Need help on PaloAlto_FW_RunningConfigXML API configsource
Currently, the sole option is to collect/view the configuration xml when a change occurs. So,IsthereawayinLMtogenerateareportusingthePaloAlto_FW_RunningConfigXMLAPIconfigsource? or Is it possible to collect the configuration backup at any specific time interval? Thanks in advance :)70Views16likes2CommentsModule Update Differences Report
I mentioned on the webinar today that I’d post an example output from my diff script. I’m not going to attach it here, so I’ll link to it instead. It’s an HTML page and it’s an older version of the script output, but opening it in your browser (use incognito if you’re worried) will show the list of modules whether they’re UpdatedNotInUse, UpdatedInUse, or New. Clicking on the blocks under a module (red=there’s a difference, green=there’s no difference) will show the existing vs. new versions. To generate this report, all I need is a RO set of credentials with view access to modules (I think). I use this as my checklist of updates to address. I have the history and existing definition on there (Old JSON) because I like to know if my version is out of date because LM changed an LM setting or if they changed something I had customized. And the old JSON is on there in case I need to revert (which I haven’t had to yet).77Views4likes3Comments
2022-01-12 - APAC Product Overview - Alert Tuning & Routing
APAC Product Overview -Alert Tuning & Routing conducted on 12th January 2022 Thanks for attending! Pleasefill out our Survey here: https://docs.google.com/forms/d/e/1FAIpQLScPWW5DzNxe2W5ieh6PjamLYWcP5AhDbUl1E3U7ZKryEgwEoA/viewform1View1like0Comments2021-11-17 US Office Hours
Thanks for attending today! Please fill out our feedback survey to help us keep programs like this going! Questions asked during this webinar: [1:25] I recently discovered that a couple of our Collectors in a couple different ABCGs are provisioned with more memory than the others, so I bumped those with 16+ GB up to X-Large while the others are still Large. Is this a Really Bad Thing? I couldn't find anywhere in the docs that talks about good-or-bad for mixing Collector sizes in a Group, only that the versions need to be the same. Thoughts? Oddly, the one I made X-Large has the least Instances!! It's been running for more than a month that way. Does the load-balancing not happen based on CPU and/or memory load? D'oh! Got it now. I need more coffee apparently. Thanks!!! ? [5:55] In the SNMP_Network_Interfaces datasource, why is ifindex written into the instance name? If the interface index changes (on a device reboot for example), the instance will become stale. but the port is different? We get duplicate instances when they forget to turn on the index persistance. Usually it clears up if we remove them all and re-discover yeah thats what we noticed, thanks [10:17] We are currently set up with one local collector per site. All these collectors are set up to have their failover collector be the main" one at our main site. The problem we're running into is that when the Internet connection at one of the branch sites goes down, we fail over to the main collector at the main site and then get a ton of alerts about sites at the remote site being down. Is there any way to avoid these alerts? Hope this makes sense. I forgot to mention that we have VPN between the main site and the branch sites Okay thanks for the info [18:19] Follow-up question to my previous main/remote site collector issue. Is there a way to have failover collectors that require manual fail over (vs. automatic)? Okay makes sense. But failing back would be tough because we would have to pick and choose which devices to fail back to the remote site right? [Answered after webinar: Yes, you'd have to maintain that mapping back to the original collector. Naming standards might help with that.] [12:25] Is there a way to do SDT for just the weekend days? We have a need for SDT for servers in Azure that we take down starting at 8:00PM on Friday until 8:00AM on Monday. So alerts will go for those 15 minutes then? [16:00] We have a LM web site monitor that monitors an https: connection to an Apache Web server instance. Each monitor attempt generates a pair of entries in the web server's error log Error occurred during SSL processing, error = 406. SSL initialization operation failed, return code error = 3426. Is there a setting we can change on LM to prevent this? SSL is "required" for this instance [20:10] Apologies if this was already covered, but how do I import a MIB file? I have my watchdogs monitored but none of the SNMP attributes show up. [22:43] I have a weird and hard-to-explain thing. Mind if I verbalize the question? It's about an EventSource and the size of the data it's putting into the ##VALUE## Alert Token. [27:28] I sometimes get alerts for System Event Log Errors. The Datasource can be modified to exclude a specific event ID. I do not want to modify the Datasource. Can an event ID be excluded for individual resources (servers)? Also, I have modified the filter for some event ID's. If I install an update, will I lose my custom entries ? Am interested in doing it at the group level. where did you go for applying at group ? [33:04] We have a customer (we're a sort of MSP) where they want to have custom Thresholds and/or Alerting on/off for individual Instances of NetApp Volumes. Since Instances in this DS come from Active Discovery, I believe the only way to have per-Instance settings is to have an external script do that via API. Is that correct? [37:07] If nobody else has questions, is there anything new / cool you want to show from v160 or v161? [39:36] Is there an easy way to monitor servers for Missing Windows Updates? How about expiring SSL Certificates? @Nick the relatively new DS "SSL Certificates" lmLocator: J3K9WC is actually so good at finding services with certs that we have found things using certs we didn't even know about!! We use that Windows Patches Needed and it's AWESOME. We use the Windows Patches needed datasource and it works great. The limitation is that your server must be able to hit the MS Update websites. It won't work if your servers use WSUS / cant hit MS Update. We have wmi.user on most of our servers Locator code for _Windows patches needed DataSource: N7R7YZ [43:07] From the v161 release notes: LogicModule Snippets "Snippets are pieces of reusable code that enable quicker updating of modules, consistency across suites, the ability to use classes when developing modules, and more. Module snippets are stored and automatically distributed to Collectors every 24 hours. Support for snippets requires Collector version 30.000 or higher." there is a module in the release as well that references it Cisco UCS (1 Module Snippet) "The request body for login has been updated to accommodate double quotes in passwords." [43:54] I have not used a script from the community before, would it be possible to walk through using the N7R7YZ ? [48:02] What is the best practice for keeping these DataSources Updated? Does everyone simply update all of them on a scheduled basis? Never update? Our CSM got us a limited-use "sandbox" portal, where we import all new modules as soon as they are released, then after evaluation we bring them in to the prod portal. It's manual, but there are some API endpoints that might work. We do it manually because it's so quick to do with practice. One tip for module updates: When you look at the "diff" in the UI for an update, it's structured JSON for old and new. You can pipe JSON through "python -m json.tool" to sort it, and then you can do a standard command-line "diff" to see what changed in a way that's more clear than the UI sometimes! [54:05] Since nobody has entered any more serious questions.... Just curious... Do the LM developers ever sneak out "easter eggs"? Case in point I have written some custom scripts which include fun stuff in the HTTP headers.4Views1like1Comment2020-11-18 - Office Hours
Have questions about how to best use LogicMonitor? LogicMonitor experts are live to explain best practices and answer your questions. There are no planned topics as this webinar is a true office hours. Bring your coffee and questions! US Session registrationhere EMEA Session Registration here2Views1like3Comments2020-12-16 Office Hours
Have questions about how to best use LogicMonitor? LogicMonitor experts are live to explain best practices and answer your questions. There are no planned topics as this webinar is a true office hours. Bring your coffee and questions! US Session registrationhere EMEA Session Registration here6Views1like3Comments2020-10-28 - Office Hours
Have questions about how to best use LogicMonitor? LogicMonitor experts are live to explain best practices and answer your questions. There are no planned topics as this webinar is a true office hours. Bring your coffee and questions! US Session registrationhere EMEA Session Registration here2Views1like4Comments2022-03-30 - US Office Hours
The 3/30 webinar had questions about: Alert rules Alert tuning DataSources Vs. ConfigSources and one at the end that we were not able to answer. (The answer was StackStorm!https://www.logicmonitor.com/support/stackstorm-integration-overview) The recording: Please fill out the survey:https://docs.google.com/forms/d/e/1FAIpQLScPWW5DzNxe2W5ieh6PjamLYWcP5AhDbUl1E3U7ZKryEgwEoA/viewform?usp=pp_url&entry.2118543627=2022-03-30&entry.2116906043=US/Americas6Views1like0Comments
Need help on PaloAlto_FW_RunningConfigXML API configsource
Currently, the sole option is to collect/view the configuration xml when a change occurs. So,IsthereawayinLMtogenerateareportusingthePaloAlto_FW_RunningConfigXMLAPIconfigsource? or Is it possible to collect the configuration backup at any specific time interval? Thanks in advance :)Module Update Differences Report
I mentioned on the webinar today that I’d post an example output from my diff script. I’m not going to attach it here, so I’ll link to it instead. It’s an HTML page and it’s an older version of the script output, but opening it in your browser (use incognito if you’re worried) will show the list of modules whether they’re UpdatedNotInUse, UpdatedInUse, or New. Clicking on the blocks under a module (red=there’s a difference, green=there’s no difference) will show the existing vs. new versions. To generate this report, all I need is a RO set of credentials with view access to modules (I think). I use this as my checklist of updates to address. I have the history and existing definition on there (Old JSON) because I like to know if my version is out of date because LM changed an LM setting or if they changed something I had customized. And the old JSON is on there in case I need to revert (which I haven’t had to yet).