• Posts

  • Joined

  • Last visited

  • Days Won



5 Neutral

About grantae

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Got it working. I had to add the category in myself.
  2. Yeah (I have the main URLs I used for reference on the original post). I added <company> (our Windows team confirmed it was correct) manually and made a JWTs and got the Key and Secret, but it didn't seem like it was working. The datasources didn't match it since it didn't include the hasCategory("ZoomService"). Do I need to add that in somehow?
  3. I'd be interested in knowing more about the cloud exchange stuff in regards to zoom but IDK if my company will sign off on extra spending or not. In the meantime I would like to try to get the Zoom datasources and propertysource working and see what it can do. (Even if it will be deprecated soon.) Do you have any guidance on that?
  4. Not sure what you mean by trials. I just found the data and property sources for zoom and wanted to try setting them up to see if they had useful info for my team.
  5. Exchange >> Cloud Integrations >> Zoom >> Add and step through the wizard When I go to Exchange (left hand bar) I do not see anything that says Cloud Integrations. I just see the modules. Sorry if I'm missing something.
  6. I found the Zoom Datasources / Propertysources but was unsure about what needed to be added into LM to use these, like a Microsoft Surface or <company> or ??? Played around with getting the zoom.api key and secret and manually added to both a Surface and a manually added <company> (the Propertysource uses these for the AppliesTo) but wasn't sure about the hasCategory("ZoomService") on the datasources. I didn't get either to really work and I don't think the "device" <company> functioned. Main pages I read to try to figure it out so far were: Any advice on getting these to work?
  7. This sounds perfect! Thank you for the suggestion! I put the 2 instances I want to monitor together and made a rule for it. Just need to test it and see if it works as intended.
  8. Example: I have one router connected to the network's other router with 2 links (interfaces, tunnels, etc). If one of the links goes down the normal alert rule to email me is fine. However, if BOTH links go down I want a page. Cluster alerts was close to what I needed but it seemed to only be able to be set for if ANY 2 links go down then do this, instead of if these 2 links go down. I care about the relation between 2 specific links on a device, not the other ports going to random servers and stuff happening to go down. (I have different alerts for those.) Has any one dealt with an issue similar to this and found a work around/solution? Maybe an eventsource (or something) would be able to check for if Alert A and Alert B exist at the same time?
  9. The debug feature and !tlist results showing All NaN have recently been brought to my attention. We have a lot of scripts returning All NaN and it would be helpful to have a way to efficiently address the All NaN results so we can remove the broken script, fix the script, or only apply it to devices it will work on.
  10. We send syslog messages from ISE to LM. It looks like this alert is marked as INFO but LM treats it as Error level. Is there a way to set this alert as Warning instead of Error? -------------------------------------------------------------- Host: <HOSTNAME> Eventsource: Cisco_Syslog Message: CISE_Alarm INFO: EAP Connection Timeout : Server=<HOSTNAME>; NAS IP Address=<IP>; NAS Identifier=N/A Level: error Admin: ##ADMIN## Hostname: <HOSTNAME> Hostdesc: Level: error Value: CISE_Alarm INFO: EAP Connection Timeout : Server=<HOSTNAME>; NAS IP Address=<IP>; NAS Identifier=N/A Threshold: ##THRESHOLD## Alerttype: eventAlert Eventsource: Cisco_Syslog Datasource: Cisco_Syslog Generalcode: ##GENERALCODE## Specificcode: ##SPECIFICCODE## Facility: local use 3 (local3) Message: CISE_Alarm INFO: EAP Connection Timeout : Server=<HOSTNAME>; NAS IP Address=<IP>; NAS Identifier=N/A
  11. Oh ok, that makes more sense. It "cancels" the alerts instead of delaying them.
  12. Wait... how did I get 61 of 109 being Throttle alerts if my settings are Throttle for 10min and 5 alerts? There shouldn't be a way to get more Throttle alerts than "real" tickets.
  13. Hmmm... I guess that is true. For our branches we use Palo Altos as the first reachable device at a branch site, however are major circuits in the core I believe those are between Cisco devices. It might be good to make branch down tickets for the sites with Host Status (and use use alert intervals for things like ping and over utilization for these sites) but maybe a different metric for core/distro devices. Hmmm.... I'll play with ideas on how to organize/configure the alerts better so I don't have a crazy flood of alerts that end up needing throttling. (Got like 109 tickets from yesterday, I think from a security scan. 61 of the tickets were the Throttle alerts!)
  14. I was actually just reading that warning in LM. It sounds like I should leave the Host Status at 6min, which means I should focus on editing the other alerts to wait at least 6min before triggering a ticket. It is good to note that changing the idleinterval in Host Status doesn't sound like it will actually mark the device dead sooner since other backend logic is at work. I will be sure to leave it alone. I will look into editing the other alerts with this in mind. Is Host Status the best metric to base down tickets off of; and ping with alert intervals that wait about 4 intervals (ping is set to 2min by default) so about 8min past before declaring a degrade and making a degrade ticket? Is there a better metric to use for down and degraded site tickets?
  15. The alert trigger intervals does help. I'm looking into better ways to organize what alerts to actually use for tickets and how to set them up. Might take a bit to get back to this thread but some questions about this are coming up in the thread Rate Limit Throttle Message Disable. (Just an FYI for anyone searching for this type of info, since IDK if it would come up in a search based on the title.)