mnagel

Members
  • Content Count

    472
  • Joined

  • Last visited

  • Days Won

    73

Everything posted by mnagel

  1. I would start here: https://openvpn.net/community-resources/management-interface/ There is an example of how to use this (not in an LM-friendly way) at https://kifarunix.com/how-to-monitor-openvpn-connections-using-openvpn-monitor-tool/ There is also an example (a bit dated) on how to expose data via SNMP here: https://github.com/Phhere/openvpn-snmp The problem seems to be a general lack of standard monitoring since OpenVPN runs on so many platforms. If check_nrpe works, perhaps just punt and use that via an LM script datasource :).
  2. It sounds like you are expecting a function to be able to take arguments, because "function". I did as well many years ago when I wanted to create a single isClient function with the client name as an argument, but found after a very painful support ticket that they absolutely are not functions, just macros. You would need to write a separate version for each check. In this case, you would have to add a new function like this and a new one for each version: system.virtualization=~"VMware" && auto.version_number =~"6\\.5\\.0*"
  3. I would like to have SSL expiration profiles I can apply to websites with automatic selection based on the CA. This is (for now) based on the fact that Let's Encrypt certificates tend to have short expiration intervals, but it seems like a good general solution to discover stuff automatically as elsewhere within LM. Thanks, Mark
  4. We have for some time used LucidChart to present network diagrams to our clients via an iframe in a widget. The Topology Mapping feature has its place, but it is not a substitute for diagramming. Among other things, TM has no support for most WAN topologies. I had not looked into it much before, but LucidChart has a Data Service API and in theory, various device details could be replicated via that method (https://www.lucidchart.com/pages/api-data-service). It will take me some time to digest that and figure out how that would be useful for presenting information from LM, but it sure loo
  5. Nice! Will definitely give that one a try...
  6. @Sarah Terry Just watched your Level Up presentation on dashboard tokens, which I am familiar with. The idea presented to change tokens on the fly to change the view is nice, but requiring dashboard editing makes it inaccessible to regular users. A fix for that would be to add a token settings dropdown to allow regular users to adjust tokens from a list of pre-canned values that admins can manage. This would also avoid changing the underlying tokens in a persistent manner, enabling context changes for anyone using the dashboard.
  7. I have spent much time the past few years grappling with how to handle alerting within LM. The "LM way" is to not send too many actual alerts (via email, etc.) and instead review aggregates on dashboards. But, that is a mindless repetitive task people should not have to do to pick up on problems, and flooding inboxes is the only other option. My suggestion is to implement a method within widgets to alert when data contained exceeds thresholds (or is abnormal). As a very specific example, if I set a widget to show all core switch interface error rates, I would want to set an alert for the wi
  8. This is a specific case of the more general needed feature of linked (inherited) clones -- this applies to anything that can be cloned so that inheritance and overrides can be leveraged. My original request on this many years back applied to LogicModules (datasources primarily), but the same applies here and to virtually any primary object type that can be cloned. I have been pushing for this repeatedly across the years. Instead of linked clones for modules we now have SMR via Exchange -- much better than blind replacement, but linked clones would be far superior (including this dashboard inhe
  9. There are many gaps like that -- you also cannot search by properties in the resource pane. My workaround is to leverage our API-based endpoint backup script to find things with grep. Clunky, but helps. Most often I am looking for code examples.
  10. This is a specific case of the more general "RBAC and groups are not sufficient to support an MSP model", which I have been trying to get fixed for years. There needs to be structural support for multiple clients, not bolted on as is currently done. I never use the wizard, didn't realize it did this was how it worked :).
  11. I just checked and it looks like currently all the commands require no special privileges, but also not all may be appropriate for every Linux flavor. I know a few spotchecks show some will not work on EL6 (which, to be fair, is EOL later this year). Linux_SSH_BlockDevicePerformance: def command = \"cat /proc/diskstats\"; Linux_SSH_CPUCores: def command = 'cat /proc/cpuinfo' Linux_SSH_CPUCores: def command = 'cat /proc/stat' Linux_SSH_CPUMemory: def command = 'vmstat -s -S K; echo -n \"Cores:\";nproc --all; echo -n \"load:\"; uptime' Linux_SSH_Filesystems: def comma
  12. If the box does respond to SNMP, then it will never discover the Linux_SSH property even if you define credentials because addCategory_Linux_SSH only applies if the system has no categories or only "collector" (which seems like an error). This may explain your AD problems if any category was added to those devices for any reason. Once that is detected, the various modules will work. I am not sure if root is required for all of the modules, but I expect it is for at least a few and as you say, this is not documented anywhere explicitly. Since it must be defined at the device level, you w
  13. Right -- I tried the same and it looks like reports don't handle ILPs. They certainly should -- probably will need to escalate to LM to get it fixed, and they may say it is a feature request :).
  14. Have you tried the alert threshold report? You cannot be very granular in which type of threshold you select, but if you export to CSV and open with Excel or equiv, you could probably create a data filter on anything that has a critical threshold defined (based on how many words are in the threshold). Or just write a script to dump the CSV lines that match the critical threshold pattern. It may take a while to execute :). I just tried it with HTML (by mistake) and the page started to render, then crashed the tab.
  15. You should be able to add the property to a custom column, but in my case it ends up with no data. In my case, I use the friendly name as the instance name if possible, otherwise the thumbprint, so my friendly names show in the report. I can't show auto.windowscerts.dnsnames, though. Report adds it as a column, but no values show. Seems like ILPs are not valid for reports, which feels like a bug to me, though I am sure I will be told it is a feature request :).
  16. Ooh, shiny! Yes, there should be a on/off button to limit to just applicable devices. If you need to find something new, just slide to off.
  17. By report, I assume you mean "alert message"? If so, the property name should work as a token. For me, it was just generally empty so would need to structure the message to account for that as best as possible since there are no conditional output controls like for template systems.
  18. As far as stars, sure. I would probably want a more general option to restrict views to include only technologies we need, though. Following to know when there are updates would be very nice. Right now, it kinda happens in batches :).
  19. I have something like this in Exchange. I did not include the friendlyname in the alert message, but it is there as an ILP and could be used easily. I just found fairly often it was not defined. We have an update pending on this module since we found some certs are refreshed very often (e.g., daily) and need to add code to exclude those from discovery (or at least, from alerting). KPNWGW
  20. I long ago despaired of ever doing anything with LMConfig modules since without OOP and library support, each is provided as a 1000+ line blob. I assume in the backend, developers have a portal-like harness to work in that does not involve editing in the UI as we must. If I ever did try to fix anything, the changes would be wiped on the next update (I have and they are). Exchange makes it a bit more palatable, but with that much code, the safe import process could still be pretty painful. I am much more used to the idea of core overridable features in a library with a profile for each devic
  21. I have been trying to figure out a way to auto-remove categories added by PropertySources when they are no longer applicable (e.g., when something stops being an IIS server, SQL server, DHCP server, etc.). I have found recently this is an annoying problem as PropertySources-added categories live forever until manually removed and the modules cannot subtract AFAIK. OTOH, the method of adding a category is undocumented -- I only know about it from review of modules provided by LM, so perhaps there is a method that interprets a negation operator (like !) to remove the listed category? I can
  22. I hoped since ArubaOS-CX is similar to HPE Procurve, I could just use the existing ConfigSource, but it times out in discovery. I am generally willing to jump in and code solutions, but the current from-scratch monolithic coding methodology used for ConfigSources makes it effectively impossible for regular folks to do, so.... please add a new ArubaOS-CX module or extend HPE Procurve to support that flavor. I have a pair of 8320's not yet in production I am able to get developers into.
  23. weather is in there, which would be fine. My recollection was that OWM was free for basic access with a query limit, and the query limit could be kept to with the new caching feature so I will definitely revisit it now. Found it: 60 calls/minute 1,000,000 calls/month It sounds like a lot, but without caching.... yeah :).
  24. Exactly, I just stopped since I did not want to sign up for a much larger account than needed. I think there are other attributes I wanted to track, like precipitation, but pretty much that was put off since I could not restrict calls to once per zip code for each hour or so. We used to get that information (using caching) with Nagios from the Wunderground API and insert detail into alerts via our notification templating system. My philosophy has always been to include as much relevant information in alerts as possible to support Lazy Admin mode. A bit harder to do here without conditional