mnagel
ProfessorJoined 9 years ago
User Profile
Professor
User Widgets
Contributions
Re: Ping Failing from collector to device and back?
ICMP is a terrible way for the Collector to determine “Host Dead” status. Better would be if any DataSource is able to collect data from it. If data can be collected, the host isn’t dead. ICMP itself seems to be fine now, actually. The problem that persists is SNMP when an intermediate stateful inspection engine (firewall) invalidates sessions. UDP is stateless, but SNMP uses a session ID most modern firewalls recognize. Once the session ID is broken, LM stops working since the developers chose to blindly use the same session ID indefinitely. My guess is with the new collector code they periodically refresh the session ID so it eventually recovers rather than trigger a new session after a failed poll or two. The right way is very often not the way these developers roll, sadly,10Views0likes0CommentsRe: Ping Failing from collector to device and back?
I am pleased to announce that LM has (after nearly 5 years of back-and-forth -- my first attempt to get this addressed was in June 2018) finally has fixed both the SNMP and ping issues impacted by intermediate firewall session invalidation -- update from support last week: Our development team has acknowledged the issues you outlined with Ping. Currently the behavior is to have cached sessions for ICMP ping and then reuse them, only refreshing the cache on sbproxy restart. An alternative has been in development and will be fixed in the next EA release. Similar issues with SNMP have been addressed already in EA 34.100. Hopefully this is actually the case, but if so it will be very nice to tell our clients this longtime bug has finally been quashed. So I’ve had some time now on EA 34.300 with one of our “problem children” and I am saddened to report the SNMP issues have not been addressed, at least not sufficiently. What I have observed during a spate of recent ISP disruptions for monitoring of a remote site (via IPSec tunnel) is that LogicMonitor eventually seems to figure it out and will begin collecting data, but it takes roughly 2 hours. Having 2 hour gaps is better than indefinite gaps, but it is still unacceptable.11Views0likes0CommentsRe: Spanning tree/loop detection alerts
This is generally not something you will be able to do from LM directly, though there is the BRIDGE-MIB you could scan for unexpected BPDU reception (bear in mind the BRIDGE-MIB is not directly VLAN-aware and you must use indexes or contexts to select VLANs other than VLAN 1). The way you would normally protect the network depends on the platform, but the general solution is to set all edge ports to edge mode (sometimes manual, for example Cisco with spanning-tree portfast and similar, sometimes automatic, for example Procurve auto-edge detection). You then ensure any port receiving a BPDU that is on an edge port (how loops happen) either converts back to normal mode (for auto-edge) or shuts down (bpduguard). The trick for Cisco bpduguard is there is no MIB to tell you this happened, but you can see from ‘show interface status err-disabled’ We wrote an eventsource to detect err-disabled ports via the CLI using SSH. It works well, but because the eventsource system in LM is so horrible you get inundated with repeated alerts you cannot ACK (though the system pretends you can). As long as you know that, you can workaround it using SDT.75Views3likes0CommentsRe: Automatic removal of category
LM has no option for automatically removing category elements, only adding them. It is just one of many poorly thought out core system features we’ve run into over the years. My workaround was to add checks to our crosscheck script to detect various problems. For example, if a Windows server is no longer running DHCP, we get a warning from the script (e.g., “category is set but no DHCP service found running”). It could be more aggressive and actually change the system.categories value via the undocumented (and frightening) debugger API, but so far the warnings have been sufficient to at least stay on top of these issues.17Views1like0CommentsRe: public ip addresses used for API calls to my Meraki enviroment?
That will work for lots of folks, but there are also more complex systems out there handling Internet these days where your IP may be less predictable. For example, I have clients on Cato Networks cloud-based SD-WAN where egress can be anywhere in their POP network depending on the target. For those sorts of transport solutions, you can use rules to pin access to specific IP addresses, but by default you would have a hard time defining an allowlist on remote resources. Even for a more common setup where you have dual ISPs in active/backup mode you can be surprised during an outage event. Best to check with your IT team rather than use code like this or tools like ipchicken.com to figure it out yourself.69Views2likes0CommentsRe: Monitor version of Java
Yeah, you are right -- saw Java and “support could not help” and assumed they told them to use Groovy -- my bad. That said, spending any significant time with support on this when nearly every Powershell module example there is runs against the target server remains negligent on the support side.22Views1like0Comments