Connect, share, find answers, ask questions!
Windows Event Log Correlation
Hi, First post and I'm new to LM, though an old hand at monitoring and alerting so be gentle ? I've searched these forums and found a couple 'feature requests' to be able to alert only if message X appears greater than Y times within Z minutes in the Windows Event Log rather than alerting for every occurrence of message X. None of the posts appear to have a solution... Is this still the case? Either an official solution or a work around? Many Thanks Mat
Palo Alto Config Restore from LM backup file
This weekend I had a problem with one of my Palo Alto Firewalls. Luckily I wasn't concerned because I had LM backing up my config all the time. Unfortunately although the data is there, I could not get it into a format that I could load back into the firewall. Has anybody successfully done this? Any hints? Thanks What I've tried: 1. Download the file in *.conf format. Imports in but won't load. 2. Download *.conf and then change the extension to .xml. Imports but won't load. XML file is viewable in a browser fine. 3. The exports from a PA firewall have no file extension so I downloaded the .conf and removed it. imports but won't load. 4. Copied and pasted all the lines from the LM console into Notepad++ and then remove the line numbers from all the lines. I tried saving as xml and dropping the file extenstion. It imports but won't load.
API v2: get alert detail Message
Hello, I'm migrating from RPC API to REST and need to retrieve alerts with their full description (for processing in our own system). Unfortunately, when I tried API v2, I could not get fieldset "detailMessage", even though it's mentioned on API v2 Swagger page. Also there I can't find any parameter like "needMessage" used in RPC API and REST API v1. Is there any way to retrieve alert description (=subject in RPC, detailMessage.subject in REST v1) in alerts REST API v2? And do you plan to support such parameters/fields later?
Datto Backups & Devices
I figured I would share these with anyone who would want them. The first DataSource reaches out to the Datto Portal and gathers info on the BCDR via the Datto portal and utilizing their REST API. It is ATFZGD. As part of this DataSource, it pulls basically all values that are provided and a few complex just to convert KB to GB and get percentages. Active Tickets Agent Count Alert Count Local Storage Available Local Storage Used Offsite Storage Used Share Count The second one pulls the same BCDR devices and gets the backup status from them. It is 2KZEKJ. As part of this DataSrouce, we pull the below info. Also as part of this, we have active discovery set to every hour so the error message for the backup can be used as an auto property, that we can then pull into the alert message. There are 2 complex data points as well. 1 is so archived backups in error don't trigger and another so paused backups in archive don't trigger. Arch
Is it possible to apply multiple filters to an API query? If so, would anyone have an example of what it would look like? Here are my current attempts: Working: https://agio.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0 Not working: https://agio.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0,name-QA* Thanks!
Where we can set polling frequency?
Hello, I want to create alert which poll every 1 min and if it fails to match threshold criteria then it should create new alert for every polling. But i see only single alert on alert-dashboard instead of multiple alerts.' How can we set/modify to shoot new alert in every polling? Thank you, Suyash Gaikwad
Get the interface IP on the actual Interfaces datasource?
Hello, We were wondering if it would be possible to map the actual IP against the discovered interface(s)? - I'm referring specifically to the 'snmp64_If-' & 'snmpIf-' datasources Our goal is to be able to add deviceA (that contains 5 interfaces for example) & quickly determine which IP is assigned to each interface (I know we can always check the configuration but, it's not that productive). I also noticed that the device itself contains the 'system.ips' property but, we don't know which IP belongs to each interface. Appreciate the feedback. Regards,
Simple Check for SSL Cert Expiration Monitoring
Monitoring SSL Certificate expiry days can be done in LogicMonitor by making use of datasource SSLCerts- (SSL Certificate Expiration). On the side note, SSL Certificate is used for certifying a web server that does the secured socket layer data encryption between a web server and a client (web browser). SSL Certificate is issued by several organizations/companies so called Certificate Authority (CA) for the purpose of providing the legitimacy of the web servers that encrypt the data for communication. The certificates issued will be digitally-signed by those CA and can be trusted by the client based on Root Certificates installed in the common browsers. It is, however, possible to create a self-signed certificate, which in this case is used for a testing purpose. Data will still be encrypted but the certificate will not be trusted by the client browsers. When a device with SSL Cert installed has been added to LogicMonitor, rightfully that datasource will be auto-applied, as with
Public vs. Private Modules and the new Exchange
@Stuart Weenig There seems to be a number of publicly given data sources which are no longer available. Here's a link to a bunch more which can no longer be accessed. (written by the LM creator himself) /topic/354-dependencies-or-parentchild-relationships/
Would it be possible in the future to export users into a PDF or Excel spreadsheet. Also, when we sort the user table it doesn't seem to actually sort by any of the columns correctly. If we try to sort by 'Roles' it sorts by 'Usernames' first then 'Roles'. We would like the ability to be able to sort by the specific column we choose. If we look at the properties of a group, you can't see who is attached to the groups either. We would like to be able to go into a group and see what users are in that group.
Random custom properties appearing within our 'root' folder
Hello to everyone, For the past couple of weeks we've been noticing that from time to time 'customProperties' get created within our 'root' group at LM. We've asked our team if anyone created those, everyone stated that they weren't manually created. Tried to check it within Audit logs, but I can't find any event that relates to that action. I'm not sure what is causing this (couldn't be LM fault)... Examples of properties that get created: - snmp.community - esx.user/pass We've a bunch of folks working on this at the same time & we're not discarding the possibility of this being done by mistake (however, the weird thing is we can't see this in the Audit logs). Anyone faced this sort of scenario in the past? Thank you!
Dynamic Instance Group Alert Tuning
This is not an advertisement by any means, just offering to help anyone who struggles with this as well. As an MSP, we have struggled with how to handle alert tuning in bulk with it comes to things like Interfaces (instances). Some of the interfaces you want to alarm as critical, some you want as error and others you don't care about at all. LM provided a partial fix for that with their Groovy based "Status" alarm based on the interface description, but it didn't take it far enough. We started creating manual interface groups called "Critical" and performing Alert Tuning on that "parent" only to find out that it doesn't work as interfaces move in and out of it. I was beyond disappointed, but it said it right at the top of the page: Changes made to Alerting or Thresholds will only affect existing instances currently in this Instance Group. Instances added later will not be subject to the changes. Anyway, long story short we finally decided to write our own application to d
Hello all, I am trying to get a report to show all alerts that happened within a time frame on certain resources. Like a device goes down sends an alert, comes back up but would go back down again and I am wanting to have a report that reflects that. Is there anyway to have the reports be generated in some way or is it not possible to do so. Thank you in advance for any help that can be provided.
Is it possible to have two collector instances on one box?
I was wondering is it possible to have 2 collector instances running on the same box? Asking this b/c monitoring SQL Server requires the collector to be running as the actual Windows User that has access to the SQL DB or the jdbc user property cannot be a windows account. It must be a local SQL built in user. We are not getting a local user that's in SQL from our clients and we have a different service account that is for LM monitoring but its not the one we use for SQL access. That's a different user. So I was wondering if it was possible to run a 2nd collector instance on the box we have already and have that instance run as the Windows SQL user that has the access to the SQL DB.
Complex DataPoint for a Report
Hi Team, I am wanting to create a report for TotalIOPS which on a dashboard I have is DiskReadsPerSec+DiskWritesPerSec on the dashboard widget. I would like to create a custom datapoint that can be applied to servers that can be pulled to a report just like any other DataPoint so that I can create a report showing IOPs for a specific point in time such as May 1st 6am to 6pm. Currently I can create a metric report showing Reads and Writes but not the operation to combine them for total IOPs. I did look at the Complex DataPoints page and saw the syntax but it does not give clear real world examples and I've never created a complex datapoint before. I keep getting an error stating either syntax is incorrect or the datapoints do not exist but I copied the datapoints from the widget. Any help would be appreciated!
SQL showing No Data
Hi Team, I have a couple of collectors that are showing No Data for SQL Server. Now the SQL servers do not get used a lot as they are in a test environment, would that cause the collector to say "No Data" on all metrics? I have checked and I do not see "No Data" on other item such as CPU or memory which leads me to believe it is not a WMI issue as I have found in the past. Any ideas?
Websites > Response > This String: does it support RegEx?
So question when setting up Website profiles, we need to alert if a status page contains either "Degraded' or "Down" or a multiple different status states.. Does the Response section allow for regEx statements? In our other tool we could specify /.*(DOWN|DEGRADED).*/ but so far no regex pattern that works elsewhere works in this profile section. Does it support regEx in this response section?
API not working properly?
Hello guys, I've raised a case with LM support already but I want to share this with the community (to make sure you guys experience this as well or no). We've created a simple Python script (about 4/5 months ago) that checks on a specific device (using its ID) & look for the presence of a certain DataSource (in this specific scenario 'snmp64_If-').
Datasource development challenge
Anyone have any ideas about how to solve this challenge? We'd like to collect dhcp relay stats from our Juniper routers, not necessarily for minute-by-minute graphs and alerts but to be able to show patterns of longer term trends (hourly, daily, monthly) I've got the list of OIDs for the counts of DORA plus Naks, Informs, total lease count and total drops. The kicker is that they are stored on a per routing instance (ie VRF) basis and the OIDs aren't structured like #WILDVALUE (routing instance name or ID)#.n.n.n Instead, all routing instances use the same OIDs, and to query them you issue a get at each OID with [routing instance name@(snmp community)] as the snmp community; the output returned corresponds to the name of the routing instance. Somehow this has to possible, but it may be a situation where the effort to achieve and/or sustain it is going to exceed the value of the data it would provide.
Windows RDS Gateway Stats
Hi All, We are monitoring a server running RDS Gateway manager (2016) . the client would like to see user stats / logon times /durations etc . I have this in as a feature request but LogicMonitor just doe not see the role I guess..Was just wondering if anyone had any thoughts on this ?
PropertySource - Certificate Information
We had to find out who issued the SSL cert on port 443 for a bunch of network devices and servers. So I wrote this TCPMLH. It pulles the IssuerCN, SubjectCN, ValidFrom and ValidTo info for the certificate. It could easily be modified to look at other ports as well if wanted. It depends on a PropertySource that was listed here awhile ago 'DataSources_List', which I don't have the key for, but can share the XML if needed.
Already have an account? Login
LogicMonitor Employee? Click here:LogicMonitor Employee Login
Login to the community
No account yet? Create an account
LogicMonitor Employee? Click here:LogicMonitor Employee Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.