Log Streaming Feature Request
Hi, Our team recently has certain error scenarios found in multiple production sites. As of today we're monitoring specific exception (via keyword match or Regex expression) via LogicMonitor and trigger alert to be generated. This solution has few drawbacks: 1. Requires us to know ahead what're the specific exception(s) to monitor in each log file (e.g. Tomcat, ActiveMQ) 2. Requires us to download all the logs from each production site that has this issue (some of our customers requires VPN/Secure access and it's very inefficient to download these logs from each site to analyze) Our team then run a quick log streaming POC and discovered datadog is one of the vendors that provides a decent log streaming solution (to the cloud) and allow us to search & perform analytics (seehttps://www.datadoghq.com/log-management/). It'll be great if LogicMonitor can implement something similar to enable us to elasticsearch these logs in the cloud to enable faster troubleshooting analysis. Thanks & Best Regards, Horace3Views1like1CommentSonicWall and Netflow
Hello! Our team is attempting to setup Netflow for SonicWall devices unfortunately there is little in the way of documentation on how to setup Netflow on these devices. Would anyone here have any insight that they would be willing to share in order to use LogicMonitor Netflow with SonicWall devices?5Views0likes1CommentDEVIATION FROM ROLLING AVERAGE
I see a need in the design to alert on deviation from rolling average: example 1: Temperature in hardware is based on fixed baseline (default or manual adjusted) or based on fixed Delta. In real world application it would Make a LOT more sense to alert on Deviation from a 5 day or 30 day rolling average Temp of the box. Reason is, units alarm on the weekends because the office shuts off the AC during the summer. or they alert During the week 9-5 because in the winter the offices crank the heat. All of these ignore nuance of RANGE and Average expectation for the location...The alerting should just be how FAR outside the average Range for the site is. My Nashville facility hovers from 56 to 59 all week. I have it set on 57 so I get alerts at least once a weekend. I could move it to 59...but that's a band-aid. The REAL solution would be to have the software TRACK the last 30 days, and alert when we're outside the NORM for that location. furthermore....with hardware it is not the specific temps that kill the hardware....its the RATE at which the temp changes. so, the alerts SHOULD be based on the average range the system has seen in the last 30 days, and alert ONLY when the rate of change accelerates...but I imagine THAT request would be more challenging to reduce to an algorithm. Example 2: PING times.....I have sites where the Latency range is EXTREME (Mumbai, Johannesburg, Taipei etc...) I'd wished the PING would track the 30 day range and common deviation from norm and alert when the sites see latency that is way outside the expected fluctuation range. 30ms typical 90% of the time + 200-500ms spikes 10% of the time. when Ping times hit 300 ms for more then 10% of the last hour of sampling....then notify warning to inform of change in TREND....not fixed threshold in immediate sample17Views3likes1CommentTracking DataSources changes with ConfigSource
How do we monitor our DataSources? One of our customers asked an interesting and challenging question. He would like to know how he can track and alert changes to his customised DataSources. Well, there was no straightforward way, not until recently. This is made possible with the recent release of the ConfigSource add-on module and the publishing of the dataSource REST API. At a high-level, we can create a Groovy script ConfigSource which makes a REST API call to export a targeted DataSource to XML format, store and check for changes to the XML in ConfigSource, then send an alert when there is a change. Creating the ConfigSource:- 1. Create REST API token 2. Create an embedded groovy script ConfigSource with the following information:- Name : DS_XML Display Name : DS_XML Applies To : This ConfigSource can be applied to any device Collect Every : Up to your company policy, minimum 1 hour Multi-instance? : Check this option Enable Active Discovery : Uncheck this option Collector Attributes : Select Embedded Groovy Script Groovy Script : [... Attached Below ...] Config Check : Select Any Change (Check For: option) 3. Save the ConfigSource import org.apache.http.HttpEntity import org.apache.http.client.methods.CloseableHttpResponse import org.apache.http.client.methods.HttpGet import org.apache.http.impl.client.CloseableHttpClient import org.apache.http.impl.client.HttpClients import org.apache.http.util.EntityUtils import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Hex; //define credentials and url def accessId =hostProps.get("api.access.id"); def accessKey =hostProps.get("api.access.key"); def account =hostProps.get("api.account"); def resourcePath ="/setting/datasources/##WILDVALUE##"; def url = "https://" + account + ".logicmonitor.com" + "/santaba/rest" + resourcePath + "?format=xml"; // get current time epoch = System.currentTimeMillis(); //calculate signature requestVars = "GET" + epoch + resourcePath; hmac = Mac.getInstance("HmacSHA256"); secret = new SecretKeySpec(accessKey.getBytes(), "HmacSHA256"); hmac.init(secret); hmac_signed = Hex.encodeHexString(hmac.doFinal(requestVars.getBytes())); signature = hmac_signed.bytes.encodeBase64(); // HTTP Get CloseableHttpClient httpclient = HttpClients.createDefault(); httpGet = new HttpGet(url); httpGet.addHeader("Authorization" , "LMv1 " + accessId + ":" + signature + ":" + epoch); response = httpclient.execute(httpGet); responseBody = EntityUtils.toString(response.getEntity()); code = response.getStatusLine().getStatusCode(); println responseBody httpclient.close(); 4. Go to the device where the ConfigSource is applied to, define the following device properties :- api.access.id : < API Token Access Id > api.access.key : < API Token Access Key > api.account : < LM Account > Adding ConfigSource Instances 1. Identify the DataSource id. You can find it in the UI by looking at the URL of the DataSource definition 2. Add ConfigSource instances by selecting 'Add Monitored Instance' from the Manage Dropdown next to the manage button for the device Name : < DataSource Name > Wildcard value : < DataSource Id > DataSource : DS_XML 3. Repeatabove step 1 and 2 to add more datasource instances. Point to Note: 1. To execute a ConfigSource, you will need a minimum collector version of 22.110 2. One Datasource Id per instance 3. Differences in DataSource are viewed in XML format 4. Previous DataSource version can be restored by downloading and importing the previously compared XML from the ConfigSource history 5. Thanks and credits to David Lee (Our Jedi Master)for enhancing the original concept to a more user-friendly multi-instances ConfigSource. Screenshots of the ConfigSource result:5Views0likes2Comments