Datasource to monitor Windows Services/Processes automatically?
Hello, We recently cloned 2 Logic Monitor out of the box datasources (name ->WinService- & WinProcessStats-) in order to enable the 'Active Discovery' feature on those. We did this becausewe've the need to discover services/processesautomatically, since we don't have an 'exact list' of which services/processes we should monitor (due to the amount of clients [+100] & the different services/solutions across them) After enabling this it works fine & does what we expect (discovers all the services/processes running in each box),we further added some filters in the active discovery for the servicesin order to exclude common 'noisy' services & grab only the ones set to automatically start with the system. Our problem arrives when these 2specific datasourcestartto impact the collector performance (due to the huge amount of wmi.queries), it starts to reflect on a huge consumption of CPU(putting thaton almost 100% usage all the time) & that further leads to the decrease of the collector performance & data collection (resulting in request timeouts & full WMI queues). We also thought on creating 2 datasources(services/processes) for each client (with filters to grab critical/wanted processes/services for the client in question) but that's a nightmare(specially when you've clients installing applications without any notice & expecting us to automatically grab & monitor those). Example of 1 of our scenarios (1of our clients): - Collector is a Windows VM (VMWare)&has 8GB of RAM with4 allocated virtual processors (host processor is a Intel Xeon E5-2698v3 @ 2.30Ghz) - Currently, it monitors 78 Windows servers (not including the collector) & those 2datasourceare creating 12 700 instances (4513 - services | 8187 - processes) - examples below This results in approx. 15 requests per second This results in approx. 45 requests per second According to the collector capacity document (ref. Medium Collector) we are below the limits (forWMI), however, those 2 datasourceare contributing A LOT to make the queues full. We're finding errors in a regular basis- example below To sum thisup, we were seeking for another 'way' of doing the same thing without consuming so much resources on the collector end (due to the amount of simultaneousWMI queries). Not sure if that's possible though. Did anyone had this need in the past & was able to come up with a differentsolution (not so resource exhaustive)? We're struggling here mainly because we come from a non-agent less solution (which didn't facedthis problem due to the individual agentdistributed load - per device). Appreciate the help in advance! Thanks,
Is there a way to export data source to a template file; CSV?
So we are in the final phases of rolling out LogicMonitor and now the daunting process of Alert Tuning has rolled upon us. In our old monitoring solution we has it very much tweaked and customized and overall all alerts were around ~400-600ish. In LogicMonitor we are currently at 13000+. We need to seriously tune up the Datasources and we need a way to show our SME's what each datasource is monitoring and what it alerts on, what thresholds, etc.. Is there a way to export the Datasource's Monitoring Template to a CSV file so that we can reference that and our SME's can then say turn off, adjust etc.. I see in the reports section there is a "Alert Threshold Report" but that lists out every single datapoint instance on a group/resource and we don't want that. We need what the base DS template looks at and uses and applies to each matching resource.
Monitoring folders on Windows servers
I was recently asked by a customer if it was possible to monitor the size of a folder or the file count in a folder on a Windows server. Well there sure is, <whistles> YO UNC Monitor- come on down. UNC Monitor- is part of the Core DS, the DSs that are installed by default when LogicMonitor is first deployed. As seen on the UNC Monitor Description section: Great, there is a way to do this. Ok how do I do this? Hmm? Well looking at the next section of the DS, Technical Notes. Add an instance manually, oooohh k. But how do I perform this specific voodoo? Hmm maybe if I look further down on the DS? Ok there is the Groovy Script, what do I get when I run the Test Script? Ok so I do have 5 folders that contain 41 files using a total of 7,013 KB. Great that’s some info but still not what I need for a path and I still don’t know how to “add the instance manually” Maybe there is some documentation on how to do this? Oh yeah it’s right here Step 2 states “click the down arrow icon button located next to the manage button for that device. From this dropdown menu, select “Add Other Monitoring” So now I know the steps I need to take and I know that there are folders that are shared. How do I know what the shared folders are without having to log onto the server? That’s where the debug facility comes in for help. The easiest way to access debug is open any raw data screen and click on debug You will be presented with all the available commands. To assist in finding the available folder shared we will be using !wmi If you aren’t familiar with any command just type the command and you will be presented with information. In this case I want to show the shared folders on this server. With a bit of knowledge on Win32 Classes we can find this info. I’ll cover Win32 Classes in another post. Now I have everything I need to get this folder monitored through UNC, RIGHT?!? RIGHT?!? I’m looking at the device and there is no DS for UNC showing How do I add it manually if I don’t have DS ugggh. Since I have my handy dandy info from the documentation I know I need to: Once you click on that you get Add a name as you want it to show up on the instance list. Then you can add a path from the list that was obtained through leveraging the debug facility. Once both of those are filled in,hit save twice and tada you get And more importantly you now have alert tuning that you can perform on this specific UNC drive
Retrieving data from an external API via a Groovy Scripted module
1) Using Expert mode, define a resource as the hostname of the api in question, i.e. api.someapinamehere.com. For the purposes of this example, I'm going to make a call to worldtimeapi.org for data on the timezone America/Chicago to determine if daylight savings time is in effect. 2) Next, choose an available collector and group (optional) and click save. Note: normally you would also add your api user name (if any) and api token as properties, but in this case, it's not necessary. 2) Next, go to Settings -> LogicModules -> DataSources and click Add -> Datasource 3) Follow the steps below to adjust the DataSource: 4) Insert this script in the text box entitled Groovy Script under Collector Attributes import com.santaba.agent.groovyapi.expect.Expect; import com.santaba.agent.groovyapi.snmp.Snmp; import com.santaba.agent.groovyapi.http.*; import com.santaba.agent.groovyapi.jmx.*; import org.xbill.DNS.*; import groovy.json.*; //Defines host as the name of the resource added, in this case worldtimeapi.org def host = hostProps.get("system.hostname"); //Defines the path to endpoint def endpointUrl = "/api/timezone/America/Chicago" //Defines port. SSL would require 443. def port = 80 //Opens connection def httpClient = HTTP.open(host, port) //Get response def response = httpClient.get(endpointUrl) //Define status code def statusCode = httpClient.getStatusCode() //Close connection httpClient.close() //Extract values or handle error if(statusCode == 200){ response = new JsonSlurper().parseText(httpClient.getResponseBody()) if(response['dst'] == true){ status = 1 println("dstStatus=${status}") } else { status = 0 println("dstStatus=${status}") } } else { println("Your HTTP get request was not successful. StatusCode=${statusCode}") } 5) Add Normal datapoint named dstStatus 6) Save Module 7) You will see data painted in your portal for the device worldtimeapi.org under the name of the DataSource you created. You can learn more about this on this recently updated support doc: https://www.logicmonitor.com/support/terminology-syntax/scripting-support/access-a-website-from-groovy#