-automated-alert-actions-via-external-alerting/

Until we can locate the original article, I’ll post it’s PowerShell script here. The key instructions are in the comments at the top of the script.

# ----
# This PowerShell script can be used as a starting template for enabling
# automated remediation for alerts coming from LogicMonitor.
# In LogicMonitor, you can use the External Alerting feature to pass all alerts
# (or for a specific group of resources) to this script.
# ----
# To use this script:
#    1. Drop this script onto your Collector server under the Collector's agent/lib directory.
#    2. In your LogicMonitor portal go to Settings, then click External Alerting.
#    3. Click the Add button.
#    4. Set the 'Groups' field as needed to limit the actions to a specific group of resources.
#    5. Choose the appropriate Collector in the 'Collector' field.
#    6. Set 'Delivery Mechanism' to "Script"
#    7. Enter "alert_central.ps1" in the 'Script' field.
#    8. Paste the following into the 'Script Command Line' field:
#       "##ALERTID##" "##ALERTSTATUS##" "##LEVEL##" "##HOSTNAME##" "##DSNAME##" "##INSTANCE##" "##DATAPOINT##" "##VALUE##" "##ALERTDETAILURL##" "##DPDESCRIPTION##"
#    9. Click Save.

Param ($alertID = "", $alertStatus = "", $severity = "", $hostName = "", $dsName = "", $instance = "", $datapoint = "", $metricValue = "", $alertURL = "", $dpDescription = "")

###--- SET THE FOLLOWING VARIABLES AS APPROPRIATE ---###
# LogicMonitor API account information - the API user will need "Acknowledge" permissions...
$accessId = ''
$accessKey = ''
$company = ''
# OPTIONAL: Set a filename in the following variable if you want specific alerts logged. (example: "C:\lm_alert_central.log")...
$logFile = ""
########################################################


# Function for logging the alert to a local text file if one was specified in the $logFile variable above...
Function LogWrite ($logstring = "")
{
	if ($logFile -ne "") {
		Add-content $logFile -value $logstring
	}
}

# Function for attaching a note to the alert...
function AddNoteToAlert ($alertID = "", $note = "")
{
	# Encode the note...
	$encodedNote = $note | ConvertTo-Json

	<# API and URL request details #>
	$httpVerb = 'POST'
	$resourcePath = '/alert/alerts/' + $alertID + '/note'
	$url = 'https://' + $company + '.logicmonitor.com/santaba/rest' + $resourcePath
	$data = '{"ackComment":' + $encodedNote + '}'

	<# Get current time in milliseconds #>
	$epoch = [Math]::Round((New-TimeSpan -start (Get-Date -Date "1/1/1970") -end (Get-Date).ToUniversalTime()).TotalMilliseconds)

	<# Concatenate General Request Details #>
	$requestVars_00 = $httpVerb + $epoch + $data + $resourcePath

	<# Construct Signature #>
	$hmac = New-Object System.Security.Cryptography.HMACSHA256
	$hmac.Key = [Text.Encoding]::UTF8.GetBytes($accessKey)
	$signatureBytes = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($requestVars_00))
	$signatureHex = [System.BitConverter]::ToString($signatureBytes) -replace '-'
	$signature = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($signatureHex.ToLower()))

	<# Construct Headers #>
	$auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization",$auth)
	$headers.Add("Content-Type",'application/json')

	<# Make Request to add collector#>
	$response = Invoke-RestMethod -Uri $url -Method $httpVerb -Body $data -Header $headers
	# Write-Host "API call response: $response"
}



# Placeholder variable for capturing any note we want to attach back to the alert...
$alertNote = ""


# --------------------
### CUSTOMIZE THE FOLLOWING AS NEEDED TO HANDLE SPECIFIC ALERTS FROM LOGICMONITOR...

# Actions to take if the alert is new or re-opened (note: status will be "active" or "clear")...
if ($alertStatus -eq 'active') {

	# Perform actions based on the type of alert...
	if ($dsName -eq 'HTTPS-' -and $datapoint -eq 'CantConnect') {
		# Insert action here to take if there's a website error.

		# Attach a note to the LogicMonitor alert...
		$alertNote = "Action X performed on this alert"

	} elseif ($dsName -eq 'Ping' -and $datapoint -eq 'PingLossPercent') {
		# Insert action to take if a device becomes unpingable.
		$job = ping -c 4 $hostName

		# Restore line feeds to the output...
		$job = [string]::join("`n", $job)

		# Add ping results as a note on the alert...
		$alertNote = "Ping results: $job"
	}

}


# --------------------
# Update the LogicMonitor alert if 'alertNote' is true...
if ($alertNote -ne "") {
	AddNoteToAlert $alertID $alertNote
	# Optionally log the alert (if a filename is given in the $logFile variable)...
	LogWrite "$alertID, $alertStatus, $severity, $hostName, $dsName, $instance, $datapoint, $metricValue, $alertURL, $dpDescription"
}

A11ey
Former Employee
2 years ago
Thank you @Kevin Ford
Kevin_Ford
Employee
2 years ago
I’ve just re-posted the article here:
https://community.logicmonitor.com/product-discussions-22/example-script-for-automated-alert-actions-via-external-alerting-3444
A11ey
Former Employee
2 years ago
This one has me stumped. I have logged a ticket to see if engineering can locate it.
Anonymous
2 years ago
That’s on the old community, which is not accessible. But with this info, maybe @A11ey can find it and unarchive it.
Rattana
2 years ago
one of your support persons to whom we submitted a different issue has found it. David Torres case number(#418762

Kevin_Ford

Employee

2 years ago

Until we can locate the original article, I’ll post it’s PowerShell script here. The key instructions are in the comments at the top of the script.

# ----
# This PowerShell script can be used as a starting template for enabling
# automated remediation for alerts coming from LogicMonitor.
# In LogicMonitor, you can use the External Alerting feature to pass all alerts
# (or for a specific group of resources) to this script.
# ----
# To use this script:
#    1. Drop this script onto your Collector server under the Collector's agent/lib directory.
#    2. In your LogicMonitor portal go to Settings, then click External Alerting.
#    3. Click the Add button.
#    4. Set the 'Groups' field as needed to limit the actions to a specific group of resources.
#    5. Choose the appropriate Collector in the 'Collector' field.
#    6. Set 'Delivery Mechanism' to "Script"
#    7. Enter "alert_central.ps1" in the 'Script' field.
#    8. Paste the following into the 'Script Command Line' field:
#       "##ALERTID##" "##ALERTSTATUS##" "##LEVEL##" "##HOSTNAME##" "##DSNAME##" "##INSTANCE##" "##DATAPOINT##" "##VALUE##" "##ALERTDETAILURL##" "##DPDESCRIPTION##"
#    9. Click Save.

Param ($alertID = "", $alertStatus = "", $severity = "", $hostName = "", $dsName = "", $instance = "", $datapoint = "", $metricValue = "", $alertURL = "", $dpDescription = "")

###--- SET THE FOLLOWING VARIABLES AS APPROPRIATE ---###
# LogicMonitor API account information - the API user will need "Acknowledge" permissions...
$accessId = ''
$accessKey = ''
$company = ''
# OPTIONAL: Set a filename in the following variable if you want specific alerts logged. (example: "C:\lm_alert_central.log")...
$logFile = ""
########################################################


# Function for logging the alert to a local text file if one was specified in the $logFile variable above...
Function LogWrite ($logstring = "")
{
	if ($logFile -ne "") {
		Add-content $logFile -value $logstring
	}
}

# Function for attaching a note to the alert...
function AddNoteToAlert ($alertID = "", $note = "")
{
	# Encode the note...
	$encodedNote = $note | ConvertTo-Json

	<# API and URL request details #>
	$httpVerb = 'POST'
	$resourcePath = '/alert/alerts/' + $alertID + '/note'
	$url = 'https://' + $company + '.logicmonitor.com/santaba/rest' + $resourcePath
	$data = '{"ackComment":' + $encodedNote + '}'

	<# Get current time in milliseconds #>
	$epoch = [Math]::Round((New-TimeSpan -start (Get-Date -Date "1/1/1970") -end (Get-Date).ToUniversalTime()).TotalMilliseconds)

	<# Concatenate General Request Details #>
	$requestVars_00 = $httpVerb + $epoch + $data + $resourcePath

	<# Construct Signature #>
	$hmac = New-Object System.Security.Cryptography.HMACSHA256
	$hmac.Key = [Text.Encoding]::UTF8.GetBytes($accessKey)
	$signatureBytes = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($requestVars_00))
	$signatureHex = [System.BitConverter]::ToString($signatureBytes) -replace '-'
	$signature = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($signatureHex.ToLower()))

	<# Construct Headers #>
	$auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization",$auth)
	$headers.Add("Content-Type",'application/json')

	<# Make Request to add collector#>
	$response = Invoke-RestMethod -Uri $url -Method $httpVerb -Body $data -Header $headers
	# Write-Host "API call response: $response"
}



# Placeholder variable for capturing any note we want to attach back to the alert...
$alertNote = ""


# --------------------
### CUSTOMIZE THE FOLLOWING AS NEEDED TO HANDLE SPECIFIC ALERTS FROM LOGICMONITOR...

# Actions to take if the alert is new or re-opened (note: status will be "active" or "clear")...
if ($alertStatus -eq 'active') {

	# Perform actions based on the type of alert...
	if ($dsName -eq 'HTTPS-' -and $datapoint -eq 'CantConnect') {
		# Insert action here to take if there's a website error.

		# Attach a note to the LogicMonitor alert...
		$alertNote = "Action X performed on this alert"

	} elseif ($dsName -eq 'Ping' -and $datapoint -eq 'PingLossPercent') {
		# Insert action to take if a device becomes unpingable.
		$job = ping -c 4 $hostName

		# Restore line feeds to the output...
		$job = [string]::join("`n", $job)

		# Add ping results as a note on the alert...
		$alertNote = "Ping results: $job"
	}

}


# --------------------
# Update the LogicMonitor alert if 'alertNote' is true...
if ($alertNote -ne "") {
	AddNoteToAlert $alertID $alertNote
	# Optionally log the alert (if a filename is given in the $logFile variable)...
	LogWrite "$alertID, $alertStatus, $severity, $hostName, $dsName, $instance, $datapoint, $metricValue, $alertURL, $dpDescription"
}

Kevin_Ford
Employee
2 years ago
I was the author of the original post & can’t find it either. 😩
Rattana
2 years ago
No that is not the article. Thank you for following up with support on this, I’ll wait for your reply.
A11ey
Former Employee
2 years ago
@Rattana Is this it by chance? If not I will log a ticket with support to see if we can locate it. All content was migrated.
https://community.logicmonitor.com/archive-13/external-alerting-script-medium-for-self-heal-actions-2008
Rattana
2 years ago
@A11ey the correct article is https://communities.logicmonitor.com/topic/6279-example-script-for-automated-alert-actions-via-external-alerting/
Please let me know where I can find it.

Forum Discussion

can not find old Post

Related Content

Find the Technology

Post moderation

Unable to add attachment when replying to a post

How to creat a custom report to find out what devices are currently in SDT

Find disk shelf serial number?

Recent Discussions

Minor community feedback

Anyone else have issues logging into these new forums with Firefox?

Assistance Request to Resolve "No Data" Error on Devices Monitored via Batchscript in Collectors

Did the job board go away?

Issue Adding Tags?