The_Other_Josh
Joined 5 years ago
User Profile
User Widgets
Contributions
Use of CredentialGuard
Is anyone using or planning on using CredentialGuard? We enabled it in the spring and ran into problems if the WMI user (via properties) wasn't the same as the service account. After a lot of work with support to identify the source of the problem, the final response was that it's an unsupported configuration. "This doesn't mean you cannot use Credential Guard, simply that it hasn't been officially tested and verified and any performance related issues cannot be remedied via support -- per the support team" The specific use of different accounts wasn't an issue for us; it was a legacy of the early installation. However, I am concerned that there are no plans to include a credential guard configuration in their release testing. I expect in MOST cases it works seamlessly and that's why they haven't heard from customers. Thanks. Background on the issue: The underlying issue appeared to be in sbproxy; powershell scripts would work fine but 'native' WMI not. It appeared to be something related to queueing; slowly enabling instances wouldn't trigger the problem, but if you enabled many instances at once it would permanently get backed up. It's been a few months so the details might not be completely accurate.12Views0likes0CommentsRe: Add ability to alert on No-Data for a specific data source at the host level.
We also implemented the alarm for the SNMP uptime datasources, which covers situations where SNMP is misconfigured on not working. It will miss batchscript, script, WMI, etc so it's definitely not comprehensive. The problem with "No Data", and I've had some back-and-forth with the CSM, is that there is currently no way to tell if the "No Data" is intentional (if the datapoint is not relevant given the current status) or cause for a problem (data should be returned or is not). This shows up in scripts where they will set a datapoint in some paths but not others. The new SNMP interfaces batchscript will return 32 or 64 bit datapoints depending on the interfaces and not return any value for the others, and the new SSL certificate monitor has a lot of datapoints that will only return values in certain situations. The dev team noted that returning a '0' isn't really correct, but 'No data' is also a problem because it becomes impossible to tell when datasources or devices are not working correctly. I'm pushing on the CSM to prioritize some improvement that can be used to check for problems (clean up the environment) and/or alarm reliably when data isn't being returned. @mnagel For your instance deletion issue check out this thread; I keep running into this issue and don't think there is a clean way to handle it yet. /topic/5834-active-discovery-and-instance-deletion/7Views0likes0CommentsRe: Active Discovery and instance deletion
I ran into this again, and I think that the current implementation is lacking. The problem is that there are many types of instances that can be 'down' in normal operation, but you want to alarm if they were up and now are down. However, if they are down when you add the device, you don't want to add the instance and have to manually delete them. Several examples: Unused redundant power supply Unused stack port Unused interface The current configuration leads to errors; I had support tell me to switch to 'save for 30 days' to get alarms for deleted instances, and today found that the 'Cisco Switch Stack Ports-' datasource from LM has the same problem (it filters on status and alarms on status). These are also the worst type of errors because they are generally only visible when bad things happen and you don't get notified. You could have an option for a filter to only apply on the first device discovery (I don't know what other issues that might create). You could also had instances alarm if they are removed by active discovery (maybe only if the 'save for 30 days' option is enabled). I am in favor of having instances with the '30 day' option still be visible in the tree so that you can reference historical data, so it wouldn't be too hard to extend that concept to an alarm.19Views0likes0CommentsRe: Groovy WMI documentation
On 7/1/2020 at 2:59 PM, mnagel said: Are you sure about the batchscript limitation? Because the new SNMP_Network_Interfaces DS supports subrate ifSpeed designation as ILPs and is batchscript (we know this because it blew out several collectors due to default batchscript thread counts). I have not looked at the guts yet, so perhaps I am off track there. I had some feedback about that one too. Doubling your interface count should have a bit more visibility. I was also pretty unhappy that the patch notes described it as "an identical replacement"; I like the direction but it's definitely still a WIP. The new collector sizes (XL and XXL) don't have any changes to the default batchscript threads. I opened a ticket on that and made some adjustments to the threadcount and didn't see any problem with other performance metrics.30Views1like0CommentsRe: Groovy WMI documentation
1 minute ago, Stuart Weenig said: Instance level properties are a different animal than device and unless you tried out the method that @Mike Moniz found in the documentation, i doubt the built in methods pull from instance level properties. Good point, I do now recall frequently seeing hostProps. Setting it at the device level does result in a failure.2Views0likes0CommentsRe: Groovy WMI documentation
3 minutes ago, Mike Moniz said: That is interesting because I tested something like that previously (I wanted to see what Windows SNMP can provide without WMI) but I had added the device to a group that had bad wmi properties pre-setup so it never had wmi working. Perhaps it's cached good creds? Can you try restarting the collector? Also you are setting the cred properties on the device you want to use the creds on? Not the collector device itself. I was setting the creds on the instance that I was testing. Are you sure that the datasources you were testing were using the groovy API? I'll test caching later; right now still focused on the actual problem (this is just a side effect :). 11 minutes ago, Mike Moniz said: Oh, I'm bookmarking that link! It looks like there is an option for open(Host,user,pass), although I wouldn't suggest doing that though since that breaks convention. https://www.logicmonitor.com/support-files/javadocs/28606/com/santaba/agent/groovyapi/win32/WMI.html#open(java.lang.String,java.lang.String,java.lang.String) Yeah that link is handy. What is the convention that it breaks (I was looking at some other session options that might let you set authentication parameters) - assuming that you are checking for and only using it if wmi creds exist?0Views0likes0Comments