Mike Moniz

  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Mike Moniz

  1. Just to keep in mind and for others searching the forums, Host Status will tell you if a device stop responding to the collector, not necessarily if the server rebooted. It's possible you can get a host down alert due to something like a network issue, especially if you have to monitor over a vpn connection. The Uptime check can be used to alert on real reboots since it reports the time since the last reboot and you can alert if the uptime is less then X seconds for example. This can also catch situations where you VM reboots very quickly (< 1 minute) where it's possible monitoring will not even catch it. But in your case, it does sound like you want to have fast notification on system not responding, regardless of cause. So even something like a fast Ping check would work. Just keep in mind that you can get false positives if you are too aggressive. Also since you are talking about an SFTP server, you might want to add a specific check that tests the SFTP server more directly. Might want to check http://blog.mikesuding.com/2017/04/08/monitor-sftp-site-connection-and-login/
  2. I'm looking at options to provide the external IP address that a device has. Basically I would normally query a WhatIsMyIP.net like service to get the external IP address, but I'm wondering if LogicMonitor provides a simple webservice on *.logicmonitor.com that can provide the external IP so I don't have to worry about getting a 3rd party site whitelisted with our customers?
  3. It will rely on ICMP and other things too... "...the idleinterval datapoint within the HostStatus DataSource measures the amount of time in seconds since the LogicMonitor Collector was able to collect data from your host via built-in collection methods (SNMP, Ping, WMI, ESX, etc.)... Note that data collected by script DataSources does not affect the value of the idleinterval datapoint." https://www.logicmonitor.com/support/logicmodules/datasources/creating-managing-datasources/host-status-host-behavior/
  4. You can nest if's together in the same kinda way you do in Excel. This is just off the top of my head and untested, but you would do something like: if(snmpDown,1,if(un(upTime),0,1))
  5. Check the system.collectordesc property on the INFO tab for that device and make sure it's pointing to a valid working Collector. If it's not, then Manage the device and change the collector assignment there. Either way if this device use to be a collector, then you likely want to remove the "collector" category also.
  6. That's the basic idea. You can't make complex datapoint via groovy so snmpDown would be a normal datapoint which you can then refer to it in PeerDown. Also I think you can just wrap the snmp.get/walk line or section in a try/catch and that will let you know the snmp request failed.
  7. That is my understanding too, LM has server-side logic to declare a device dead after 6 minutes (but Host Status will alert after 5min), so any alerts that occur before those 6 minutes will cause notifications. PeerDown is using the un() function so it's specifically looking if it's NaN or not. I don't know how this particular DataSource or Cisco EIGRP works so I'm not clear if upTime can tell the difference between peer down or switch down, there might be a trick to do so. But in a more generic solution and since this is a script based DataSource, I likely would add a new DataPoint and code for something like snmpDown that reports 1 if snmp isn't working (aka device will be dead soon) and then modify the PeerDown to also check if snmp is working before alerting.
  8. heh, still looking for that key-value store huh? :)
  9. I keep forgetting that is even an option. Are there good use cases for setting instance level properties I should be aware of?
  10. Good point, I can't confirm there was groovy datasources at the time. WinCPU switched to using groovy somewhat recently, likely after my tests.
  11. That is interesting because I tested something like that previously (I wanted to see what Windows SNMP can provide without WMI) but I had added the device to a group that had bad wmi properties pre-setup so it never had wmi working. Perhaps it's cached good creds? Can you try restarting the collector? Also you are setting the cred properties on the device you want to use the creds on? Not the collector device itself.
  12. Oh, I'm bookmarking that link! It looks like there is an option for open(Host,user,pass), although I wouldn't suggest doing that though since that breaks convention. https://www.logicmonitor.com/support-files/javadocs/28606/com/santaba/agent/groovyapi/win32/WMI.html#open(java.lang.String,java.lang.String,java.lang.String)
  13. Make sure you are providing the domain within the username if that applies, for example wmi-user = "Domain\Username".
  14. I suspect that the WMISession class automatically uses the wmi.* properties when it exists. I suggest you reach out to your rep or talk with support.
  15. You can change the frequency of the ping check by modifying the Collect Every field for the PingMulti- DataSource, if you want to change it globally. I don't believe you can change the number of pings without switching to scripts. I believe it's hardcoded to send 10 pings (unless it's in some collector config somewhere). You would want to send multiple pings like that though so you get a more precise packet loss datapoint though.
  16. Cool, let me know if they do. Feel free to mention the tickets/feed I provided. We had a lot of back-and-forth on replicating the issue and those have notes direct from development about the situation.
  17. Oh yes, we have a process to check/remove them every week. It's caused by LogicMonitor add device wizard when you enter in properties there. We pretty much avoid the wizard now. LM tries to be "helpful" by adding those properties to root. This is something we have brought up to LM over the years (tickets 76322, 88632, 108961, FEED-2277) but LM never changed it. As an MSP it becomes a problem since we have lots of customers in one portal, so never want anything on root and sometimes it get inheritied. LM suggested we just add fake values. LM seems to be putting more focus on MSPs these days, but either way I suggest reaching out to your rep about this issue.
  18. I don't think this is a good idea but if the collector does limited work... Most (all?) of the WMI checks will take credentials via the wmi.user and wmi.pass, so perhaps you can flip it around: Setup the LogicMonitor windows services to use the SQL account but then add the wmi.* properties with the monitoring service account details. Still think it's a bad idea, would suggest 2 collectors also, but perhaps if the situation is very limited it might make sense. This is something that is also useful when you are dealing with multiple AD domains.
  19. So WinSQLServer- DataSource doesn't use WMI but uses PERFMON. Looking at the bottom of the screenshots you can see it got "NaN" for several items. I can't speak for SQL directly but many times when I see perfmon issues in windows, it usually due to the counters missing on the system itself and that you need to repair them. I would google something like "perfmon mssql counters missing" and try reviewing some of the items listed there.
  20. Try using the /device/groups/{gid}/properties/{name}/ endpoint.
  21. To provide some more generic information when you see "No Data" on the resource page... The first thing I suggest you do is go to the Raw tab and use Poll Now. This actually can provide a lot of useful troubleshooting information. It will show what it attempted and the output or results. If you post a screenshot of it, we might be able to help out. You might want to block/blur out any sensitive information though.
  22. When you create a new Datasource you will have the option to check a "multi-instance" box. You can't easily change it after creating the DataSource as it's greyed out in the UI. You can either export and edit the XML directly or best to just create a new DataSource with that option enabled and copy over the settings/script. Once you enable that option you can optionally choose to use an Active Discovery script or not. If you disable this option, then you can use "add monitoring instance" on the device (resource tab) to manually add instances. If you enable Active Discovery, you can automate the addition of customer instances, assuming you have a source list you can query. Note that using BatchScript is generally more efficient than using plain Script when it can be used. Side note. It sounds like you might be an MSP? Keep in mind that DataSources will always run on the collector systems. So you don't want to collect data for one customer from another customer's collector. Best to do something like that from a collector you directly own. Unless by "customer" you mean your customer's customer.
  23. Use the Reports section? ;) It does seem LM is not that strong in the reporting department. Something like that you may want to either write a script to get the details from the LM API or put in a feature request for a more detailed report. In our case, all our alerts go to our ticketing system so we tend to do reporting from that instead.
  24. Mike Moniz


    I'm not familiar with Kibana but the Collector logs are stored by default at c:\Program Files (x86)\LogicMonitor\Agent\logs\ but these log files are meant for troubleshooting collector problems. They are not meant (and may not contain) any performance/alerting data from your monitored devices. LogicMonitor is a cloud PaaS monitoring solution so all the monitoring data is kept and stored within the LogicMonitor portal on the cloud, not in your on-prem devices. If you need to independently process or visualize performance data that LogicMonitor is collecting, you likely need to export it via one of LogicMonitor's built in reports or use the REST API.
  25. I wasn't aware (or wasn't at the time) of that suggested best practice back when we started using LM 4+ years ago, but also not sure how well that works over the long term if you change enough stuff, I worry that this end up forking any non-trivial changes DataSources from the repo so you can miss any bug fixes or improvements. Also you can end up with stuff like multiple copies of the same DataSource with slight changes or per-customer (for MSPs), although you can plan ahead a bit to mitigate that. The category assignment is easy and minimal change that is easy to verify and mark as audited, imho. But then again we spend a lot of time auditing changes too, the new LM Exchange should improve that. The new LM Exchange seems to be geared towards people modifying the original DataSource anyway since it seems to separate items like AppliesTo and thresholds. The whole GIT pull thing is very interesting although I expect that wouldn't scale well.