Kerry DeVilbiss

LogicMonitor Staff
  • Content count

    91
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Kerry DeVilbiss

  • Rank
    Community All Star
  • Birthday March 9

Recent Profile Visitors

814 profile views
  1. Time series database

    @Shraddha - the retention period of data in your account is determined by the package your company is signed up for - our Enterprise plans have two years of data retention, and our Pro plans have one year. In terms of seeing that historical data, you can either adjust the time range on a device graph, or on a dashboard graph, or possibly pull it from the API. Hope that helps! Best, Kerry
  2. MAP widget for websites

    Hi @Nelson, Thanks for the suggestion - I forwarded it on to our product team for review. The 'Feedback' button within the support area of your portal also goes directly to our product team (which makes it even easier,) in case you have more requests! Cheers, Kerry
  3. Monitor Firewall State

    Hey @joshlowit1, This one is a little trickier than it appears at first glance - firewall profile status/ activity isn't available through WMI, which leaves us with the command line - and PowerShell - meaning we need to do some scripting. There are a couple of relevant commands that return some information from Windows: netsh advfirewall show currentprofile (Command line) Get-NetFirewallProfile (PowerShell) I whipped up a quick PowerShell-based batchscript DataSource you can start with - it uses Get-NetFirewallProfile to determine if the firewall profiles are enabled - but unfortunately not if they are "connected." This ought to cover your use case though - if you have the profiles disabled for Domain, Public, and Private, and one becomes enabled (regardless of connection status,) this module should alert. (See the bottom of the post for a graphic that helps explain this confusing terminology.) Windows_Firewall_ProfileStatus has locator code CP6KLA and should be available for import as soon as I run it past our monitoring team. Let me know if you have any thoughts - it's a good bet that someone out there can integrate the "connected" profile piece with the enabled ones - with a little more work on the scripting side... Cheers, Kerry NB: Here's the "collection" half of the DataSource for those interested - because we can monitor Windows both through integrated (and not) authentication, you'll notice that we use one of two different PowerShell remoting methods based on the presence of manually-defined credential properties: #LogicMonitor PowerShell Script Template 5.0 #If present, ingest hostname and credentials from LogicMonitor device properties. $hostname = '##SYSTEM.SYSNAME##'; $wmi_user = '##WMI.USER##'; $wmi_pass = '##WMI.PASS##'; #Are WMI credentials set? (Are the device properties unused or empty?) if ( (($wmi_user -like '*WMI.USER*') -and ($wmi_pass -like '*WMI.PASS*')) -or (($wmi_user -eq '') -and ($wmi_pass -eq '')) ) { $use_credentials = $FALSE; $method = "Invoke-Command"; } else { #Convert username + password into a credential object for non-integrated domain authentication $use_credentials = $TRUE; $method = "Import-PSSession"; $remote_pass = ConvertTo-SecureString -String $wmi_pass -AsPlainText -Force; $remote_credential = New-Object -typename System.Management.Automation.PSCredential -argumentlist $wmi_user, $remote_pass; } #If we found credentials above, we will use them. if ( $use_credentials ) { #Establish a persistent remote PowerShell session from the collector to the device $session = New-PSSession -ComputerName $hostname -Authentication kerberos -Credential $remote_credential; #Import the remote PowerShell session and limit the amount of commands to import for efficiency Import-PSSession $session -CommandName Get-ADDomainController -AllowClobber | Out-Null; #Execute proxied remote commands on the local collector $profiles = Get-NetFirewallProfile -PolicyStore ActiveStore forEach($profile in $profiles) { $name = $profile.Name $enabled = $profile.Enabled switch($enabled) { "True" {$enabled = "1"} "False" {$enabled = "0"} } Write-Host $name".Enabled="$enabled } Remove-PSSession $session Exit } #If we did NOT find credentials above else { #Attempt integrated authentication using collector service account in the absence of credentials. Invoke-Command -ComputerName $hostname -ScriptBlock { #Execute remote commands remotely and capture the output $profiles = Get-NetFirewallProfile -PolicyStore ActiveStore forEach($profile in $profiles) { $name = $profile.Name $enabled = $profile.Enabled switch($enabled) { "True" {$enabled = "1"} "False" {$enabled = "0"} } Write-Host $name".Enabled="$enabled } } Exit } Exit Windows Firewall example: (Domain Profile = Disabled, Connected. Private = Enabled, Not Connected. Public = Enabled, Not Connected. The above datasource will alert on the instances for the Private and Public firewall profiles, as they are both enabled, regardless of connection status.
  4. Hey @Roland Banks, That should be possible - the commands listed there are mostly Groovy methods that have been added on by LogicMonitor, which doesn't necessarily mean we're locking down Groovy capabilities in other ways. If you happen to own the LM Config add-on, there's an example of a Groovy script logging in via FTP and pulling the contents of a file: import org.apache.commons.net.ftp.FTPClient import org.apache.commons.net.ftp.FTPReply def host = hostProps.get("system.hostname"); def port = hostProps.get("ftp.port") ?: '21'; def user = hostProps.get("ftp.user"); def pass = hostProps.get("ftp.pass"); def client = new FTPClient() client.connect(host, port.toInteger()) // After connection attempt, you should check the reply code to verify // success. def reply = client.getReplyCode(); // Did we get a positive completion reply? if (!FTPReply.isPositiveCompletion(reply)) { // no, disconnect client.disconnect(); println "FTP server refused connection."; return 1; } // Connection looks good, login client.login(user, pass) // Create a BAOS to store the file contents ByteArrayOutputStream baos = new ByteArrayOutputStream() // Retreive the file client.retrieveFile("##WILDVALUE##", baos) // Log out and disconnection from the server client.logout() client.disconnect() // Print the contents of the file from the BAOS. println baos return 0; Hope that helps! Cheers, Kerry
  5. Fixing device hostnames after being populated

    @Dan_Wood - depending on your level of scripting comfort, I have a Python script you can use that will use the LogicMonitor API to pull device property 'system.sysname' and rename the device Display Name to that property... Let me know if you're interested and I can clean it up and post it here... *Update - someone posted similar functionality here:
  6. Microsoft Teams

    Issue Microsoft Teams is Microsoft's offering in the collaboration tools/ group chat space. Much like Slack or other similar tools, they provide an API interface for posting alerts to a Microsoft Teams channel. Resolution Screenshots of some of these steps are available down below after the code blocks. - Add a new Custom Webhook Integration into LogicMonitor. - "Use different URLs or data formats to notify on various alert activity." - Insert the relevant payloads from the code sections below into each of the custom webhook stages. - Once you've setup the Integration, you'll need to get the webhook URLs from Microsoft Teams as follows: -- Right-Click on the channel you want to be the destination for alerts, and select 'Connectors' -- From the Connectors screen, select "Incoming Webhooks" -- Configure a name for the incoming webhooks (LogicMonitor Alerts isn't a bad one) -- At the end of this configuration, they'll provide you with a URL that looks something like this: --- https://outlook.office.com/webhook/c23bf412-1ded-4d65-97c6-7187d4626894@b2770e96-450d-4a74-bf3b-f2b77eb337e9/IncomingWebhook/b99a46adc48745e19b9a3535f0be462a/48eb6267-4d62-4ebc-bc4a-33340fce7bcc --- If you are setting up just one room in Teams - add the URL given by Teams to each of the webhook calls in LM. -- If you want to send alerts to different rooms you can use a tokenized version of the URL instead of setting up a new integration for each room. Use the following steps to create the tokens, or you are setting up just 1 room skip to the next step. --- https://outlook.office.com/webhook/##TEAMS.WEBHOOK##/IncomingWebhook/##TEAMS.INCOMINGWEBHOOK## (This will be the URL endpoint for each of the webhook calls in LM) --- You are going to need to extract (2) pieces of information from the URL given by Teams: --- The value in between /webhook/ and /IncomingWebhook - in this case, c23bf412-1ded-4d65-97c6-7187d4626894@a2770e96-450d-4a74-bf3b-f2c77eb337e9 - this will be set as device/group property 'teams.webhook' --- The value of everything AFTER /IncomingWebhook - in this case, b99a36adc48745e19b9a3535f0be462a/48eb6267-4d62-4ebc-bc4a-33340fce7bcc - this will be set as device/group property 'teams.incomingwebhook' --- Set those properties at the root of the LogicMonitor account (or wherever appropriate,) so that all the devices can pull that token into the alert delivery. That should be it! Setup an escalation chain with your Integration, and set up Alert Rules for your escalation chain. Active Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "ff0000", "sections": [ { "startGroup": true, "title": "LogicMonitor Automated Alert Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Escalated Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "ffcc00", "sections": [ { "startGroup": true, "title": "LogicMonitor Alert Update Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Acknowledged Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "003366", "sections": [ { "startGroup": true, "title": "LogicMonitor Acknowledgement Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Cleared Alerts: { "@type": "MessageCard", "@context": "http://schema.org/extensions", "summary": "LogicMonitor Alert", "themeColor": "33f449", "sections": [ { "startGroup": true, "title": "LogicMonitor Alert Clear Notification", "activityImage": "http://www.logicmonitor.com/wp-content/uploads/2015/07/LM_Logo_Circle_Indigo_300px.png", "activityTitle": "Group: **##GROUP##**", "activitySubtitle": "##LEVEL## Alert received: ##ALERTID##", "text": "LogicMonitor Alert Details", "facts": [ { "name": "Group", "value": "##GROUP##" }, { "name": "Host", "value": "##HOST##" }, { "name": "Datasource", "value": "##DATASOURCE##" }, { "name": "Datapoint", "value": "##DATAPOINT##" }, { "name": "Threshold", "value": "##THRESHOLD##" }, { "name": "Value", "value": "##VALUE##" }, { "name": "Duration", "value": "##DURATION##" }, { "name": "Start", "value": "##START##" }, { "name": "Alert URL", "value": "##AlertDetailURL##" }, { "name": "Service URL", "value": "##URL##" }, { "name": "Website Description", "value": "##WEBSITEDESCRIPTION##" }, { "name": "Website Checkpoint", "value": "##CHECKPOINT##" }, { "name": "Website Group", "value": "##WEBSITEGROUP##" } ], "potentialAction": [ { "@type": "OpenUri", "name": "Open Alert", "targets": [ { "os": "default", "uri": "##AlertDetailURL##" } ] } ] } ] } Custom Webhook Overview Teams Channel Connectors Incoming Webhook Connector
  7. Microsoft Teams

    Hey Guys, Give me a couple hours to see if I can't make our instructions publicly accessible today - I can see now there's plenty of demand and we've had another go at cleaning them up so I will see what I can't get posted. Have a couple meetings this morning but can follow up a bit later. Appreciate the patience ... ! Best, Kerry
  8. Microsoft Teams

    I just sent out an email with some attached instructions for both of you - we're working on some more formal documentation, but I wanted to get it out there so you could use it! Let me know how it goes - if others are interested, reply here and I can send over the same doc - and eventually I'll post a link to the official docs when they're ready. Best, Kerry
  9. Microsoft Teams

    Hey @Kurt Wolf, I'm actively working on documenting some internal efforts to get a Microsoft Teams webhook integration in place - I'll reach out within the next day or so with some instructions. Best, Kerry
  10. LM "Actions"

    Hey @NBM, Because our collector can act as a script-runner, we have some folks that have written scripts that look for those conditions, act on what they see, and then report back to LogicMonitor after taking one of those actions. Check out @Mike Suding's blog post and DataSource for Windows Services as an example: http://blog.mikesuding.com/index.php/2016/09/20/restart-a-service-alert-if-restart-fails/ Best, Kerry
  11. LogicMonitor Portal Metrics

    LogicMonitor Portal Metrics is a DataSource that queries the API of a specified LogicMonitor portal for overall statistics such as device, collector, and alert counts. It was originally written by fellow Sales Engineer @Jake Cohen, and updated by Monitoring Engineer @Julio Martinez (credit where credit is due!) It can be useful for tracking the activity within an account over time. The recommended/ required method for implementing the DataSource is as follows: Download the LogicMonitor Portal Metrics DataSource from the LogicMonitor Repository using locator code J7RGZY. Add a new device to your account in Expert Mode - use 'logicmonitor.account' in place of IP Address/ DNS and whatever you'd like for the Display Name (LogicMonitor Portal, for example.) - This device won't respond to standard DataSources, so you'll probably want to do some alert tuning once it's been added. Add properties to the device to allow the DataSource to authenticate. The required properties are: lmaccount (LogicMonitor account name - without the logicmonitor.com at the end) lmaccess.id (LogicMonitor API Key Access ID) lmaccess.key (LogicMonitor API Key Access Key) Once those properties are in place, the DataSource should automatically apply to the new device. Download the LogicMonitor Portal Metrics dashboard from Github. Let us know what you think!
  12. Oracle Database Monitoring

    @Kevin Ford (and everyone else watching the thread) - our Monitoring team just dropped the full new suite of Oracle monitoring into the core repository for accounts on v110. You'll want to update your PropertySources first, and then grab these from the DataSource repository:
  13. Oracle Database Monitoring

    Hey @Kevin Ford, It sounds like we're on the cusp of releasing some more in-depth official Oracle datasources - I don't have an official timeframe yet - but will send over the betas if you're interested. Best, Kerry
  14. Cluster Service on Windows Server (WFSC)

    @Tanvir - have you attempted to add the Cluster Service to monitoring via 'Add Other Monitoring'?
  15. Warning

    Hi @farnaz, Have you tried reaching out to our Support team? They can assist with this should you still require some help. Here's an overview of support options that are available - try out our Chat Support! Cheers, Kerry