Antony Hawkins

Customisable "Minimal Monitoring" PropertySource

Recommended Posts

This PropertySource uses the LogicMonitor API to examine the DataSources that are actively applied to a Device, and from there determine whether the Device should be considered to be "minimally" monitored.

Note that many accounts have an automatically created "Minimal Monitoring" dynamic Device Group; this Group has various conditions that have to be met for a device to be included:

system.sysinfo == "" && system.sysoid == "" && isDevice() && !(system.virtualization) && (monitoring != "basic")

However, there are certain types of Device - for example, those from which LogicMonitor *only* pulls data from an API or CLI tool and for which no sysinfo is available - that may fall outside of the group's definition.

These Device types are currently very small in number, so if the current Minimal Monitoring Group does everything you need it to, you can pretty much stop reading here!

This PropertySource determines whether a device should be classed as being minimally monitored based on presence (or rather, absence!) of multi-instance, Auto-Discovery, DataSources, with specific exclusions that a user can edit in the script. (SSLCerts-,Port-,HTTP-,HTTPS-,LogicMonitor_Collector by default / initially)

The logic for this is that single-instance DataSources can appear on a Device regardless of data collection permissions (e.g. Ping, DNS), or by having their "AppliesTo" set to a specific Device or Group, and their presence does not indicate proof of data collection. Similarly a small number of multi-instance DataSources (such as SSLCerts-, Port-, HTTP-, HTTPS-) can be correctly applied and returning data without credentials. A further group of multi-instance DataSources (such as PingMulti-, UNC Monitor-) can have instances manually applied without necessarily working, or proving monitoring of the device is working. Finally, the LogicMonitor_Collector* DataSources will work for a Linux collector regardless of the collector's ability to monitor its machine's own SNMP data, so these are also ignored.

The presence of actively discovered instances of the remaining multi-instance DataSources on a Device will (almost) always indicate that the collector has been able to communicate with the device sufficiently to permit Active Discovery to query the device and have data returned. It is possible to construct DataSources that fall outside of this general rule, so the script can therefore be edited to ignore these too.

You will need:

A REST API Access ID and Access Key for a user with permissions to at least view all Devices within the account (or all Devices in whichever Groups you wish to consider). These should be set as properties 'apiaccessid.key' and 'apiaccesskey.key' within the Devices tree (generally the root level, or a Group level if appropriate).

The PropertySource will use these to determine the likely status of the Device, and create an auto.monitoring property for all devices.

auto.monitoring will have the value 'minimal' where no suitable multi-instance DataSources are found on a Device; the value 'active' where there are such DataSources, or one of two error messages if the required API details are not present or do not give sufficient access to query the Device.

At the top of the script is the following code block; the list of multi-instance DataSources to ignore (stored as excludedDataSourcesList) can be edited if so desired - please read the important notes first:

// ---------------------------------------------------------------------------------------
// You can amend the following list to ignore (or not) the presence of whichever
//  DataSources you do not wish to consider when determining "minimal" monitoring.
// IMPORTANT NOTES:
// 1. Single-instance datasources are excluded by default.
// 2. Multi-instance datasources with MANUAL instance creation are excluded by default.
// 3. You MUST use the DataSource Name as found in the Name field of the DataSource definition.
//   This is not always the same as the displayed name as seen in the Devices page 
//   (and in the "Displayed as" field of the DataSource definition).
// 4. Exclusions are done by "dataSourceName!~", which is "name not like" - so we are effectively
//   excluding "*dataSourceName*", rather than an exact match. Excluding "LogicMonitor_Collector"
//   therefore excludes ALL DataSources with "LogicMonitor_Collector" in their name.
def excludedDataSourcesList = [
'SSLCerts-',
'Port-',
'HTTP-',
'HTTPS-',
'LogicMonitor_Collector',
];
// ---------------------------------------------------------------------------------------

You can the create or modify a "Minimal Monitoring" group with an auto-assign custom query of:

auto.monitoring == "minimal"

...to include all Devices you may want to further investigate / debug.

:)

v1.1.0: Z97KZX

Edited by Antony Hawkins
Updated for v1.1.0, with some functional improvements.

Share this post


Link to post
Share on other sites

Z97KZX is reporting "503: This LogicModule is currently undergoing security review. It will be available for import only after our engineers have validated the scripted elements" when I attempt to load it in.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now