Recommended Posts

  • 3 weeks later...
  • LogicMonitor Staff

Thanks for attending the US office Hours

Please fill out our feedback survey: here

Q: How to monitor memory used by a specific windows process and alert on threshold. [beginning]

A: I demonstrate how to add a windows process instance. After some great contributions by our participants, they let me know that there is a datapoint that returns memory usage. Unfortunately, there are no datapoints in that datasource to serve as a good denominator, so to add a threshold would be an alert tuning exercise. What I didn't point out at the time is that this would be a great candidate for using a dynamic threshold. A dynamic threshold is perfectly suited to this because it's a single, important metric with no obvious normal threshold. A dynamic threshold would alert you to rapid or unusual changes, which is what I think the end user would likely be looking for. https://docs.microsoft.com/en-us/previous-versions//aa394323(v=vs.85)?redirectedfrom=MSDN

Q: With the new log monitoring, does it except windows logs natively? [~10:00]

A: LM logs is a new product under intense development, and I do not see anything specific about ingesting windows logs natively. It is extensible, so this is something I would recommend asking the support and product teams about.

Q: I have an API that is giving me delta in data over time rather than the full results when requested, Is there a method for handling this via a data source? [27:30]

A: LogicMonitor's derive and counter datapoint types do the opposite operation, but I do not believe that there is the capability to track these things in a cumulative manner this way. I advised the user to contact support and ask them about creating LogicModules for the devices in question. 

Q: We have an interesting challenge where we have to retire some old Linux VMs running Collectors, and vacate the VLAN currently being used. We have new VMs with Collectors installed and running but on a new/different VLAN. We suspect that the Resources and Websites being monitored by the legacy Collectors might not have all their ACLs and firewall rules open to the new Collector VLAN. The question is: can you suggest a method of testing reachability of monitored Resources & Websites from a new Collector, while production monitoring is still continuing from the old Collectors? We don't want to cut over to the new Collectors unless / until we know the new ones can reach all the same targets as the old ones! [14:30]

A: If you're unwilling to simply move production servers over to a new collector for observation (understandable), my advice is select a small, representative subsample of the devices and websites, and temporarily double-monitor them by adding them in as new devices on the new collector(s) with distinct (and unique) display names. Watch them and make any changes to the environment that you need until you're satisfied things will work, and then, once proven, delete the duplicates and move the devices to the new collectors. 

Q: (follow up) [are there any example API scripts that automate the duplication of devices]?
A: No, I would do this by hand, using expert mode, on a reasonably-sized, but representative population. You'll be paying close attention to them in any case.  

Q: I read in the API docs that the Basic Auth is deprecated and going to be retired soon (in favor of API Tokens only). Any update on the time-frame for when Basic Auth will be removed for good? [21:00]

A: I do not know what event on the roadmap will cause Basic Auth to be unusable. If you have use cases (in this case, a third party alert management system) which demand Basic Auth, please let our product team know about them

Q: If our primary collector is in US N/E and we setup a secondary collector in HK or China; what sort of latency will we see in the LM portal? [24:30]

A: A couple of things: there are definitely exceptions, but we recommend that collectors be as close to monitored resources as possible. We also recommend generally that failover collectors be in the same location as the primary. This model can break down when there are large numbers of devices spread out geographically in groups not big enough to warrant their own collectors, so feel free to ask support when planning collector deployment. The training team also offers some content about this in some of our courses. Second: there are several factors which drive latency, including the latency between the collector and LogicMonitor and the collector and monitored resources, but since the polling cycle is, at shortest, one minute, practically speaking, even worldwide latency should not affect how quickly the data appears by much. 

Q: I have been teaching myself Groovy for doing custom DataSource / PropertySource / etc. and it's going well. 🙂   I've been reading through DataSources in Core which import libraries which are incredibly useful, but don't seem to be listed (or barely mentioned at all) on the LM website. Example: JSoup which only comes up in community postings and a LM blog post, even though it's bundled with the Collectors. Is there a comprehensive list of all the Groovy libraries that are bundled with the Collector, and optimally which libraries come with which Collector versions? [30:00]

A: In the video I go into this at some length. This is a fairly advanced topic in a few ways, but what it boils down to is that the configuration files for the collector, specifically the wrapper, include entries for additions to the Java ClassPath. All the java classes and packages available in the .jar files referenced can theoretically be imported in to the groovy scripts for use. (Later, during the part about ConfigSources [39:00], I show an example) Unfortunately, the names of the .jar files do not correspond to the names of the useful Java objects, so some sleuthing is necessary. I recommended identifying the jar and its source and then looking into the corresponding javadoc online to see what classes might be available and how to use them. (The person with the question had been using LogicMonitor-provided datasources, which also is a good source of examples.

Q: I heard we might have Sandbox access since we are enterprise level. Can you show some stuff about adding and using the Sandbox? [my answer here is better than the one on the video]

A: Sandbox accounts, when available, are fully independent LogicMonitor accounts. They are provisioned by our customer success (and technical operations) teams and their features and availability are subject to change over time. Some of our users reported their sandboxes being on an earlier upgrade schedule and some reported some other features, but this is subject to change according to the details of your service agreement. 

Q: [follow up] Is there a way to clone from prod to sandbox?

A: The specifics features available to sandbox environments are subject to change and your user agreement, please contact customer success for questions about this. 

Q: [About my ConfigSource example ~42:00] [Are wildvalues sanitized to prevent malicious code injection] 

A: I do not believe that they are, it's the responsibility of the author of the LogicModule to handle that and to make sure that the LogicModules and Collectors do not run arbitrary code. Exchange LogicModules are given a  security check as part of the publishing process.

Q: So it will probably help if I see this, what is the best way to identify devices for custom data sources? For example: I have a data source for a specific device, when LM does its discovery how do I get it to identify that device automatically in a way that my data source knows to run. [53:00]

A: There are several approaches that can be taken here and it depends a lot on the specifics. The way LogicMonitor does this is very generalized so that it will work in any environment right "out of the box". We use a combination of an auto-properties system, system categorization, and PropertySources to attach metadata to the devices so that they can be classified properly by the LogicModules' applies-to scripts. For custom, customer-written monitoring, this can be emulated, although simpler approaches to matching applies-to scripts can also be used using something as simple as a device group and the automatic output of the applies-to wizard. A fair number of our older LogicModules use a fairly general applies-to and then a more specific Active Discovery to ensure that instances are there

Amusing footnote: for some part of this the presenter, due to a few glitches, ended up sharing the wrong screen. Imagine! 

 

 

 

Link to post
Share on other sites
  • Administrators
14 hours ago, Mike Aracic said:

Q: With the new log monitoring, does it except windows logs natively? [~10:00]

We support Fluentd as a log transport mechanism, which supports ingesting logs from may different types of sources and then sending those logs to LogicMonitor. You would simply need to run Fluentd in your environment and configure the Windows integration in the Fluentd configuration file. An example of how this can be done can be found here

14 hours ago, Mike Aracic said:

Q: I have an API that is giving me delta in data over time rather than the full results when requested, Is there a method for handling this via a data source? [27:30]

You could use script caching to maintain a running total of the value. Each run of the script would need to read in the value from the cache, add it to the current polled value and then output that sum as a datapoint and also output that sum back to the cache.

14 hours ago, Mike Aracic said:

Q: [follow up] Is there a way to clone from prod to sandbox?

That depends on what you're trying to clone. Historical data? No. Devices? Well, you could export a list pretty easily and import that list using a Netscan. You could additionally pull devices from sandbox via API and push them (with their properties) into prod via API.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.