LM Portal Integration Events - EventSource to alert on Alerting Integration failures

  • 15 November 2023
  • 8 replies
  • 63 views

Userlevel 5
Badge +8

What:

It’s an EventSource that calls recent Alert Integration events from the LM API (endpoint: /setting/integrations/auditlogs) , and alerts on any non-2xx responses.

Why:

Mostly because these failures aren’t glaringly obvious within the LM Envision UI; you have to actively go and look for them. This EventSource will let you alert on them within LM, both in the UI itself and also as an alert that can be escalated out.

Obvious caveat:

If you want to escalate alerts from this EventSource out of the platform, use an Alert Rule and an Escalation Chain to target the alerts and route them out via email/SMS/Voice call, not via an Alerting Integration. 😉

You will need:

A LogicMonitor Portal Resource, that all the core LogicMonitor_Portal_* LogicModules also apply to.

API credentials such as you’d already have set on this resource, as per our documentation:

https://www.logicmonitor.com/support/logicmonitor-portal-monitoring

The user that these credentials relate to must have read access to LM Audit Logs.

The EventSource will automatically apply to your Portal Resource and “just start working”.

If the API credentials don’t give sufficient rights to the Audit Logs, the EventSource will start alerting on that also (unfortunately, on each poll - you may want to watch it on implementation just to make sure it’s OK!)

Script uses Collector Script Cache to remember the most recent event seen on each poll, then look back only that far, to ensure full coverage with no overlap.

 

EventSource name: LogicMonitor_Portal_IntegrationEvents

Version 1.4 published with lmLocator: J3WPAR


8 replies

Userlevel 7
Badge +19

Not finding it. Possibly still under review?

Userlevel 5
Badge +8

Ah yes, sorry Stuart, I was a little previous in posting.

Now cleared through security review, should be visible.

Userlevel 5
Badge +8

It did also occur overnight that pushing these integration events into LM Logs is an easy extension from this point, by a relatively simple combination of parts of this script and parts of other, existing, modules.

Hold my beer...

Userlevel 7
Badge +19

Yeah, was gonna suggest that. SImilar to what I did with audit logs.

Userlevel 4
Badge +4

Glad to see this formally built out by LogicMonitor at this point, I know quite a few customers have had to implement custom solutions historically. I think having this functionality for both an EventSource and in LM Logs would be great.

Now - when are we finally going to get formal support for ingesting Collector logs into LM Logs? I’d love to leverage anomalies with Collector log data.

Userlevel 7
Badge +19

Glad to see this formally built out by LogicMonitor at this point

This isn’t supported by LM. It’s got the same level of support as any custom module built by any LM customer. Wish it was.

Now - when are we finally going to get formal support for ingesting Collector logs into LM Logs? I’d love to leverage anomalies with Collector log data.

Completely agree. Pushing audit logs and collector logs into LM Logs should be a no brainer and should either be the default, or require only a checkbox, provided those logs don’t count against license counts. That should be pretty easy by having metadata provided with the log that excludes it from counts.

Userlevel 5
Badge +11

Glad to see this formally built out by LogicMonitor at this point

This isn’t supported by LM. It’s got the same level of support as any custom module built by any LM customer. Wish it was.

Now - when are we finally going to get formal support for ingesting Collector logs into LM Logs? I’d love to leverage anomalies with Collector log data.

Completely agree. Pushing audit logs and collector logs into LM Logs should be a no brainer and should either be the default, or require only a checkbox, provided those logs don’t count against license counts. That should be pretty easy by having metadata provided with the log that excludes it from counts.

Also offloading logs would be nice. Our SOC has requested we ship logs to our SIEM, but there is no real easy way to accomplish this.

Userlevel 5
Badge +8

Glad to see this formally built out by LogicMonitor at this point, I know quite a few customers have had to implement custom solutions historically. I think having this functionality for both an EventSource and in LM Logs would be great.

Now - when are we finally going to get formal support for ingesting Collector logs into LM Logs? I’d love to leverage anomalies with Collector log data.

 

As already mentioned above, this isn’t formally built out by LogicMonitor; it’s a “side project” / POC module authored by me as an individual who coincidentally happens to be on the LM payroll. It hasn’t gone through any “gold standard” reviewing (other than security review, of course), so, no guarantees for efficiency, no official support, etc.

 

Coincidentally also, I’ve been thinking about collector logs to LM Logs; it’s simple enough technically (just a mix of my Collector ConfigSources and any other API logs ingest) but as an unofficial build they’d absolutely count towards your consumed, billable, ingest. It’s kind of on my side list of “things to put together”, I just haven’t found the time yet.

I also don’t disagree with Stuart’s comments on default ingest of such things; feel free (if you haven’t already) to submit this as a feature request.

Reply