All Activity

This stream auto-updates     

  1. Today
  2. madan

    Allow Logarithmic scaling of graphs

    @Mosh How are you exporting though?
  3. Yesterday
  4. Cole McDonald

    Increase when idleInterval alerts

    If you don't want to change the event timing itself, you can add a blank line to the Escalation chain... it will use the escalation interval on that blank step which will add time. We use this for Services restarting that take a long time. We need to know that they've restarted, but also need to know if they don't finish restarting. So we have an escalation chain just for the service alerts that alert our team, then waits 20 more minutes before alerting us again. If you add a blank to the end of the escalation chain, you can stop repeated messaging as well. Works especially well if you are using a ticketing system that only accepts email as an incoming connector.
  5. Cole McDonald

    Datasource to poll for number of files in a UNC path?

    You can do this fairly easily with a powershell: $path = '\\##system.displayname##\path\to\count' (get-childitem $path).count If you need different paths / system, you'll have to provide a hash table of those relationships somewhere. Either as a text file on a server accessible from the Collector, the collector itself, or hardcoded into the DataSource. It will need to come in as a "Gauge" value rather than a counter.
  6. Last week
  7. Please make it so that when configuring a website monitor that has multiple Steps, we can set it so that it only alerts if all steps fail. In other words, if any one of the steps passes, then everything is still okay. For example, I have a primary URL for an API endpoint, and a secondary URL. As long as either is available I don't need an alert. Only if both steps fail, then I want an alert.
  8. Please make the "Are you sure?" an option that can be disabled in Settings. For us non-MSP enterprise customers that extra mouse click would be a frustration. I like the idea of locking groups as this means we can turn off the confirmation prompt, and know that important service groups are locked from accidental drag and drop.
  9. Cole McDonald

    Swagger Doc help adding a customProperty to a device

    Thank you. The part I found confusing mostly was the example code given... it is just a generic, blank JSON block. Had that had more detail, I'd have been able to figure it out more quickly. When I've done documentation for Functions and Objects in the past, I've always made sure to include expected input and output... not just types, but structural so that anyone can drop in on my code and be able to produce results immediately. Most of what I've done in the past has been internal tooling, so I saw it as cost savings for the company I was working for due to reduced dev time. I don't tend to see that level of documentation for APIs elsewhere. All of MS's dev docs miss this as well. I've commented on it and they've stated that it was a common complaint. Their new documentation is much clearer, but most of their offerings are still the old documentation style; just giving the function names and leaving it to the developer to parse their meaning/usage.
  10. I am looking to poll ~20 UNC paths for to count the total number of files respectively and display in a simple graph widget. Is this something LM can do natively?
  11. Kerry DeVilbiss

    Cisco Firepower data source

    Our Monitoring team released Cisco Firepower DataSources (+ PropertySource) to the core repository last night - check your portals for the download! Cheers, Kerry
  12. Sarah Terry

    Swagger Doc help adding a customProperty to a device

    @Cole McDonald @Joe Tran we will improve the documentation for this endpoint - thanks!
  13. Jason Miller

    Increase when idleInterval alerts

    Is there a way so we can wait a longer period of time (such as 6min) before the idleInterval sends an alert? I know LM warns about making changes to that alert. Thanks Jason
  14. Cole McDonald

    Collapse Clustered Instances at Group Level

    Previous had an issue with the properties it was adding. If you're creating a new property from a proertySource script, it adds it as an "auto.*" property, which goes away as soon as the script stops processing. To add a new permanent custom property, you have to use the REST API, not just a "category.name=data" output from the script. Here's the final: # These first two lines will need to change to fit your environment. # The groupParentID is the id of a group to house the dynamic groups that will be created... # if that's you root level, use that ID. # We're using a group named "Failover Clusters" in our heirarchy to house them. ####### # Cole McDonald - Sr. Technical Analyst # cole.mcdonald@beyondimpactllc.com # Beyond Impact 2.0, llc # No warranty provided for this code, use at your own risk ####### $company = "Your_Company_Name" $groupParentID = "566" $URLRoot = "https://$company.logicmonitor.com/santaba/rest" $server = "##system.displayname##" $accessID = "##LogicMonitor.accessId.key##" $accessKey = "##LogicMonitor.accessKey.key##" function Send-Request { param ( $cred, $accessid = $null, $accesskey = $null, $URL , $data = $null, $version = '2' , $httpVerb = "GET" ) if ( $accessId -eq $null) { $accessId = $cred.UserName $accessKey = $cred.GetNetworkCredential().Password } # Use TLS 1.2 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # Get current time in milliseconds $epoch = [Math]::Round( ( New-TimeSpan ` -start (Get-Date -Date "1/1/1970") ` -end (Get-Date).ToUniversalTime()).TotalMilliseconds ) # Concatenate Request Details $requestVars = $httpVerb + $epoch + $data + $resourcePath # Construct Signature $hmac = New-Object System.Security.Cryptography.HMACSHA256 $hmac.Key = [Text.Encoding]::UTF8.GetBytes( $accessKey ) $signatureBytes = $hmac.ComputeHash( [Text.Encoding]::UTF8.GetBytes( $requestVars ) ) $signatureHex = [System.BitConverter]::ToString( $signatureBytes ) -replace '-' $signature = [System.Convert]::ToBase64String( [System.Text.Encoding]::UTF8.GetBytes( $signatureHex.ToLower() ) ) # Construct Headers $auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add( "Authorization", $auth ) $headers.Add( "Content-Type" , 'application/json' ) # uses version 2 of the API $headers.Add( "X-version" , $version ) # Make Request $response = Invoke-RestMethod ` -Uri $URL ` -Method $httpVerb ` -Body $data ` -Header $headers $result = $response Return $result } if ( test-path "\\$server\C`$\Windows\Cluster\CLUSDB" ) { "system.categories=ClusterMember" $clusterInfo = invoke-command ` -ComputerName $server ` -scriptBlock { Import-Module failoverclusters $cluster = get-cluster "$($cluster.name):$($cluster.id)" } $clustername = ($clusterinfo -split ':')[0] $clusterid = ($clusterinfo -split ':')[1] $groupName = "Failover Cluster - $clustername" # Read Groups # Construct URL $resourcePath = "/device/groups" $url = $URLRoot + $resourcePath # Make Request $response = Send-Request ` -accessid $accessID ` -accesskey $accessKey ` -URL $url $group = $response.items | ? name -eq $groupName if ( ($group | measure-object).count -gt 0 ) { # "*** Group Already exists. Need Device properties? ***" try { $resource = "##Failover.Cluster.GUID##" } catch { $resource = $null } if ( $resource -ne $clusterid ) { # Add Properties # Construct URL $resourcePath = "/device/devices/##system.deviceid##/properties/" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.GUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "POST" } } else { # "*** create group & tag resource ***" # Construct URL $resourcePath = "/device/groups" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"name`" : `"$groupName`" , `"parentId`" : `"$groupParentID`" , `"disableAlerting`" : `"true`" , `"enableNetflow`" : `"false`" , `"appliesTo`" : `"Failover.Cluster.GUID == \`"$ClusterID\`"`" , `"customProperties`" : [{ `"name`" : `"Failover.Cluster.ParentGUID`" , `"value`" : `"$ClusterID`" }] } "@ try { $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "POST" # Add Properties # Construct URL $resourcePath = "/device/devices/##system.deviceid##/properties/Failover.Cluster.GUID" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.GUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "PUT" } catch { $error[0] | out-file $logPath -append } } }
  15. Cole McDonald

    more cluster alert improvement requests

    Previous had an issue with the properties it was adding. If you're creating a new property from a proertySource script, it adds it as an "auto.*" property, which goes away as soon as the script stops processing. To add a new permanent custom property, you have to use the REST API, not just a "category.name=data" output from the script. Here's the final: # These first two lines will need to change to fit your environment. # The groupParentID is the id of a group to house the dynamic groups that will be created... # if that's you root level, use that ID. # We're using a group named "Failover Clusters" in our heirarchy to house them. ####### # Cole McDonald - Sr. Technical Analyst # cole.mcdonald@beyondimpactllc.com # Beyond Impact 2.0, llc # No warranty provided for this code, use at your own risk ####### $company = "Your_Company_Name" $groupParentID = "566" $URLRoot = "https://$company.logicmonitor.com/santaba/rest" $server = "##system.displayname##" $accessID = "##LogicMonitor.accessId.key##" $accessKey = "##LogicMonitor.accessKey.key##" function Send-Request { param ( $cred, $accessid = $null, $accesskey = $null, $URL , $data = $null, $version = '2' , $httpVerb = "GET" ) if ( $accessId -eq $null) { $accessId = $cred.UserName $accessKey = $cred.GetNetworkCredential().Password } # Use TLS 1.2 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # Get current time in milliseconds $epoch = [Math]::Round( ( New-TimeSpan ` -start (Get-Date -Date "1/1/1970") ` -end (Get-Date).ToUniversalTime()).TotalMilliseconds ) # Concatenate Request Details $requestVars = $httpVerb + $epoch + $data + $resourcePath # Construct Signature $hmac = New-Object System.Security.Cryptography.HMACSHA256 $hmac.Key = [Text.Encoding]::UTF8.GetBytes( $accessKey ) $signatureBytes = $hmac.ComputeHash( [Text.Encoding]::UTF8.GetBytes( $requestVars ) ) $signatureHex = [System.BitConverter]::ToString( $signatureBytes ) -replace '-' $signature = [System.Convert]::ToBase64String( [System.Text.Encoding]::UTF8.GetBytes( $signatureHex.ToLower() ) ) # Construct Headers $auth = 'LMv1 ' + $accessId + ':' + $signature + ':' + $epoch $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add( "Authorization", $auth ) $headers.Add( "Content-Type" , 'application/json' ) # uses version 2 of the API $headers.Add( "X-version" , $version ) # Make Request $response = Invoke-RestMethod ` -Uri $URL ` -Method $httpVerb ` -Body $data ` -Header $headers $result = $response Return $result } if ( test-path "\\$server\C`$\Windows\Cluster\CLUSDB" ) { "system.categories=ClusterMember" $clusterInfo = invoke-command ` -ComputerName $server ` -scriptBlock { Import-Module failoverclusters $cluster = get-cluster "$($cluster.name):$($cluster.id)" } $clustername = ($clusterinfo -split ':')[0] $clusterid = ($clusterinfo -split ':')[1] $groupName = "Failover Cluster - $clustername" # Read Groups # Construct URL $resourcePath = "/device/groups" $url = $URLRoot + $resourcePath # Make Request $response = Send-Request ` -accessid $accessID ` -accesskey $accessKey ` -URL $url $group = $response.items | ? name -eq $groupName if ( ($group | measure-object).count -gt 0 ) { # "*** Group Already exists. Need Device properties? ***" try { $resource = "##Failover.Cluster.GUID##" } catch { $resource = $null } if ( $resource -ne $clusterid ) { # Add Properties # Construct URL $resourcePath = "/device/devices/##system.deviceid##/properties/" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.GUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "POST" } } else { # "*** create group & tag resource ***" # Construct URL $resourcePath = "/device/groups" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"name`" : `"$groupName`" , `"parentId`" : `"$groupParentID`" , `"disableAlerting`" : `"true`" , `"enableNetflow`" : `"false`" , `"appliesTo`" : `"Failover.Cluster.GUID == \`"$ClusterID\`"`" , `"customProperties`" : [{ `"name`" : `"Failover.Cluster.ParentGUID`" , `"value`" : `"$ClusterID`" }] } "@ try { $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "POST" # Add Properties # Construct URL $resourcePath = "/device/devices/##system.deviceid##/properties/Failover.Cluster.GUID" $url = $URLRoot + $resourcePath # Construct Data Body $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.GUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "PUT" } catch { $error[0] | out-file $logPath -append } } }
  16. Cole McDonald

    Swagger Doc help adding a customProperty to a device

    with out the stray }] … and the properties are case sensitive!
  17. Cole McDonald

    Swagger Doc help adding a customProperty to a device

    Thank you Joe, looks like the JSON was the part I had wrong! This worked for making the new property and populating it: $resourcePath = "/device/devices/2332/properties/" $url = $URLRoot + $resourcePath $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.GUID`" , `"value`" : `"$ClusterID`" }] } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "POST"
  18. Joe Tran

    Swagger Doc help adding a customProperty to a device

    I don't typically use the /device/devices/{id}/properties/{name} endpoint but i would give the following a try: # Construct URL $resourcePath = "/device/devices/2332/properties/Failover.Cluster.ParentGUID" $url = $URLRoot + $resourcePath $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.ParentGUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "PUT" The type key might not be needed. The SwaggerDoc on this endpoint is weird. It literally says that the POST method is supported but all the keys in the model are readOnly?
  19. Can anyone translate the Swagger Doc into something I can understand? I'm looking specifically at the device properties PUT or PATCH to try to figure out how to add a customProperty to a device. Here's what I've got (PowerShell): # Construct URL $resourcePath = "/device/devices/2332/properties/CustomProperties" $url = $URLRoot + $resourcePath $data = ` @" { `"customProperties`" : [{ `"name`" : `"Failover.Cluster.ParentGUID`" , `"value`" : `"$ClusterID`" }] } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "PUT" Send-Request handles all of the encryption and the invoke-restmethod {}
  20. mfrancis@mcdonaldhopkins.com

    Windows Event Logs - Applications and Services

    LogicMonitor does a great job capturing Application, System and Security events from the Windows Event Log via WMI. We are trying to expand our Event Log monitoring to include events from the Applications and Services Logs. These cannot be collected by LogicMonitor via WMI but the documentation says we should be able to collect these using Event Log subscriptions and write them to the Application log. We have an event log subscription set up on one Windows server collecting events from others. They are source initiated subscriptions, specifically AppLocker error events which we have being collected and written to the Application log of the collecting server. The events are making it to Application Log but we are not receiving alerts in LogicMonitor. I have tried a custom Event Source and even used the built-in one which should be collecting all Application Event Log errors occurring on the server. We get alerts for application errors that occur on the server - just not the AppLocker errors despite them being listed in the log. I noticed the Log Name in these collected events shows "Microsoft-Windows-AppLocker/EXE and DLL" event though they are in the Application log. Could this be the reason LogicMonitor is not alerting on them? They are not found when using the Event Source Testing tool either. Wondering if anyone has any tips on how to use a subscription to alert on events from the Applications and Services Logs.
  21. Cole McDonald

    Cloning Dashboard Groups With Rest

    yeah... I always just assume I'm going to have to build it by hand... not just Logic Monitor, everything. It's in my DNA though, I started programming when, if you wanted software that did a specific thing, you had to write it. (back in the punch card and teletype days).
  22. Joe Williams

    Cloning Dashboard Groups With Rest

    This is the way I will end up probably going, but was hoping I didn't have to go through all of that. I just wanted to simply clone it.
  23. Cole McDonald

    Cloning Dashboard Groups With Rest

    Forgive me if you have already tried and discounted this for whatever reason, but my first thought is to 1) GET the json for the current "Template" using the rest API to get the entirety of its definition 2) Change the JSON to match the changes you need made to that (customer name, team name, project name) 3) POST the changed JSON to make the new group 4) Build a recursive function to walk that hierarchy 5) Grab each of the dashboards and change the appliesto to match the new set of devices a)I'm currently doing that piece with a token at the directory level for each of our customers that I can then just change at the dashboard group level to make a full dashboard suite for them. 6) Duplicate each of those to the new dashboard group, and change the token.
  24. This is a good idea. I would also tag on and say can we do it for a collector group? So that way when a new collector is added to a specific group, it just inherits the schedule?
  25. Mike Moniz

    Cloning Dashboard Groups With Rest

    I would like this too. I believe I attempted to use asyncclone in the past but it's not exposed in the API, even unofficially.
  26. Joe Williams

    Cloning Dashboard Groups With Rest

    Ultimately I will be using PHP, but the above example/code was from Postman. Attached is a screenshot of Postman.
  27. Cole McDonald

    Cloning Dashboard Groups With Rest

    What platform / scripting language?
  28. Jesse Iniguez

    Support for chrony

    I too am interested in the progress of this request as I submitted request 126119 where support stated that the check chronyd-enabled time sync check should be released, "in weeks"; this was back in December of 2019. Meanwhile, I have many warning alerts for NTP checks on AWS Linux-based VMs.
  1. Load more activity