Forum Discussion

3 years ago

Solved

can not find old Post

Several weeks ago, I was sent this link by our colleague and now I’m getting a page not found. Is there a way I can retrieve this article again? There are some posts at the end of this article tha...

alerts

powershell

Kevin_Ford

3 years ago

Until we can locate the original article, I’ll post it’s PowerShell script here. The key instructions are in the comments at the top of the script.

# ----
# This PowerShell script can be used as a starting template for enabling
# automated remediation for alerts coming from LogicMonitor.
# In LogicMonitor, you can use the External Alerting feature to pass all alerts
# (or for a specific group of resources) to this script.
# ----
# To use this script:
#    1. Drop this script onto your Collector server under the Collector's agent/lib directory.
#    2. In your LogicMonitor portal go to Settings, then click External Alerting.
#    3. Click the Add button.
#    4. Set the 'Groups' field as needed to limit the actions to a specific group of resources.
#    5. Choose the appropriate Collector in the 'Collector' field.
#    6. Set 'Delivery Mechanism' to "Script"
#    7. Enter "alert_central.ps1" in the 'Script' field.
#    8. Paste the following into the 'Script Command Line' field:
#       "##ALERTID##" "##ALERTSTATUS##" "##LEVEL##" "##HOSTNAME##" "##DSNAME##" "##INSTANCE##" "##DATAPOINT##" "##VALUE##" "##ALERTDETAILURL##" "##DPDESCRIPTION##"
#    9. Click Save.

Param ($alertID = "", $alertStatus = "", $severity = "", $hostName = "", $dsName = "", $instance = "", $datapoint = "", $metricValue = "", $alertURL = "", $dpDescription = "")

###--- SET THE FOLLOWING VARIABLES AS APPROPRIATE ---###
# LogicMonitor API account information - the API user will need "Acknowledge" permissions...
$accessId = ''
$accessKey = ''
$company = ''
# OPTIONAL: Set a filename in the following variable if you want specific alerts logged. (example: "C:\lm_alert_central.log")...
$logFile = ""
########################################################


# Function for logging the alert to a local text file if one was specified in the $logFile variable above...
Function LogWrite ($logstring = "")
{
	if ($logFile -ne "") {
		Add-content $logFile -value $logstring
	}
}

# Function for attaching a note to the alert...
function AddNoteToAlert ($alertID = "", $note = "")
{
	# Encode the note...
	$encodedNote = $note | ConvertTo-Json

	<# API and URL request details #>
	$httpVerb = 'POST'
	$resourcePath = '/alert/alerts/' + $alertID + '/note'
	$url = 'https://' + $company + '.logicmonitor.com/santaba/rest' + $resourcePath
	$data = '{"ackComment":' + $encodedNote + '}'

	<# Get current time in milliseconds #>
	$epoch = [Math]::Round((New-TimeSpan -start (Get-Date -Date "1/1/1970") -end (Get-Date).ToUniversalTime()).TotalMilliseconds)

	<# Concatenate General Request Details #>
	$requestVars_00 = $httpVerb + $epoch + $data + $resourcePath

	<# Construct Signature #>
	$hmac = New-Object System.Security.Cryptography.HMACSHA256
	$hmac.Key = [Text.Encoding]::UTF8.GetBytes($accessKey)
	$signatureBytes = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($requestVars_00))
	$signatureHex = [System.BitConverter]::ToString($signatureBytes) -replace '-'
	$signature = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($signatureHex.ToLower()))

	<# Construct Headers #>
	$auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization",$auth)
	$headers.Add("Content-Type",'application/json')

	<# Make Request to add collector#>
	$response = Invoke-RestMethod -Uri $url -Method $httpVerb -Body $data -Header $headers
	# Write-Host "API call response: $response"
}



# Placeholder variable for capturing any note we want to attach back to the alert...
$alertNote = ""


# --------------------
### CUSTOMIZE THE FOLLOWING AS NEEDED TO HANDLE SPECIFIC ALERTS FROM LOGICMONITOR...

# Actions to take if the alert is new or re-opened (note: status will be "active" or "clear")...
if ($alertStatus -eq 'active') {

	# Perform actions based on the type of alert...
	if ($dsName -eq 'HTTPS-' -and $datapoint -eq 'CantConnect') {
		# Insert action here to take if there's a website error.

		# Attach a note to the LogicMonitor alert...
		$alertNote = "Action X performed on this alert"

	} elseif ($dsName -eq 'Ping' -and $datapoint -eq 'PingLossPercent') {
		# Insert action to take if a device becomes unpingable.
		$job = ping -c 4 $hostName

		# Restore line feeds to the output...
		$job = [string]::join("`n", $job)

		# Add ping results as a note on the alert...
		$alertNote = "Ping results: $job"
	}

}


# --------------------
# Update the LogicMonitor alert if 'alertNote' is true...
if ($alertNote -ne "") {
	AddNoteToAlert $alertID $alertNote
	# Optionally log the alert (if a filename is given in the $logFile variable)...
	LogWrite "$alertID, $alertStatus, $severity, $hostName, $dsName, $instance, $datapoint, $metricValue, $alertURL, $dpDescription"
}

Kevin_Ford

Employee

3 years ago

Until we can locate the original article, I’ll post it’s PowerShell script here. The key instructions are in the comments at the top of the script.

# ----
# This PowerShell script can be used as a starting template for enabling
# automated remediation for alerts coming from LogicMonitor.
# In LogicMonitor, you can use the External Alerting feature to pass all alerts
# (or for a specific group of resources) to this script.
# ----
# To use this script:
#    1. Drop this script onto your Collector server under the Collector's agent/lib directory.
#    2. In your LogicMonitor portal go to Settings, then click External Alerting.
#    3. Click the Add button.
#    4. Set the 'Groups' field as needed to limit the actions to a specific group of resources.
#    5. Choose the appropriate Collector in the 'Collector' field.
#    6. Set 'Delivery Mechanism' to "Script"
#    7. Enter "alert_central.ps1" in the 'Script' field.
#    8. Paste the following into the 'Script Command Line' field:
#       "##ALERTID##" "##ALERTSTATUS##" "##LEVEL##" "##HOSTNAME##" "##DSNAME##" "##INSTANCE##" "##DATAPOINT##" "##VALUE##" "##ALERTDETAILURL##" "##DPDESCRIPTION##"
#    9. Click Save.

Param ($alertID = "", $alertStatus = "", $severity = "", $hostName = "", $dsName = "", $instance = "", $datapoint = "", $metricValue = "", $alertURL = "", $dpDescription = "")

###--- SET THE FOLLOWING VARIABLES AS APPROPRIATE ---###
# LogicMonitor API account information - the API user will need "Acknowledge" permissions...
$accessId = ''
$accessKey = ''
$company = ''
# OPTIONAL: Set a filename in the following variable if you want specific alerts logged. (example: "C:\lm_alert_central.log")...
$logFile = ""
########################################################


# Function for logging the alert to a local text file if one was specified in the $logFile variable above...
Function LogWrite ($logstring = "")
{
	if ($logFile -ne "") {
		Add-content $logFile -value $logstring
	}
}

# Function for attaching a note to the alert...
function AddNoteToAlert ($alertID = "", $note = "")
{
	# Encode the note...
	$encodedNote = $note | ConvertTo-Json

	<# API and URL request details #>
	$httpVerb = 'POST'
	$resourcePath = '/alert/alerts/' + $alertID + '/note'
	$url = 'https://' + $company + '.logicmonitor.com/santaba/rest' + $resourcePath
	$data = '{"ackComment":' + $encodedNote + '}'

	<# Get current time in milliseconds #>
	$epoch = [Math]::Round((New-TimeSpan -start (Get-Date -Date "1/1/1970") -end (Get-Date).ToUniversalTime()).TotalMilliseconds)

	<# Concatenate General Request Details #>
	$requestVars_00 = $httpVerb + $epoch + $data + $resourcePath

	<# Construct Signature #>
	$hmac = New-Object System.Security.Cryptography.HMACSHA256
	$hmac.Key = [Text.Encoding]::UTF8.GetBytes($accessKey)
	$signatureBytes = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($requestVars_00))
	$signatureHex = [System.BitConverter]::ToString($signatureBytes) -replace '-'
	$signature = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($signatureHex.ToLower()))

	<# Construct Headers #>
	$auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization",$auth)
	$headers.Add("Content-Type",'application/json')

	<# Make Request to add collector#>
	$response = Invoke-RestMethod -Uri $url -Method $httpVerb -Body $data -Header $headers
	# Write-Host "API call response: $response"
}



# Placeholder variable for capturing any note we want to attach back to the alert...
$alertNote = ""


# --------------------
### CUSTOMIZE THE FOLLOWING AS NEEDED TO HANDLE SPECIFIC ALERTS FROM LOGICMONITOR...

# Actions to take if the alert is new or re-opened (note: status will be "active" or "clear")...
if ($alertStatus -eq 'active') {

	# Perform actions based on the type of alert...
	if ($dsName -eq 'HTTPS-' -and $datapoint -eq 'CantConnect') {
		# Insert action here to take if there's a website error.

		# Attach a note to the LogicMonitor alert...
		$alertNote = "Action X performed on this alert"

	} elseif ($dsName -eq 'Ping' -and $datapoint -eq 'PingLossPercent') {
		# Insert action to take if a device becomes unpingable.
		$job = ping -c 4 $hostName

		# Restore line feeds to the output...
		$job = [string]::join("`n", $job)

		# Add ping results as a note on the alert...
		$alertNote = "Ping results: $job"
	}

}


# --------------------
# Update the LogicMonitor alert if 'alertNote' is true...
if ($alertNote -ne "") {
	AddNoteToAlert $alertID $alertNote
	# Optionally log the alert (if a filename is given in the $logFile variable)...
	LogWrite "$alertID, $alertStatus, $severity, $hostName, $dsName, $instance, $datapoint, $metricValue, $alertURL, $dpDescription"
}

Forum Discussion

can not find old Post

Recent Discussions

Cisco Switch Backups Missing Lines of Configuration (Common ConfigSources)

ConnectWise Config Sync - Mapping Multiple Resource Types to 1 CW Config Type

Logic Monitor collector optimization

Logic Module 'not in use'

Failed SSH/Authentication Attempts: LM Collector to Cisco Catalyst 9300 Switches