Kerry DeVilbiss

LogicMonitor Staff
  • Content Count

    99
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About Kerry DeVilbiss

  • Rank
    Community All Star
  • Birthday March 9

Recent Profile Visitors

896 profile views
  1. Kerry DeVilbiss

    NetApp dashboard

    @mnagel - thanks for the catch - updated the published JSON, appreciate it!
  2. Kerry DeVilbiss

    NetApp dashboard

    @Tanvir - I just published an example, as well - uses the latest versions of all the NetApp Cluster datasources. https://github.com/kdevilbiss/Dashboards/blob/master/NetApp.json
  3. @Thangadurai - you might take a look at our External Alerting feature - it has the ability to send alerts from a collector to an external resource (like Splunk.) I don't know how selective you are trying to be, so this might be overkill, but take a look! Cheers, Kerry
  4. Kerry DeVilbiss

    Integration with Autotask - Ticket Closure

    @Simon - I would reach out to our chat support for assistance on this.
  5. Kerry DeVilbiss

    Taking automated actions on alerts

    @Mike Moniz - sounds like maybe you've seen this - one of my colleagues wrote a scripted datasource that looks for stopped services, tries to restart them, and then reports back to LogicMonitor. (Which is nice, but not ideal as you've highlighted above.) There are no limit to the amount of integrations you can have, but our custom webhooks come from the SaaS portal, so getting "back to the device" is one of the major challenges here. We've tossed around the idea of sending webhooks to an orchestration tool that is accessible from the internet, but then we're just adding layers of complexity (and it's a hard strategy to officially endorse from the LM side.) I will offer that Actions are currently on our roadmap for the end of this year/ beginning of next year, so hopefully we'll see some officially productized functionality in this area in that timeframe. Cheers, Kerry
  6. Windows Server Core and (the free) Hyper-V Server Core are GUI-less versions of Windows that can be administered remotely with GUI tools. We've recently seen an uptick in requests for deployment of the collector to these platforms, as Windows introduces a lot of overhead with the addition of the GUI; the other compelling reason to go this route being that Hyper-V Core is a free license of Windows from Microsoft (similar to the free flavor of ESXi, only it can run a Windows collector!) Microsoft Documentation: Managing a Server Core Server Configure Server Core with the SConfig command Option A: Remote Desktop Install Establish a remote desktop session to the Server Core server using the instructions provided by Microsoft. Within the standard Command shell, type the word "PowerShell" to load a PowerShell session. Add a new (Windows) LogicMonitor Collector in your portal, and select the PowerShell command instead of the download. Paste (and run) the PowerShell command into the open PowerShell windows within the Remote Desktop Session on the Server Core server. You'll see a message indicating that the download has started, and after some time, the normal InstallShield Wizard will launch as expected. Complete the collector account configuration and proceed as you would with an OS with a GUI. Collect on! Additional methods are certainly possible (Windows Admin Center, Remote PowerShell, more?) and as I have a chance to test/ validate, I will continue to update this post.
  7. @Simon O'Sullivan, You can still use AppliesTo to make a dynamic group and pull all the devices missing those properties into the group, using the following example: isCisco() && !(ssh.user) && !(ssh.pass) This should get you all Cisco devices that don't have both of the SSH credential pieces set. Hope that helps! Let me know if you have any questions or concerns... Best, Kerry
  8. Pi-hole is a network-level, advertisement and internet tracker blocking, caching and forwarding DNS sinkhole, and optionally a DHCP server, intended for use on a private network. The latest versions of Pi-hole expose an API that allows you to track key performance indicators of Pi-hole performance. I'm publishing the following materials for Pi-hole as I used it on my local network at home: PropertySource that automatically identifies Pi-hole servers based on HTTP response and adds the category "Pi-hole" to the device. addCategory_pihole has a LogicMonitor locator code of G4J6RY DataSource that monitors the Pi-hole and associated statistics on a LogicMonitor device with the system.category of "Pi-hole." DNS_Server_Pihole_Summary has a LogicMonitor locator code of 43WHXH Dashboard that utilizes the DataSource to approximate the look and feel of the metrics provided by Pi-Hole itself. Pi-hole Dashboard is available in my own personal Github account.
  9. Kerry DeVilbiss

    Time series database

    @Shraddha - the retention period of data in your account is determined by the package your company is signed up for - our Enterprise plans have two years of data retention, and our Pro plans have one year. In terms of seeing that historical data, you can either adjust the time range on a device graph, or on a dashboard graph, or possibly pull it from the API. Hope that helps! Best, Kerry
  10. Kerry DeVilbiss

    MAP widget for websites

    Hi @Nelson, Thanks for the suggestion - I forwarded it on to our product team for review. The 'Feedback' button within the support area of your portal also goes directly to our product team (which makes it even easier,) in case you have more requests! Cheers, Kerry
  11. Kerry DeVilbiss

    Monitor Firewall State

    Hey @joshlowit1, This one is a little trickier than it appears at first glance - firewall profile status/ activity isn't available through WMI, which leaves us with the command line - and PowerShell - meaning we need to do some scripting. There are a couple of relevant commands that return some information from Windows: netsh advfirewall show currentprofile (Command line) Get-NetFirewallProfile (PowerShell) I whipped up a quick PowerShell-based batchscript DataSource you can start with - it uses Get-NetFirewallProfile to determine if the firewall profiles are enabled - but unfortunately not if they are "connected." This ought to cover your use case though - if you have the profiles disabled for Domain, Public, and Private, and one becomes enabled (regardless of connection status,) this module should alert. (See the bottom of the post for a graphic that helps explain this confusing terminology.) Windows_Firewall_ProfileStatus has locator code CP6KLA and should be available for import as soon as I run it past our monitoring team. Let me know if you have any thoughts - it's a good bet that someone out there can integrate the "connected" profile piece with the enabled ones - with a little more work on the scripting side... Cheers, Kerry NB: Here's the "collection" half of the DataSource for those interested - because we can monitor Windows both through integrated (and not) authentication, you'll notice that we use one of two different PowerShell remoting methods based on the presence of manually-defined credential properties: #LogicMonitor PowerShell Script Template 5.0 #If present, ingest hostname and credentials from LogicMonitor device properties. $hostname = '##SYSTEM.SYSNAME##'; $wmi_user = '##WMI.USER##'; $wmi_pass = '##WMI.PASS##'; #Are WMI credentials set? (Are the device properties unused or empty?) if ( (($wmi_user -like '*WMI.USER*') -and ($wmi_pass -like '*WMI.PASS*')) -or (($wmi_user -eq '') -and ($wmi_pass -eq '')) ) { $use_credentials = $FALSE; $method = "Invoke-Command"; } else { #Convert username + password into a credential object for non-integrated domain authentication $use_credentials = $TRUE; $method = "Import-PSSession"; $remote_pass = ConvertTo-SecureString -String $wmi_pass -AsPlainText -Force; $remote_credential = New-Object -typename System.Management.Automation.PSCredential -argumentlist $wmi_user, $remote_pass; } #If we found credentials above, we will use them. if ( $use_credentials ) { #Establish a persistent remote PowerShell session from the collector to the device $session = New-PSSession -ComputerName $hostname -Authentication kerberos -Credential $remote_credential; #Import the remote PowerShell session and limit the amount of commands to import for efficiency Import-PSSession $session -CommandName Get-ADDomainController -AllowClobber | Out-Null; #Execute proxied remote commands on the local collector $profiles = Get-NetFirewallProfile -PolicyStore ActiveStore forEach($profile in $profiles) { $name = $profile.Name $enabled = $profile.Enabled switch($enabled) { "True" {$enabled = "1"} "False" {$enabled = "0"} } Write-Host $name".Enabled="$enabled } Remove-PSSession $session Exit } #If we did NOT find credentials above else { #Attempt integrated authentication using collector service account in the absence of credentials. Invoke-Command -ComputerName $hostname -ScriptBlock { #Execute remote commands remotely and capture the output $profiles = Get-NetFirewallProfile -PolicyStore ActiveStore forEach($profile in $profiles) { $name = $profile.Name $enabled = $profile.Enabled switch($enabled) { "True" {$enabled = "1"} "False" {$enabled = "0"} } Write-Host $name".Enabled="$enabled } } Exit } Exit Windows Firewall example: (Domain Profile = Disabled, Connected. Private = Enabled, Not Connected. Public = Enabled, Not Connected. The above datasource will alert on the instances for the Private and Public firewall profiles, as they are both enabled, regardless of connection status.
  12. Hey @Roland Banks, That should be possible - the commands listed there are mostly Groovy methods that have been added on by LogicMonitor, which doesn't necessarily mean we're locking down Groovy capabilities in other ways. If you happen to own the LM Config add-on, there's an example of a Groovy script logging in via FTP and pulling the contents of a file: import org.apache.commons.net.ftp.FTPClient import org.apache.commons.net.ftp.FTPReply def host = hostProps.get("system.hostname"); def port = hostProps.get("ftp.port") ?: '21'; def user = hostProps.get("ftp.user"); def pass = hostProps.get("ftp.pass"); def client = new FTPClient() client.connect(host, port.toInteger()) // After connection attempt, you should check the reply code to verify // success. def reply = client.getReplyCode(); // Did we get a positive completion reply? if (!FTPReply.isPositiveCompletion(reply)) { // no, disconnect client.disconnect(); println "FTP server refused connection."; return 1; } // Connection looks good, login client.login(user, pass) // Create a BAOS to store the file contents ByteArrayOutputStream baos = new ByteArrayOutputStream() // Retreive the file client.retrieveFile("##WILDVALUE##", baos) // Log out and disconnection from the server client.logout() client.disconnect() // Print the contents of the file from the BAOS. println baos return 0; Hope that helps! Cheers, Kerry
  13. Kerry DeVilbiss

    Fixing device hostnames after being populated

    @Dan_Wood - depending on your level of scripting comfort, I have a Python script you can use that will use the LogicMonitor API to pull device property 'system.sysname' and rename the device Display Name to that property... Let me know if you're interested and I can clean it up and post it here... *Update - someone posted similar functionality here:
  14. Kerry DeVilbiss

    Microsoft Teams

    Issue Microsoft Teams is Microsoft's offering in the collaboration tools/ group chat space. Much like Slack or other similar tools, they provide an API interface for posting alerts to a Microsoft Teams channel. Resolution Screenshots of some of these steps are available down below after the code blocks. - Add a new Custom Webhook Integration into LogicMonitor. - "Use different URLs or data formats to notify on various alert activity." - Insert the relevant payloads from the code sections below into each of the custom webhook stages. - Once you've setup the Integration, you'll need to get the webhook URLs from Microsoft Teams as follows: -- Right-Click on the channel you want to be the destination for alerts, and select 'Connectors' -- From the Connectors screen, select "Incoming Webhooks" -- Configure a name for the incoming webhooks (LogicMonitor Alerts isn't a bad one) -- At the end of this configuration, they'll provide you with a URL that looks something like this: --- https://outlook.office.com/webhook/c23bf412-1ded-4d65-97c6-7187d4626894@b2770e96-450d-4a74-bf3b-f2b77eb337e9/IncomingWebhook/b99a46adc48745e19b9a3535f0be462a/48eb6267-4d62-4ebc-bc4a-33340fce7bcc --- If you are setting up just one room in Teams - add the URL given by Teams to each of the webhook calls in LM. -- If you want to send alerts to different rooms you can use a tokenized version of the URL instead of setting up a new integration for each room. Use the following steps to create the tokens, or you are setting up just 1 room skip to the next step. --- https://outlook.office.com/webhook/##TEAMS.WEBHOOK##/IncomingWebhook/##TEAMS.INCOMINGWEBHOOK## (This will be the URL endpoint for each of the webhook calls in LM) --- You are going to need to extract (2) pieces of information from the URL given by Teams: --- The value in between /webhook/ and /IncomingWebhook - in this case, c23bf412-1ded-4d65-97c6-7187d4626894@a2770e96-450d-4a74-bf3b-f2c77eb337e9 - this will be set as device/group property 'teams.webhook' --- The value of everything AFTER /IncomingWebhook - in this case, b99a36adc48745e19b9a3535f0be462a/48eb6267-4d62-4ebc-bc4a-33340fce7bcc - this will be set as device/group property 'teams.incomingwebhook' --- Set those properties at the root of the LogicMonitor account (or wherever appropriate,) so that all the devices can pull that token into the alert delivery. That should be it! Setup an escalation chain with your Integration, and set up Alert Rules for your escalation chain. Active Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "ff0000", "sections": [ { "startGroup": true, "title": "LogicMonitor Automated Alert Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Escalated Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "ffcc00", "sections": [ { "startGroup": true, "title": "LogicMonitor Alert Update Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Acknowledged Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "003366", "sections": [ { "startGroup": true, "title": "LogicMonitor Acknowledgement Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Cleared Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "33f449", "sections": [ { "startGroup": true, "title": "LogicMonitor Alert Clear Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Custom Webhook Overview Teams Channel Connectors Incoming Webhook Connector
  15. Kerry DeVilbiss

    Microsoft Teams

    Hey Guys, Give me a couple hours to see if I can't make our instructions publicly accessible today - I can see now there's plenty of demand and we've had another go at cleaning them up so I will see what I can't get posted. Have a couple meetings this morning but can follow up a bit later. Appreciate the patience ... ! Best, Kerry