David Lee

LogicMonitor Staff
  • Content count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About David Lee

  • Rank
    Community Whiz Kid
  1. Conditional alerting

    We recently had this question asked to support "Is it possible to set conditional alert thresholds for a certain datapoints? For example for all servers, the "AvailableGB" under Disks > Volume Usage > Alert Tuning. If we wanted volumes that are... - Up to 100GB total in size, the alert threshold is 10GB - 101GB - 500GB total in size, the alert threshold is 40GB - 501GB - 3TB total in size, the alert threshold is 200GB - 3TB - 10TB total in size, the alert threshold is 400GB" Out of the box , then no we dont support this. Our standard thresholds would alert you on 90% used space, but imagine being woken up at 3 in the morning by a phone call from Logicmonitor telling you that you need to get up and sort out some storage as your 35 TB only has 3500 GB free. Nearly time to wake up!! But what you can do is use our Instance Level Properties in conjunction with our groovy scripted datapoints to set your lower limits exactly like this. First lets look at the ILP. You can quickly add them into any wmi datasource here. This creates an automatic property in the info tab of each volume listing the capacity. Here you can see this volume capacity of 35184235765760 bytes or just over 35 terabytes. Now we can add a complex datapoint that references this capacity Basically it applies a lower limit of 400 GB on all drives, then reduces it if the capacity in bbytes is below certain amount A 35TB drive would return 400, a 100GB drive would return 10. So now you have a threshold for lower limits based on the size of the volume. Now you can use a second complex datapoint. If(lt(AvailableGB,FreeSpaceLowerLimitGigabyte),1,0) means if the AvailableGB is less than the FreeSpaceLowerLimitGigabyte return 1 otherwise return 0. Suppose your C drive is 80 GB and you F drive was 35TB. Set a threshold of = 1 1 1 and you will get a critical alert if your C drive is less than 10GB, or if your F drive is less than 400GB. All automatically applied and alerted on
  2. Fortigate missing interfaces

    Dan, Thanks for the extra information, another quicker fix would be to clone the snmp64_if and change the discovery type from value to wildcard. This will then work where the normal one fails, but instead of a name interfaces will show the oid value. I.E. instead of FastEthernet 0/4 it might show 17. so not as intuitive to undertstand which interface is which
  3. Fortigate missing interfaces

    Recently we have seen a number of issues whith Fortigate not showing interface datasources. With the release of FortiOS 5.4.1 Fortigate changed the behaviour of the description oid. This results in Logicmonitor being unable to discover the interfaces. The SNMP get value for the interface description now returns the value from "set description " instead of the interface name. You must add descriptions to each interface using these CLI commands: config system interface edit set description “<int>” end Once completed, forcing Active Discovery will resolve the issue.
  4. Configuration backups in LogicMonitor is a great feature to help you be aware of changes being made ,store version history and restore your device configurations. Newer devices are can have subscriptions that pull the latest data from the manufacturer, such as malicious IP address lists. Encrypted information may be re-hashed for added security and these are expected behaviours - NOT a config change. So you need to ignore these changes, as they are not operational changes and you do not need to be woken at 3 in the morning to see that there are some newly added malicious Ip addresses. Is there a way to ignore these updates (often multiple in a day) and simply key on the first few lines where the config version is referenced ? #config-version=whateverversioninfo #conf_file_ver=177424565748364543 #buildno=somebuildno We need to alert on line 2 and ignore every other change. As you are no doubt aware you can edit your configsource to ignore certain lines with regex.So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. Make an ignore check, select ignore lines with this regular expression and use the expression !("#conf_file_ver=").Basically this means ignore every line that does not contain #conf_file_ver= You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored. David
  5. Improved configuration change detection

    Hi Ray, As you are no doubt aware you can edit your configsource to ignore certain lines with regex. So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. Make an ignore check, select ignore lines with this regular expression and use the expression !("#conf_file_ver=") Basically this means ignore every line that does not contain #conf_file_ver= You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored. David
  6. Adtran Netvanta Switch Configsource

    Hi, There are no stock configsources but if you hop onto support chat and ask for me, (UK hours) I would be glad to assist you in writing one for you. David
  7. Cisc SG500X ConfigSource Script now working

    Dan, You will probably get a faster response by contacting support, feel free to ask for me if you would like, I have worked with configsources a lot and have a few tricks to try, I took a look at your devices but wasnt sure which ones were these switches. David
  8. Google Analytics Datasource?

    Hi, You may be interested to know we have 2 Beta datasources Google_Analytics_RealTime_Stats Google_Analytics_PageStats Which if you contact support can be imported into your account. The need a bit of set up setup for Google Analytics Datasources: Step-by-step guide (a)The following items must be included in the Device Properties analytics.client.id analytics.clientsecret.pass analytics.refreshtoken.pass system.categories -> GoogleAnalytics (1) Follow these steps in order to get an Access Token and the Refresh Token. On your browser, log-in at Google with the account you want to use to access Analytics info. (2) Visit https://code.google.com/apis/console . Click on create a "project". Search for "Analytics API" and click 'Enable'. Afterwards, navigate to Credentials -> OAuth Consent Screen. Choose the 'email address' and 'Product name shown to users' and save. (3) Create Credentials -> OAuth Client ID. Application Type: Other Input any name (i.e. : LM Client ID) (4)You should now be presented with a Client ID & Client Secret. (5) Navigate to the following URL and insert the correct Client ID. https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=INSERT_CLIENT_ID_HERE You will be presented with a screen to allow access and code string you will need to copy and save. (6) Go into a terminal and paste the following cURL command. curl -H "Content-Type: application/x-www-form-urlencoded" -d 'code=INSERT_CODE_STRING_HERE&client_id=INSERT_CLIENT_ID_HERE&client_secret=INSERT_CLIENT_SECRET_HERE&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code' https://accounts.google.com/o/oauth2/token (7)The output of the previous cURL command should be a JSON response similar to the following: {code:json} { "access_token" : "ya29.AH3afsdfasdfjhahskjhskkskjh", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/HH9E7dfdf4saf3wah7899a8sd989" } {code} (8)You should now have the ClientID, Client Secret & Refresh Token. Insert these into the device properties to get the datasource properly working.
  9. 497 days and counting........

    You might have received an alert saying your linux based device has just rebooted, but you know that it has been up a long time. A switch might have just sent an alert for every interface flapping when they have all been up solidly. The important question to ask here is how long has the device been up? If its been up for 497 days,994 days,1491 days or any multiple of 497 then you are seeing the 497 day bug, that hits almost every linux based device that is up for a good length of time. Anything using a kernel less than 2.6 computes the system uptime based on the internal jiffies counter, which counts the time since boot in units of 10 milliseconds, or jiffies. This counter is a 32-bit counter, which has a maximum value of 2^32, or 4,294,967,296. When the counter reaches this value (after 497 days, 2 hours, 27 minutes, and 53 seconds, or approximately 16 months), it wraps back around to zero and continues to increment. This can result in alerts about reboots that didn’t happen and cause switches to report a flap on all interfaces. Systems that use 2.6 Kernel and properly supply a 64 bit counter will still alert incorrectly when the 64 bit counter wraps. A 32 bit counter can hold 4,294,967,295( /4,294,967,295864000/8640000 = 497.1 days) A 64 bit counter can hold 18,446,744,073,709,551,615 . (18,446,744,073,709,551,615/8640000 = 2135039823346 days or 5849424173 years) Though I expect in 6,000 million years we will all have other things to worry over.
  10. SDT for minor alerts

    Hi, Should also add the Kris wants to maintain alerts on critical items so putting devices into SDT or even certain datasources wont assist him. He only wants to disable warning/errors
  11. Windows Drive Space Alerts

    Windows Drive Space Alerts By default, LogicMonitor alerts on the percentage used on any drive. This in general is fine, but sometimes not. Let’s imagine you have a 2.2 terabytes drive. You might have your critical threshold set at 90%, which sounds fine, until you realise that you are going to get a critical alert when you still have 220 GB free. In my case that would be a cause for some celebration, not really an urgent need to get up at 3 A.M. and delete files so the world doesn’t end. Now Imagine your 2.2TB drive is divided up as: C: 10 GB (OS) D: 500 GB (Mission critical applications) E: 1 TB (Backups) F: 510 GB (Other Applications) A 90% alert will give you a critical at 1GB,50GB,100GB and 51GB respectively. Now the C: drive may be a cause for concern, but the others not so much. The two application drives you might only be concerned if they have less than 4GB free and the backup less than 10GB. So, we decide to alert on the following C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB You could clone the datasource so you have four copies one for each drive but this is harder to maintain in the future and does not scale well. It would be better if you could somehow get the drive letter and assign a threshold based on that. Logicmonitor’s scripted complex datapoint using groovy to the rescue. The disks datasource queries the class Win32_Volume. We need to use the raw drive letter output from the WMI class so would write a groovy script like: Drive=output["DRIVELETTER"]; return(Drive); This returns C:,D:,E: and F: Not much use as Logicmonitor doesn’t deal with text, only metrics. Let’s beef up the script. drive = output['DRIVELETTER']; freeSpaceLowerLimitGigabyte = '0'; if (drive == 'C:') {freeSpaceLowerLimitGigabyte = '1';} if (drive == 'D:' || drive == 'F:') {freeSpaceLowerLimitGigabyte = '4';} if (drive == 'E:') {freeSpaceLowerLimitGigabyte = '10';} return freeSpaceLowerLimitGigabyte; This returns 1,4,10 and 4 for each drive, now we have a complex datapoint that returns the lowerlimit in GB for each drive dependant on the drive letter. Again, we can’t alert on this so we need another datapoint So we can use this to check if freespace is less than the freeSpaceLowerLimitGigabyte. To do that create a CapacityAlert datapoint using this expression if ( lt (FreeSpace, FreeSpaceLowerLimitGigabyte * 1024000000) , 1, 0) Which breaks down as if freespace is less than the assigned limit for that drive letter then return 1 (which you alert on.) Otherwise return 0. Alert threshold set at = 1 1 1, and we get critical alerts if: C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB
  12. SQL query

    Hi Idan, "1. Add value to the server properties so I can see it under the info." You can use a property source here, leveraging groovy to connect to your SQL and make a query which will then be dispalyed under info. https://www.logicmonitor.com/support/other-logicmodules/propertysources/creating-propertysources/
  13. AT&T Uverse Internet Router Support

    Hi Christopher, any device that has a webpage interfce with metrics on it can usually be quiered with our http datasources which can use regex datapoints to pull out metrics. https://www.logicmonitor.com/support/datasources/data-collection-methods/webpage-httphttps-data-collection/ If you have a device in your portal that serves a webpage, support can take a look and determine if this type if datasource would be what you need, and create a datasource request for you, or assist you in creating a datasource yourself. David
  14. IBM db2 Moniotring using Logic Montior

    Hi, There is a sample jdbc datasource for DB2 avilable, if you would like to contact support, they can have it installed into your account. Once you do so you just have to add the queries you want and and valid datapoints.
  15. Mosh, configsources use a script to connect to the devices and as such the script task queue already reflects this information for you. Looking at this in more detail can show scripts being queued and times taken by the configsources. Although this might not differentiate between some normal scripts and configsources it would allow you to see if the queue was too much for the collector FYI, the above graph doesnt show scripts as it is a top ten and scripts are lower than that on that particular collector.