aarkkelin
NeophyteJoined 3 years ago
User Profile
Neophyte
User Widgets
Contributions
Re: What is up with Meraki API Modules?
Honored to have the legendary Patrick_Rouse comment on this post. :) And of course, I have tried multiple support tickets on these issues. More issues just keep popping up the more I work with the API integration. I don't believe I've made any modifications to the LM Meraki API modules in our portal, so that shouldn't be causing issues. Interesting you mention meraki.snmp or SNMP at all, for that matter, as I thought the API calls were supposed to essentially replace the need for SNMP. Still, we have SNMP properties on our devices as well so I don't think this is causing any issues. Patrick_Rouse wrote: For the modules to work, you "need" the following properties on each device (set directly or inherited) To this, I would say this is by far the most tedious thing as the Netscan almost never pulls in all the right properties by default. Furthermore, I believe my individual issue of thousands of Warning Alerts (it jumped up to 4500+ overnight) was also due to the inheritance you mention and it not working as expected. I'm still working with support on these issues as I have no idea why inheritance doesn't seem to be translating down to the devices in this regard. Also weird that only some devices were alerting, and not all. If it were truly an issue with one of those properties you mentioned above, I would expect all devices in that Org or Network would be alerting--especially because I set the meraki.api.key at the parent level and meraki.api.network at each site folder underneath that. But I'm working on that with support right now. Just mostly meant to say that this stuff is so tedious and almost feels like more work than it's worth sometimes. But I'm not giving up on it yet. I agree with Allister that a Wizard of sorts would be nice. I mentioned in one of my support tickets for Netscan that it would be nice to see what kind of changes to expect before "approving" them as I've had the Netscan remove devices in my portal with no warning whatsoever. That Wizard or confirmation screen would be nice.32Views0likes0CommentsWhat is up with Meraki API Modules?
I know the LM Meraki API Modules have been around for a minute now. But I'm just getting around to testing it out on some of our Meraki-heavy customers and man, does anyone else find it incredibly tedious to try to get to work? I have been having so many issues with it. Netscan is one problem, but that's for another discussion. But then once the devices are added, we get No Data alerts ALL THE TIME. Right now, for example, I have 1644 Warning alerts (No Data) for ONE customer. It's insane how many alerts there are. And it's even scarier that when I look at the Raw Data on others that aren't alerting, they are also showing No Data but just don't have an alert threshold. I don't know if I should be pointing the finger at Meraki or LM here, honestly. But the API modules are so inconsistent, at best. I know the API key, OrgID and NetworkIDs are right because I can use them for API pulls in Python. It just seems to be LM not able to figure it out. And what's worse is how inconsistent it is. Some devices work for some organizations. Others don't. I can't be the only having this issue. And I can hear the critics chiming in now saying, "well then don't use the Meraki API modules." Problem is if we don't, we only get SNMP stats and those are nowhere near as helpful as the API modules, plus the potential to be less secure. Just wondering if there are some fellow LM community friends out there struggling to make the API stuff work for Meraki and LM. Thanks for listening to my rant.173Views0likes5CommentsRe: Migration to New Support Platform
Adding to others here with only further verification that this is a huge step backwards for LM Support. I understand the chat requests were probably getting overwhelming at times, but it's also what set you guys apart. This new setup is so bad. Even if you do get a ticket open, its title is "A conversation with ...." No reference to the actual issue in the subject. No ability to add anyone to a watchlist. The email updates are atrocious, at best. All you get is a two-liner that says there was an update on the case. No way to respond to the email itself. You still have to then login to the portal, which is so scaled back in features, it hurts to use.26Views1like1CommentCylance Offline Mode
We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM. Would appreciate any help you guys can offer here!241Views9likes2CommentsCylance Offline Mode Monitoring
We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM. Would appreciate any help you guys can offer here.Re: Checkpoint IPsec Tunnel Monitoring.
Just wanted to toss a note in here saying I stumbled upon this by accident but was actually something we were actively looking into how to monitor this on CheckPoints. So, thanks for opening the original thread, @Nishil Vachhani . Secondly, I was able to build a datasource to monitor a specific tunnel. It’s a bit tedious if you have to repeat that for multiple tunnels at a site. But for anyone looking to just monitor a few, it’s definitely doable using the OID info in the CheckPoint article linked in the comments above. It’s not the cleanest thing ever and it’s definitely something I hope LM builds into their standard CheckPoint datasources and tidies up a bit. But for now, this seems to get the job done.77Views0likes2CommentsRe: Monitor version of Java
I tried posting yesterday and it’s apparently still being reviewed by the moderators or something. I think the issue was I tried to post the PS script I was using. But long story short, I still can’t get it to output any data of use. It’s not giving me an error anymore so I THINK it’s running on the remote host now instead of the local but I also don’t know how to know that for sure. Without posting the script, do you know what command I should be using to essentially output the data and then have it add it to the property source? PS I should have mentioned I’m not a PS guru by any means so I really appreciate any and all help here!9Views0likes0CommentsRe: Monitor version of Java
So, spent most of the day on this and am admittedly not a Powershell guru by any means. Unfortunately, I just cannot figure out how to get it to translate the output into anything meaningful. I don’t get the failure notices that I was getting before which makes me think it’s actually using remote PS but I also don’t know how to actually check that. I just want some verification that it’s actually seeing the response to (Get-Command java | Select-Object -ExpandProperty Version).toString() . Because the servers that I have Java installed on, I can run that command and get a response of what version number it is. But I can’t get LM to interpret that data. I’m guessing I’m missing sometime of “write/output” command but I find a lot of documentation about that online and am not sure how to use that again, in a way that LM knows how to use it. Script “borrowed” and modified from @Stuart Weenig : # Clears the CLI of any text Clear-Host # Clears memory of all previous variables Remove-Variable * -ErrorAction SilentlyContinue #------------------------------------------------------------------------------------------------------------ # Initialize Variables $wmi_pass = '##WMI.PASS##' $wmi_user = '##WMI.USER##' $hostname = '##SYSTEM.SYSNAME##' $collectorName = hostname # Insert additional variables here # If the hostname is an IP address query DNS for the FQDN if ($hostname -match "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b") { $hostname = [System.Net.Dns]::GetHostbyAddress($hostname).HostName } ## This script block should contain all code that you want to execute remotely on the target host. $scriptBlock = { (Get-Command java | Select-Object -ExpandProperty Version).toString() } #------------------------------------------------------------------------------------------------------------ try { #-----Determin the type of query to make----- # check to see if this is monitoring the localhost collector, as we will not need to authenticate. if ($hostname -like $collectorName) { $response = Invoke-Command -ScriptBlock $scriptBlock } # are wmi user/pass set -- e.g. are these device props either not substiuted or blank elseif (([string]::IsNullOrWhiteSpace($wmi_user) -and [string]::IsNullOrWhiteSpace($wmi_pass)) -or (($wmi_user -like '*WMI.USER*') -and ($wmi_pass -like '*WMI.PASS*'))) { # no $response = Invoke-Command -ComputerName $hostname -ScriptBlock $scriptBlock } else { # yes. convert user/password into a credential string $remote_pass = ConvertTo-SecureString -String $wmi_pass -AsPlainText -Force; $remote_credential = New-Object -typename System.Management.Automation.PSCredential -argumentlist $wmi_user, $remote_pass; $response = Invoke-Command -ComputerName $hostname -Credential $remote_credential -ScriptBlock $scriptBlock } exit 0 } catch { # exit code of non 0 will mean the script failed and not overwrite the instances that have already been found throw $Error[0].Exception exit 1 }1View0likes0CommentsRe: Monitor version of Java
Thanks for the replies, @mnagel and @Michael Raymond . Fwiw, the support tech did spend awhile with me on this despite me essentially trying to spin up a new property/data source, which I know they like to remind us is always best help and out of scope. But by the end of it, the suggestion was to come back to this post and the community to try to troubleshoot more. That being said, I will have to try some of your guys’ suggestions today and see if I can tweak this. Hoping it ends up working and will helpful for others so I can post it to the community exchange. Again, thanks for your help and I’ll probably be back with more questions later. :)41Views5likes0Comments