David_Lee
Former Employee
Joined 9 years ago
User Profile
User Widgets
Contributions
Re: Negative GLOB expressions broken in 136
Hi Mosh, Been a while hope you are okay, and yes thanks for pointing this out, we have already seen this and raised an urgent ticket for resolution, please feel free to hop onto chat for more information if you need it, David Lee UK Team Lead, Technical support2Views0likes0CommentsRe: Alert Count in Big Number widget
Although this is custom work and normally Support wont be able to assist we have implemented this for other customers and can happily assist you with this request, please open a support ticket when doing so it might help to pass the TSE that answers you my name or a link to thispage.33Views0likes0CommentsConditional alerting
We recently had this question asked to support "Is it possible to set conditional alert thresholds for a certain datapoints? For example for all servers, the "AvailableGB" under Disks > Volume Usage > Alert Tuning. If we wanted volumes that are... - Up to 100GB total in size, the alert threshold is 10GB - 101GB - 500GB total in size, the alert threshold is 40GB - 501GB - 3TB total in size, the alert threshold is 200GB - 3TB - 10TB total in size, the alert threshold is 400GB" Out of the box , then no we dont support this. Our standard thresholds would alert you on 90% used space, but imagine being woken up at 3 in the morning by a phone call from Logicmonitor telling you that you need to get up and sort out some storage as your 35 TB only has 3500 GB free. Nearlytime to wake up!! But what you can do is use our Instance Level Properties in conjunction with our groovy scripted datapoints to set your lower limits exactly like this. First lets look at the ILP. You can quickly add them into any wmi datasource here. This creates an automatic property in the info tab of each volume listing the capacity. Here you can see this volume capacity of 35184235765760 bytes or just over 35 terabytes. Now we can add a complex datapoint that references this capacity Basically it applies a lower limit of 400 GB on all drives, then reduces it if the capacity in bbytes is below certain amount A 35TB drive would return 400, a 100GB drive would return 10. So now you have a threshold for lower limits based on the size of the volume. Now you can use a second complex datapoint. If(lt(AvailableGB,FreeSpaceLowerLimitGigabyte),1,0) means if theAvailableGB is less than the FreeSpaceLowerLimitGigabyte return 1 otherwise return 0. Suppose your C drive is 80 GB and you F drive was 35TB. Set a threshold of = 1 1 1 and you will get a critical alert if your C drive is less than 10GB, or if your Fdrive is less than 400GB. All automatically applied and alerted on14Views0likes2CommentsRe: Fortigate missing interfaces
Dan, Thanks for the extra information, another quicker fix would be to clone the snmp64_if and change the discovery type from value to wildcard. This will then work where the normal one fails, but instead of a name interfaces will show the oid value. I.E. instead of FastEthernet 0/4 it might show 17. so not as intuitive to undertstand which interface is which1View0likes0CommentsFortigate missing interfaces
Recently we have seen a number of issues whith Fortigate not showing interface datasources. With the release of FortiOS 5.4.1 Fortigate changed the behaviour of the description oid. This results in Logicmonitor being unable to discover the interfaces. TheSNMP get value for the interface description now returnsthe value from "set description " instead of the interface name. You must adddescriptions to each interface using these CLI commands: config system interface edit set description “<int>” end Once completed, forcing Active Discovery will resolve the issue.4Views0likes4CommentsConfigsources ignore all but one line check
Configuration backups in LogicMonitor is a great feature to help you be aware of changes being made ,storeversion history and restore your device configurations. Newerdevices are canhave subscriptions that pull the latest datafrom the manufacturer, such as malicious IP address lists.Encrypted information may be re-hashed for added security and these are expected behaviours - NOT a config change. So you need to ignore these changes, as they are not operational changes and you do not need to be woken at 3 in the morning to see that there are some newly added malicious Ip addresses. Is there a way to ignore these updates (often multiple in a day) and simply key on the first few lines where the config version is referenced ? #config-version=whateverversioninfo #conf_file_ver=177424565748364543 #buildno=somebuildno We need to alert on line 2 and ignore every other change. As you are no doubt aware you can edit your configsource to ignore certain lines with regex.So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. Make an ignore check, select ignore lines with this regular expression and use the expression!("#conf_file_ver=").Basically this means ignore every line that does not contain#conf_file_ver= You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored. David4Views0likes0CommentsRe: Improved configuration change detection
Quote That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect. Hi Ray, As you are no doubt aware you can edit your configsource to ignore certain lines with regex. So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. Make an ignore check, select ignore lines with this regular expression and use the expression!("#conf_file_ver=") Basically this means ignore every line that does not contain#conf_file_ver= You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored. David0Views0likes0Comments