All Activity

This stream auto-updates     

  1. Past hour
  2. You can check that your appliesto is working properly (click test applies to and click the link to view the results and ensure your new device is in there). If that's successful, that part is done. Then you can test the active discovery to see if it's discovering anything. If that part's not working, there's a problem with SNMP or the OIDs specified in discovery aren't there on the version of the device you have (doesn't sounds like the latter should be the case). If all that works, you can test the polling by going to the device, browsing to the datasource, then the raw data tab. Click poll now to see if you're getting data back. If that doesn't work, then there's a problem with SNMP (permissions maybe, v3?) or the OIDs specified in the "Datapoints" section of the DS aren't correct.
  3. Thank you Matt and Stuart. Unfortunately even after setting the displayName in the appliesto isn't working. I'm having one of the guys take a look as i just noticed that NetFlow is working but we aren't getting any SNMP info...
  4. Today
  5. What you'll need to do is make sure that the datasource is getting "applied" to the additional devices. It sounds like the OIDs and stuff are probably the same between the two, so you would only need to change the "AppliesTo". You can do that manually by adding " || displayName == '[the display name of an additional device]'" to the current applies to. If that gets you data on the 2110, you'll need to further adjust the AppliesTo so that the datasource is trying to collect data for the additional devices. You can do this with a system.category, or a sysOID mapping, or a property source.
  6. Hi Stuart, Thanks for replying, well so far we have been able to connect via snmp and it does display some of the hardware components but does't generate alerts. Note: I take care of LM but we have other people that work on the IBM systems, I will ask. We had a failed drive today and these systems send that information to IBM so they came today to replace but we didn't see that from LM side. Just would like to see what else we could do since we all are now working from home. all Windows systems are being monitored and reports alerts and warnings. I will ask our IBM folks and get back to you Thanks again
  7. Let me know how you make out. I can confirm that its working for us at least with two different 2110 devices. The documentation for the 2110s actually says they still use ASA SNMP OIDs and that you can still use the same entries. I just added my devices to my Applies To and it worked great.
  8. Do you have an idea of the kind of data that you would want to pull out? Do you know if that data is accessible today manually (like on a web page, through an api, through the cli, snmp, etc.)?
  9. I've uploaded but it doesn't seem to be working for any of the 2100 or 4100 series devices in my system. I'm still playing with it a little. I did have to change your appliesto to hasCategory("CiscoFirepowerSNMP"). None of my devices have CiscoFirepower as a category.
  10. The data structure changes for v2 and some of the endpoints are different. Some more info here. The v2 REST documentation is here: https://www.logicmonitor.com/swagger-ui-master/dist/#/Alerts/getAlertList, but the filtering shouldn't be any different. As far as why it's not working (meaning you're getting an http 200 but not filtered results), I am wondering if the filter can only affect those fields included in the response. That being the case, can you filter based on the value of `monitorObjectGroups`? Unfortunately, being end of quarter, I don't have the time to run any tests to figure out what works.
  11. I can't export mine and share it that way because the Exchange is being re-worked. Here is a copy of my XML (https://pastebin.com/GErayzCE) -- you can save that locally as a XML file and then add it to your tenant by doing DataSources -> Add -> From a file, and selecting your created file. Note -- I added a category to the "applies to" called CiscoFirePower. You have to add that to any firepower device that you want this to apply to, and then run another active discovery.
  12. Has anyone been able to create IBM for Power 7&8 systems? if you have I was wondering if you could share those. I have these 2 systems in the office and so far we haven't been able to pull any data. Thanks Stan
  13. Thank you Matt. I'm confused about where to actually change the OID's that you posted. Are you changing on the datasource and then under parameters? Or somewhere else? Basically i changed what it was in that location to 1.3.6.1.4.1.9.9.392.1.3.35.0 and applied to a FTD but it didn't seem to work. I'm not sure that i did incorrectly.
  14. You can use this same OID to monitor on FPR devices. Just adjust your applies too to include fire power devices (if you are using the the OID's I posted about). I don't believe the original OIDs worked for firepower for me but the one I updated with did.
  15. Awesome and thank you, it's working great for my ASAs in the system. Anyone have one to monitor the same thing on the Cisco FPR devices?
  16. Thanks for the info, it doesn't seem to work for me unfortunately. It seems display every single alert for every customer no matter what I put. E.g. #Request Info httpVerb ='GET' resourcePath = '/alert/alerts' queryParams ='?v=2&?filter=displayName~domain.com' (I changed domain.com to the actual customer) data = '' I wasn't using the v2 API before but I was trying that as well above. Are there some working examples documented anywhere? For the v2 API, does it display the data any different or is the only difference no support for basic auth? Thanks
  17. Yes, you'd use the filter query parameter and the value of the parameter would be system.groups~Clients%2FNameofClient You'd again use the filter query (not sure if/how to combine this with the above, would have to play with it): filter=displayName~domain.com You'd just pass multiple query parameters: alert/alerts?filter=displayName~domain.com&sort=+displayName
  18. Hi I'm fairly new to APIs and would like a little help please. I am trying to query the LM API for specific alerts with Python. I am able to retrieve a full list of alerts via Python which is a good starting point. I was using the following doc: https://www.logicmonitor.com/support/rest-api-developers-guide/v1/alerts/get-alerts What I would like some help with is the following: - Is there a way to retrieve alerts only for a specific folder? We have customers under specific folders. - How would I retrieve alerts with only a specific string in the resource name? E.g. all customer devices will have devicename.domain.com I would like to filter for only alerts of devices with *domain.com* in the resource name. - How would you do multiple queries in one API call? e.g. a query with a filter, and a sort? Thank you
  19. This feedback has been heard by the UI/UX team.
  20. Yesterday
  21. LM needs an overhaul really bad. It look so ugly compared to some open source solutions. Dark them and some color improvement are needed.
  22. Last week
  23. I was able to get accurate results changing the OID polled to: 1.3.6.1.4.1.9.9.392.1.3.35 under the properties, and 1.3.6.1.4.1.9.9.392.1.3.35.0 under the data source.
  24. Have you had a chat with support? Off the top of my head I would ask about the difference between the network paths between the collector and the switches. Have you tried doing a ping and SNMP GET from the command line (should be built into most Linux distros and there's a third party version you can use in Windows). Should at least verify if the problem is LM or if it's specific to your environment.
  25. Hi folks, Another wired situation: I has two switches, same hardware, same sw version, same snmp config - one works, one don't. I can add one switch as device without any issue, the other one can't because of snmp issue. Had anyone seen similar problem? Any suggestion to resolve the issue? Thank you very much! Keith
  26. I have been seeing session numbers much higher than I would expect. When I looked closer the numbers are not matching the output from manually checking using the CLI. This is across a few dozen devices with different setups. I think the OID may be different I found the following ones that I am testing. I will post back if I get better results: crasSVCNumSessions 1.3.6.1.4.1.9.9.392.1.3.35.0 crasWebvpnNumSessions 1.3.6.1.4.1.9.9.392.1.3.38.0 The OID being used I think may be used for total SSL sessions and not specifically anyconnect users? Not sure, just a thought.
  27. Thank you very much Stuart! Will discuss with team and decide what to do.
  28. I've put the wheels in motion to get this one reviewed and publication. If you haven't heard, the exchange is getting a major overhaul and LogicModules published to the exchange automatically get marked as private. Once the new Exchange features get released (I think they're in beta right now, so should be soon) the author will be able to mark the module as public once it's uploaded. You'll also be able to bundle in a tokenized dashboard and multiple LogicModules all in a single package. Until that time, ping me with any submissions you need released and I'll try to bring it up with the guys who manage the exchange.
  29. That's right @Mike Moniz. What's likely going on here is that the set of user credentials used to run your collector doesn't have permission to do WMI queries on those servers and/or you don't have WMI credentials added as properties on the parent group containing those servers. Either way, what you know is this: LM thinks those servers are windows servers based on the open ports, however, when the collector tries to query via WMI, it's not successful.
  1. Load more activity