Michael Rodrigues

LogicMonitor Staff
  • Content Count

  • Joined

  • Last visited

Everything posted by Michael Rodrigues

  1. Michael Rodrigues

    Generic RSS EventSource

    @Nikolay you should be able to get it with this locator: GZAYPF
  2. Michael Rodrigues

    Generic RSS EventSource

    This is a generic RSS EventSource. Set rss.url on a host with an RSS URL and it will start monitoring it. Of course, for an LM EventSource your events must include key/value pairs for "happenedOn" and "message". If your RSS feed doesn't use these keys, you can override them with the rss.event.map property. For example, if the event timestamp is labelled pubDate and the event message is labelled title you can use happenedOn:pubDate,message:title for your rss.event.map property. You can also use rss.event.map to add other attributes. Locator: YHM79Y Feel free to clone/rename the EventSource if you want more context in the name.
  3. Michael Rodrigues

    TCP Syslog?

    Hey @mnagel, I don't have any Cisco reference to this issue on other devices, but we've seen it reported on other devices. But yes, essentially syslog4j does not fill the hostname field in as described in the RFC, it just fails to parse the message. We modified to do what's described in the RFC; we were not in compliance with it previously. So, there's no hard requirement that you send us RFC compliant messages, but if syslog4j can't parse them, they won't work in LM until we patch it. When we told you "it's not working because it's not RFC compliant", we probably should have said "our implementation can't currently handle it, but we'll fix it".
  4. Michael Rodrigues

    Datapoint - Metric type - counter - without "rate/sec math"

    Hey @jamiemurphyit, no plans currently. I understand your frustration with the rounding, as I've used this workaround myself. I haven't heard many users asking for this. Do you mind if I ask for more details about your use case for this?
  5. Michael Rodrigues

    TCP Syslog?

    Hey @mnagel, my understanding is that neither RFC allows for a message lacking the hostname, which is what we were seeing with lots of Cisco syslog. They seem to admit as much: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc35989 We use syslog4j under the hood to parse messages. It could not parse them out of the box, so we modified it to handle Cisco's syslog. RFC compliant or not, we can't reasonably not support syslog for one of the largest network vendors in the world. The graylog project did essentially the same thing to handle Cisco and Fortinet syslog. As for the field limitations, I need to do some more reading. I realize you have another solution, but I'd still like to improve what we have.
  6. Michael Rodrigues

    Collector 27.005 breaks MySQL v5 monitoring

    Hey @Mosh, sorry you had to deal with this. I didn't see a support ticket from you, but you should hear from them or your CSM shortly. We're looking at this on our end, I'll update this ticket when I know more.
  7. Michael Rodrigues

    TCP Syslog?

    @mnagel we did fix an issue with Cisco sending syslog that wasn't RFC compliant in 27.600. I don't have any info about TCP syslog currently, but I can talk to the collector team.
  8. Michael Rodrigues

    DPM (Data Protection Manager)

    @sawyer.lef it should be out of security review now. Sorry for the delay.
  9. Michael Rodrigues

    Windows Server 2019 Support

    Hey @sotog, we do support Windows Server 2019 for both the Collector, and general monitoring.
  10. Michael Rodrigues

    Groovy Expect Scripting -- "]$" prompts

    @Joe Tran you were close, you should be able to match it with this: '\\[.*\\]\\$' The expect() method actually takes a Java Pattern which is compiled down to a Regex object. You can see if your Pattern converts to the expected Regex by using: println Pattern.compile('yourpatternstring') We should really add a method that takes a plain old regex, sorry for any confusion. Let me know if the above doesn't work for you.
  11. Michael Rodrigues

    How to calculate IOPS in my dashboard

    Hi @Archana, if you have total read/writes for 2 minute intervals, you should be able to make a graph with a Virtual DataPoint that divides reads and writes by 120 to get average IOPS for those intervals.
  12. Michael Rodrigues

    497 days and counting........

    Hey @Kwoodhouse, sorry for the confusion. The fix does rely on your host reporting system uptime as defined in the Host Resources MIB (specifically, hrSystemUptime at . If that doesn't OID doesn't return anything, we fall back to using snmpEngineTime. This isn't necessarily the uptime of the system, but rather the uptime of the snmp agent, and it will reset with the agent even if the system does not reboot. The fix was never ported to the module that retrieves Engine Uptime, but it should be easy enough to do. I've put a fix in with the ME team to get this done. I did go ahead and update the alert message in the meantime. Thanks for bringing this to our attention!
  13. Michael Rodrigues

    Issues With Creating A Datasource

    Taking Mike's advice, you might just try swapping out your filter string with the URLEncoded version: "startEpoch%3E%3A1538370000%2CendEpoch%3C%3A1541048399%2Ccleared%3A*"
  14. Michael Rodrigues

    SNMP Trap Event Consolidation

    Reviving an old thread, but we're currently reevaluating EventSource suppression logic. Some of the other EventSource types already use a timeout like mechanism to avoid duplicates, but we don't do anything like that for SNMP traps. The general idea right now is to let the user decide which duplicate fields indicate a duplicate event, and suppress anything within the "effective interval" of the original alert. I think it makes sense to have the timer reset logic be optional. I also like the idea of providing more visibility on how many events were suppressed. We've also had a fair number of requests for a mechanism like the DataSource "trigger interval", where we only trigger an alert if we see the same event N times in the interval. Anyways, any additional feedback is appreciated.
  15. Michael Rodrigues

    What Is My IP as found from a Google search

    @wanabeninja@helient it should be out out of the review holding cell now. I can't imagine Google would have done anything to break this. It works for me. Those hosts/customers aren't behind the same NAT gateway, are they? Or using a shared proxy? Have they tried other sites that do this to see if they get the same result? I was always partial to ifconfig.me, and ipchicken.com, though please don't take that as an official LM endorsement :).
  16. Michael Rodrigues

    497 days and counting........

    @Kwoodhouse the one that includes the fix is SNMP_HostUptime_Singleton. It requires the addCategory_snmpUptime PropertySource to work without manual intervention. "HostUptime-" (no space) is deprecated and no longer in core. Unfortunately there's no way for you to get that information in your account currently. SNMPUptime and SNMP_Engine_Uptime- are more or less duplicates. They both get the uptime for the agent, not the host. This seems to be an oversight. Originally, we just looked at the uptime counter with a gauge datapoint. If the value indicated uptime of less than 60 seconds, we'd alert. Of course, this happens during a counter wrap. To fix it, we started tracking the uptime counter with a counter. Given that the rate of time is constant, we should always see the rate of 100 ticks/second coming back from the counter datapoint if the host hasn't been rebooted. The logic in the UptimeAlert CDP looks at both that tick rate, and the raw uptime to determine if the host has rebooted, or the counter has just wrapped. If it's just a counter wrap (no reboot), we'll see 100 ticks/second, even if we see less than 60 seconds of uptime with the gauge. If it's rebooted, the UptimeCounter datapoint could return either No Data (counters need 2 consecutive polls), or, it will return a huge value because no polls were missed, and LM assumed the counter wrapped when it was really reset due to reboot. This is explained in the datapoint descriptions, but is admittedly a bit difficult to grok without an intimate understanding of how LM's counter/derive work. I do still think it's a rather ingenious solution. We use "102" instead of "100" ticks/second in the CDP to avoid false positives, as the collection interval isn't always exactly a minute. I recommend this blog if you're interested in learning more about counter/drive: https://www.logicmonitor.com/blog/the-difference-between-derive-and-counter-datapoints/ I will talk to the Monitoring team about removing some of those duplicates, and getting a public document up explaining it all.
  17. Michael Rodrigues

    DataSources_List PropertySource

    @pperreault it should be out of security review now.
  18. Michael Rodrigues

    Monitor File System - extend the built in UNC monitor

    This module should be out of security review now.
  19. Michael Rodrigues

    VMware VSAN

    We have some vSAN LogicModules in the pipeline but we've been waiting to complete and release them until we after we release our update for the base VMware modules. There isn't currently a plan to pull the vCenter-defined alerts through directly. We'd prefer to pull the metrics out and define the alarms within LogicMonitor to avoid noise and allow configuration within the product. That being said, if there's enough interest in just pulling VMware's alarms through we can look at that too.
  20. Michael Rodrigues

    Scripts for deleting datasource instances

    Hey @BrianG, you're talking about device instances, right? If they share a common property or name you can make a Dynamic Group that holds them all, then deletes that group. When you delete it, you can delete the devices from the account along with it.
  21. Michael Rodrigues

    DNS Domain registration expiry

    @Mike Graham, try this updated version: 37WCMA
  22. Hi @Archana, check Visual Average for the general trend over the month. Given you're looking at CPU usage, it's probably also worth taking a look at the VaST version to see if you're getting lots of spikes. You won't see the spikes with Visual Average, but it will be harder to see the trends in VaST view.
  23. Hi @Archana, I think we do what you're looking for, but the feature is sort of hidden. Open the expanded graph, then expand the instances pane at the bottom. On the right side of the instance pane, there's another downward pointing arrow. If you click on that arrow and select "Show Boundaries' you'll see min/max/avg for each instance for the selected time range. You may have to aggregate instances into one to get the average across multiple instances.
  24. Hi @Archana, there's a great blog entry about VaST here: https://www.logicmonitor.com/blog/vast-opportunity-with-logicmonitor/ Generally, you'll want to go with VaST when you're looking at a longer time frame, and if you're concerned about seeing peak utilizations that would otherwise be hidden with "visual average". The visual average option is better when you're just looking for trends.
  25. Michael Rodrigues

    Cisco EIGRP Peers

    Hey @Richard Collisn, thanks for this, we'll include this fix in the version in core.