mnagel

Members
  • Content Count

    484
  • Joined

  • Last visited

  • Days Won

    81

Everything posted by mnagel

  1. Have you tried the alert threshold report? You cannot be very granular in which type of threshold you select, but if you export to CSV and open with Excel or equiv, you could probably create a data filter on anything that has a critical threshold defined (based on how many words are in the threshold). Or just write a script to dump the CSV lines that match the critical threshold pattern. It may take a while to execute :). I just tried it with HTML (by mistake) and the page started to render, then crashed the tab.
  2. You should be able to add the property to a custom column, but in my case it ends up with no data. In my case, I use the friendly name as the instance name if possible, otherwise the thumbprint, so my friendly names show in the report. I can't show auto.windowscerts.dnsnames, though. Report adds it as a column, but no values show. Seems like ILPs are not valid for reports, which feels like a bug to me, though I am sure I will be told it is a feature request :).
  3. Ooh, shiny! Yes, there should be a on/off button to limit to just applicable devices. If you need to find something new, just slide to off.
  4. By report, I assume you mean "alert message"? If so, the property name should work as a token. For me, it was just generally empty so would need to structure the message to account for that as best as possible since there are no conditional output controls like for template systems.
  5. As far as stars, sure. I would probably want a more general option to restrict views to include only technologies we need, though. Following to know when there are updates would be very nice. Right now, it kinda happens in batches :).
  6. I have something like this in Exchange. I did not include the friendlyname in the alert message, but it is there as an ILP and could be used easily. I just found fairly often it was not defined. We have an update pending on this module since we found some certs are refreshed very often (e.g., daily) and need to add code to exclude those from discovery (or at least, from alerting). KPNWGW
  7. I long ago despaired of ever doing anything with LMConfig modules since without OOP and library support, each is provided as a 1000+ line blob. I assume in the backend, developers have a portal-like harness to work in that does not involve editing in the UI as we must. If I ever did try to fix anything, the changes would be wiped on the next update (I have and they are). Exchange makes it a bit more palatable, but with that much code, the safe import process could still be pretty painful. I am much more used to the idea of core overridable features in a library with a profile for each devic
  8. I have been trying to figure out a way to auto-remove categories added by PropertySources when they are no longer applicable (e.g., when something stops being an IIS server, SQL server, DHCP server, etc.). I have found recently this is an annoying problem as PropertySources-added categories live forever until manually removed and the modules cannot subtract AFAIK. OTOH, the method of adding a category is undocumented -- I only know about it from review of modules provided by LM, so perhaps there is a method that interprets a negation operator (like !) to remove the listed category? I can
  9. I hoped since ArubaOS-CX is similar to HPE Procurve, I could just use the existing ConfigSource, but it times out in discovery. I am generally willing to jump in and code solutions, but the current from-scratch monolithic coding methodology used for ConfigSources makes it effectively impossible for regular folks to do, so.... please add a new ArubaOS-CX module or extend HPE Procurve to support that flavor. I have a pair of 8320's not yet in production I am able to get developers into.
  10. weather is in there, which would be fine. My recollection was that OWM was free for basic access with a query limit, and the query limit could be kept to with the new caching feature so I will definitely revisit it now. Found it: 60 calls/minute 1,000,000 calls/month It sounds like a lot, but without caching.... yeah :).
  11. Exactly, I just stopped since I did not want to sign up for a much larger account than needed. I think there are other attributes I wanted to track, like precipitation, but pretty much that was put off since I could not restrict calls to once per zip code for each hour or so. We used to get that information (using caching) with Nagios from the Wunderground API and insert detail into alerts via our notification templating system. My philosophy has always been to include as much relevant information in alerts as possible to support Lazy Admin mode. A bit harder to do here without conditional
  12. Nice! I was trying to build out a DS for weather API checks some time back, but I run into the same issue I do with Cisco PSIRT API checks -- no way to cache results short of local files to avoid excessive usage due to duplicate calls. I guess I will just have to see what I can do with local files. Not sure if a SQLite binding is included with the provided Groovy libraries. If not, that could help.
  13. FWIW, here are our catchall rules for those and similar items.
  14. We have standard rules for this that rely on the no-data alert for the uptime datapoint, which otherwise has no alert thresholds. Finding which datapoint is appropriate is harder than it ought to be and I agree a dedicated troubleshooter DS would greatly simplify things. Right now we have several alert rules per client to capture the problem adequately.
  15. It is possible via various methods to setup a limited access read-only account, which we generally try to do, but understood completely regardless. To the extent LM relies on SSH it has been problematic on our systems for various reasons (inadvertently enabling LMConfig is one, lack of public key support is another).
  16. With Exchange should get somewhat better, child accounts should improve. I recommended in a recent UI/UX discussion that it be possible to keep modules in sync via Exchange across multiple child accounts. Without that, they become very painful to deal with. It also seems every year when we renew our agreement, features are disabled without notice on child accounts (I am currently devoting a bunch of coding time to detect that has happened after silently losing LMConfig the third year in a row -- that one in particular I can determine because /setting/configsources returns no results when it h
  17. Last time I considered this, I ended up selecting OneLogin to resolve. I ended up not needing it, but I think it will do the job with domain matching used to select the correct SAML integration. I do agree each client should have a separate SAML profile based on username (e.g., domain part of email address) without paying extra, but that is not possible as it stands. I have been pushing as hard as I can for making MSP handling within LM be more comprehensive. Mark
  18. Not sure how far you want to go, but there is a plugin for Nagios called check_x224 that you could leverage (if for ideas if nothing else). If you want to login fully unattended, I found a few options on that recently in this thread
  19. I just tossed together some code to do the bare minimum for alert rules, which is to validate the module references for each. That turned out to be harder than expected as I quickly realized module matches are based on display name for some and name for others, and the patterns allowed in the module field in rules is not the same as what is handled by the filter API option. Fast forward, now the script checks for any matches on any module properly. Sync'ed this initial version and other script updates to our git repo (https://github.com/willingminds/lmapi-scripts).
  20. Please add an ability to produce an internal crosscheck page. This should include, but not be limited to: misconfigured alert rules (referencing dead modules, modules whose names have changed, etc.) misconfigured widgets in dashboards (referencing dead modules or datapoints, etc.) any other place where string value references are used by UI elements instead of internal IDs, resulting in inconsistent and/or dead references I keep trying to find ways to detect this before our clients do (at the worst time, always). I have some draft code for dead widget detection I came up with vi
  21. I reported this via a ticket a few weeks ago. Here was the response:
  22. We have generally attacked this issue with priority range conventions (so far, each client has been NNXXX where NN is the client number and XXX is the rule number (changing soon to NNXXXX). We have one script for a while to renumber rules into a new range, and we are working on a way to ensure standard rules are in place for all clients. As @Stuart Weenignotes, Alert Rules are one of the monolithic areas for which we cannot delegate access -- having some way to partition them within the existing RBAC mechanism would be welcome (along with other monolithic settings, like escalation chain, etc.
  23. Yeah, presumably this is Groovy, so match code (without ambiguity as I have seen in some modules) would tend to look like property.split(',').contains(value). That said, please please please fix property management in the UI so long strings are manageable. I have many other property-related wishes :).
  24. mnagel

    Doubts

    I have done the same often, with marking those as v3 in our API library module. As far as some of the original discussion, what might help is building out consistent dynamic groups within each customer, which is how we have approached this problem. Then it is always something like Customers/XXX/Automatic Groups/Linux Servers, etc. The input to the script is an array formatted like: { group => 'Windows Servers', appliesTo => 'isClient%s() && isWindows()', }, The key in this is to setup an Applies To function that allows you to identif