SNMPv3 Password Character Set Restrictions?
I’m working on adding a hundred or so Long Strong SNMPv3 passwords into a class of device we’re going to start monitoring. I’m can walk the snmp locally, from a linux neighbor, but not from LM. I’m getting a password error. I assume the issue is that the password is being encoded for storage/delivery. Has anyone else experienced this? If my assumption is correct, what is the restricted character set when pairing LM with Linux SNMP? LM ticket #424608 for internal reference.Solved1.5KViews14likes8Comments
Stop collector or batshscript queued tasks from collector debug?
Is there any way to, from the collector debug or UI, kill any queued up tasks specific to an IP that the collector is monitoring? I have a devicethat is being over-polled, and we know why, but there were a bunch of tasks queued up that couldnt get through. I’ve put that device in a folder, and set that folder to not collect or alert on any of the datasources, so in THEORY I am thinking that we SHOULD no longer be sending any significant snmp traffic. However, in the past, I’ve sometimes experienced that tasks that get queued up or stuck in batchscript can sometimes just keep trying and stay stuck. So I’m wondering if there may be something I can do on the collector to specifically force it to drop any pending tasks for a specific resource. Thanks!Solved200Views4likes1CommentConvert SMTP uptime to days?
Hey all, messing around with a quick uptime dashboard for a product team. They have a bunch of Linux servers that I can pull SNMP Uptime but it needs to be converted from the whacky format to days. I’m just using the table widget on the dashboard, is there anyway to do that conversation? It would be nice if i could just pull the value in from the top levelResource page for the device where it already shows your uptime. Wish you could just hijack that underlying code. PS...cant edit the typo in the title. Thats lame.Solved199Views15likes5CommentsMeraki Monitoring
Hello, I was wondering if anyone out there would be able to help me out with the proper way to monitor multiple Meraki devices. The use case will be to have the ability to monitor one Meraki Firewall and multiple Meraki switches in multiple sites. However from my understanding they are under one cloud access URL. What would the best coarse of action to monitor these devices to get individual device statistics? Thanks in Advance74Views0likes4Comments
Method for password/token rotation for SNMP v3 credentials?
Hi. We are about to get all our servers on SNMP v3. We have it working with no issues on some test servers. I wanted to know if there is a recommended method for rotating these credentials within Logicmonitor, or if we will have to write something ourselves to rotate the credentials? Thank you67Views4likes2Comments
SNMP Trap Credentials on Resource Properties Enhancement
HelloLM Community! Just wanted to highlight this enhancement thathas beenreleased recentlyin EA Collector 34.100 to support the use of SNMP trap credentialson resource properties. When using this collector version or newer, you can add snmptrap.* properties on resource/group level for the collector to decryptthe trap messages receivedfrom monitored devices. The credentials are used in the following order: Collector first checks for the set of credential snmptrap.* in the host properties. If the snmptrap.* credentials are not defined, it looks for the set of snmp.* in the host properties. If sets for both snmptrap.* and snmp.* properties are not defined, it looks for the set eventcollector.snmptrap.* present in the agent.conf setting. More details can be found in the below articles in our documentation: SNMP Trap Monitoring:https://www.logicmonitor.com/support/logicmodules/eventsources/types-of-events/snmp-trap-monitoring EA Collector 34.100 Release Notes:https://www.logicmonitor.com/release-notes/ea-collector-34-10066Views14likes0Comments
Pick one from multiple snmp community strings
If you have multiple snmp community strings within your environment but they're not consistent within any particular subset of devices, you might want to add them as a list and have LogicMonitor decide which one works for any given device. This proof-of-conceptDataSource lets you do that. You'll need an API user within your LogicMonitor account, and that user will need rights to manage all devices (or at least, all that you may need to apply this method to). For that user you'll need to create an API token ID/Key pair; these values should be set at in your device tree as the values of propertiesapiaccessid.key andapiaccesskey.key - ideally at the root level but certainly, again, to apply to any device you want the DataSource to apply to. You'll also need to create a third device property, snmp.communities.pass, whose value should be a comma separated list of your possible community strings, with no extraneous space - e.g. communityString1,snmpStringForMonitoring,m0n1t0r1n6,communityRO. This value can be set globally and/or at subgroup levels as appropriate. Be aware that each incorrect community string will add a few seconds to the script execution time, as each one has to time out, so large lists and high-frequency polling intervals could cause problems. Be sensible, and limit the content of snmp.communities.pass to only the values that will exist within the groups it's being set for. This DataSource will apply to any device that has or inheritssnmp.communities.pass, and *either* has no system.sysinfo *or* is known to be an SNMP device. This means the script will test the various community strings against any device that is as yet not identified, or has previously responded to SNMP (but possibly no longer is). The script will attempt to get SNMP data from the Interfaces table of the device, as the vast majority of SNMP devices reveal this data. If the configured snmp.community value works, no action is taken. Ifsnmp.community doesn't work, but exactly one of the other options insnmp.communities.pass does, then the API is called and the 'correct' community string is added to the Device. The DataSource will run this check every 5 minutes (which can of course be altered) such that any changes to the SNMP community string of the actual device can be caught and the Device in LogicMonitor updated, provided the new community exists in the csv list you've defined. *Important:* As with any .pass, .password, .key, or snmp.community property, the value shown in the UI will be obscured as eight stars or blobs. You *cannot* simply add further text to the existing stored string; if you need to add another value to the csv list you will have to replace the whole list. E.g. If you store 'communityString1,snmpStringForMonitoring' insnmp.communities.pass, then want to addm0n1t0r1n6 andcommunityRO later, you cannot simply edit the field and paste ',m0n1t0r1n6,communityRO' onto the blobs - that would save as '********,m0n1t0r1n6,communityRO'. You'd have to delete the blobs and paste in 'communityString1,snmpStringForMonitoring,m0n1t0r1n6,communityRO' (without the quotes). *More Important:* Note that by adding theapiaccessid.key andapiaccesskey.key properties into your account, other DataSources could equally make use of their rights. Clearly, you will already have limited access into the Settings area of LogicMonitor such that only trusted users can create or modify LogicModules, or access the Collectors, using LogicMonitor's RBAC abilities. v1.0.0:GWHLED55Views0likes2CommentsSNMP v3 and SonicWall
Hello all! We have a client that uses SonicWall and we are having some issues bringing the device into LogicMonitor. We have confirmed that SNMP is enabled on the device(s) and that SNMP is being allowed out of the Interface. Moreover, we have setup a User/Group for our monitoring using MD5, AES and a key for both that we have created. We have also set this group to have Root Access. Additionally on the current configuration for SNMP we see that Get Community Name, Trap Community Name and Host 1 are populated with information. Host 1 being the NAT'd IP address of the environment. When attempting to Run Active Discovery we see that on the logs on the SonicWall that the logs suggest that the Engine ID is incorrect. However we areusing the Engine ID that is shown in simple plain text within the SNMP configuration using thesnmp.contextEngineID function within the devices' properties. However when running tests it seems that everything returns as Invalid Engine ID no matter what the issue seems to be. So any other ways that anyone here knows how to get these devices into LogicMonitor when the device is using SMNP v3?36Views0likes0CommentsSNMP - Use RAW value in datapoint
Goodmorning, I'm trying to create some custom datapoints for an marine antenna control unit (ACU). A lot of the data consists of non numeric output, and with those I'm struggling at the moment. One example is the SNMP output for "Longtitude/Lattitude" this consists of numbers and a letter. Below is the output (and error) I receive when polling: Timestamp: 2018-10-11 10:47:41 Normal Datapoints 1 item iAcsStatusLat NaN Fail to get the result of this oid OID is .1.3.6.1.4.1.13745.100.1.1.4.0 Raw value is 53.683331 N Hide Raw Request/Response .1.3.6.1.4.1.13745.100.1.1.4.0 53.683331 N As you can see the "Raw value" is nicely polled, but the datapoint cannot process it (probably due to the "N" in the data). Simpler data like "heading" is not an issue and is nicely being polled and written to the graphs. Basically I just want the datapoint just to poll the raw data, and plot it to the datapoint. Can anybody point me in the right direction? Br, Ralf32Views0likes3Comments
Method for password/token rotation for SNMP v3 credentials?
Hi. We are about to get all our servers on SNMP v3. We have it working with no issues on some test servers. I wanted to know if there is a recommended method for rotating these credentials within Logicmonitor, or if we will have to write something ourselves to rotate the credentials? Thank youSNMP Trap Credentials on Resource Properties Enhancement
HelloLM Community! Just wanted to highlight this enhancement thathas beenreleased recentlyin EA Collector 34.100 to support the use of SNMP trap credentialson resource properties. When using this collector version or newer, you can add snmptrap.* properties on resource/group level for the collector to decryptthe trap messages receivedfrom monitored devices. The credentials are used in the following order: Collector first checks for the set of credential snmptrap.* in the host properties. If the snmptrap.* credentials are not defined, it looks for the set of snmp.* in the host properties. If sets for both snmptrap.* and snmp.* properties are not defined, it looks for the set eventcollector.snmptrap.* present in the agent.conf setting. More details can be found in the below articles in our documentation: SNMP Trap Monitoring:https://www.logicmonitor.com/support/logicmodules/eventsources/types-of-events/snmp-trap-monitoring EA Collector 34.100 Release Notes:https://www.logicmonitor.com/release-notes/ea-collector-34-100