Forum Discussion

Phyllip's avatar
3 years ago

LogicMonitor Cisco UC Certificate Monitoring

Note: The datasource we are using is LogicMonitor Cisco_UC_CertificateManagement


We are currently using an expect script to check for certificate expiration date for our Cisco UC clients. We do this by discovering all certificates as wildcards and then running the appropriate follow up scripts on each certificate to check for validity duration. What we have begun to encounter with some clients is CPU spikes when these expiration dates are queried through CLI. Digging into this we are able to replicate the CPU spikes manually by simply running the command on the CLI a few times sequentially. On some of our larger clusters there are 50 wildcards which generate follow up CLI sessions and commands. This is causing a variety of issues from the CPU spikes to incorrect data being delivered to the SSH sessions.


What I've decided to try to accomplish is spreading the certificate expiration date checks over the course of the entire week. I figured something along the lines of numOfCerts / 7 = numOfCerts/day to check. My stumbling point appears here. How should I determine if a wildcard gathered in the discovery script of a datasource is allowed to run for a specific wildcard? For example, take certList = ['certA','certB','certC',certD','certE','certF','certG','certH']. Each of these list entries will have the script ran to discover their specific certificate details. I'm attempting to interrupt the script before the actual CLI commands can be executed in the "expect" portion of the script. I would like to interrupt them based on day of the week.  Perhaps iterating through the list to create a dictionary with the day of week as an entry to decide which days to run?

I've gone through a couple methods to accomplish and have hit a couple roadblocks so looking for input before I continue digging. TIA!

3 Replies

  • Anonymous's avatar

    Is it possible to get all the cert expiration dates with one command, instead of grabbing them individually? If that's possible, you can convert your DS to batchscript and reduce your calls to one for discovery and one for collection.

  • Unfortunately it isn't! CM v14 offers these metrics via API but with v12 and before you have one command to display the certs then another command to display the details of each cert which include the expiration date.

  • Anonymous's avatar

    And getting the details (expiration date) is one at a time.

    Upgrade to v14 on the roadmap then huh?