Keimond
NeophyteJoined 7 years ago
User Profile
Neophyte
User Widgets
Contributions
Re: Linux services and autodiscovery
Update: the DS filters weren't working quite as intended, I've moved them back in to the AD script. For example, I have a server with a bunch of services prefixed with proxy- My include regex is "(sshd|snmpd|proxy-.*)\.service" but then I don't want a few of the proxy names My exclude regex is "proxy-(ae|nu).*" The script written with the ==~ match works great, but if I try to add them to the DS filters, everything just gets filtered out.22Views0likes0CommentsRe: Linux services and autodiscovery
Anonymousapparently I forgot :D I pushed my files up today so you could check them out. I was including/excluding regex properties from within my AD script... although I like how you had them in the datasource filters so I moved them there. The only thing I didn't remove was the include regex. I wanted that to also be in the AD.groovy script so that I could say if the property didn't exist, only show sshd.service by default... when I add 40 random machines and give LM the SSH credentials to them, I don't want them to all just start monitoring every single systemd service.25Views0likes0CommentsLinux services and autodiscovery
Hey guys, I just wanted to let you know that I took LogicMonitor's default datasource, "Linux_SSH_ServiceStatus", and added auto discovery to it. The only thing that is needed at the resource or group level is that the following three properties are set: ssh.user ssh.pass linux.ssh.services.regex ( default: "sshd\.service" ) I published the datasource under 93Y4PC (currently under security review as of this post) The discovery script gets the output of systemctl list-units --all --type=service --plain --state=loaded | egrep service Loop through each line of the output and see if it matches the regex from the property, "linux.ssh.services.regex" A person could even set the regex to be ".*" which would grab all of the services.. then turn around and create a filter to exclude certain things. For example if I wanted everything but services with the name ssh in them, I could create a filter that says ##WILDVALUE## not contain ssh.84Views2likes4CommentsRe: Has anybody noticed the flaw in LogSource logic?
You say, “identify logs by the device itself”. Great. How? @Cameron Compton I’m alsowondering how this happens.. LM Support tells me that it’s through the resource mapping in the lmlog source . . . but again before this lmlog source is even used, LM has to know what system the log came from for the AppliesTo section to work correctly…are we using the AppliesTo wrong ? Should be applying the lmlog source to the collector in which the logs are coming in at ? I have this set up, which is identical to what’s in a working collector configuration lmlogs.syslog.property.name=system.sysname lmlogs.syslog.hostname.format=HOSTNAME …but the lmlog source will not apply to the device so I’m at a loss.21Views1like0CommentsRe: LM Logs multiple capture group parsing
At least you can get lmlogs to work lol…we (myself and now threesupport guys) have yet to get it working. I’ve taken a step back and just made on lmlog source that applies to one resource and told to map HOSTNAME to system.sysname which is identical to what’s in the collector configuration…lmlog source is supposed to take precedence over the collector configuration but so far it doesn’t look that way. #1 I don’t suppose you’d be willing to share all of the lines you have in your collector configuration with the word “lmlog” or “syslog” #2 What does your resource mapping look like in your lmlog source ? #3 I am very interested in the multiple capture group but their documentation is lacking, would you be able to post an example of that ? :) Thank you !!!33Views0likes0CommentsLinuxNewProcesses DataSource -- Auto discovery and key off of HOST-RESOURCES-MIB::hrSWRunName
Hello all! I just wanted to share my edits. I never could get LinuxNewProcesses to work for my needs.. but we really wanted it to also have auto discovery and automatically add a list of toolsets that we have deployed across the board. I did this LONG ago and my wildvalue was the PID…but that’s dangerous and I ended up creating thousands of entries in the LM database because my processes (thousands of them) were always changing. . . .this takes a different approach and keys off of the process name. #1 You just need to have a property defined with a comma separated list These names need to be from “HOST-RESOURCES-MIB::hrSWRunName” #2 My polling is every minute but don’t alert unless it’s been down for an hour…for my scenario, I do this on purpose because some of my applications run for about 5 minutes and then aren’t kicked off again for another 10…so adjust as needed :) The status is under a security review right now.. I’ll post the lmLocator if it makes it! Otherwise here’s the autodiscovery.. the collection script wont’ work and you’ll have to modify it import com.santaba.agent.groovyapi.snmp.Snmp; def OID_NAME = ".1.3.6.1.2.1.25.4.2.1.2"; def host = hostProps.get("system.hostname"); def services = hostProps.get("linux.services").split(','); Map<String, String> result = Snmp.walkAsMap(host, OID_NAME, null) result.forEach({ index,value->index = index; value = value; for (service in services) { if (value ==~ /${service}/) { def CMD_OID = ".1.3.6.1.2.1.25.4.2.1.4." + index; def service_cmd = Snmp.get(host, CMD_OID); def desc = index + " | " + service_cmd; out.println value + "##" + value + "##" + desc } } }) Script: Line 89: if ("${name}" == "${processPath}") {131Views19likes3CommentsGlobal Delay setting and maybe flapping trigger ?
Hello, We happen to run across another problem last week that might be a nice feature and the delay is probably pretty easy to implement. Sometimes a threshold might be triggered but then clear within X minutes. While these might be useful to know... I don't want my ticket system to get an email for these... so we tried to set an escalation delay of one hour (using a null escalation path for the 1st step as suggest in documentation)... but the problem is unless someone goes in and ack's the alert within the our of course the system is going to email again. Unless we write a custom API, we have no way to gracefully get these tickets to the ticket system without duplicates being created. So it would be SUPER nice to have a delay per priority so that we could say do not sent send any alerts unless the alert has lasted for longer than X minutes. I know I can do that in the datasource per datapoint but that's a lot of changes to go through.. which is why I would love a "global" setting :)/emoticons/smile@2x.png 2x" title=":)" width="20" /> Also noting for anyone using OpsGenie (us) or PagerDuty.. I'm pretty sure the delay could be set there... so really the global delay is just needed if you are using email/SMS. After writing this I realized wait a minute that brings up the idea of a flapping alert... for example if I were to set my GLOBAL delay for 2 hours on errors... ok cool I now am only going to get alerted if the error lasts that long... but maybe I still want to be alerted if it has been bouncing for X number of times per X minutes... that way my global delay isn't going to ignore "flapping" that we probably should know about :)/emoticons/smile@2x.png 2x" title=":)" width="20" />7Views1like0Comments