2020-12-09 LogicMonitor Basics Office Hours


Recommended Posts

  • 1 month later...
  • Administrators

Q&A Transcript:

[4:38] Hi Stuart!! I noticed that on the EA Collector Release Notes https://www.logicmonitor.com/release-notes/ea-collector-29-104 there's now a known issue with SSE (Standalone Script Engine). We need to use the EA for the RADIUS and TACACS checks (requires 29.100+) so would you be able to tell us any details on how that known issue manifests itself? (The good news is that we're not in prod yet with the RADIUS or TACACS, but we need to be in early January.) Would you be able to explain a bit about what the SSE is and what it does? (Sorry if you said that already and I missed it.) Oh wow - on your screen there was showing EA 29.105 which wasn't there just last night!! Maybe that's the fixed SSE. I'll try it!!! Yep - 29.105 is now available on our portal also. W00t!

[8:37] I have all HP/Aruba switches in my environment, some are monitored and some are not. I need a network diagram showing them all, including connectivity to monitored and non-monitored Windows servers. Can LogicMonitor create a network diagram showing everything? Would this be suitable for discovering new devices but not automatically add them to monitored devices? I don't want to go over my license allocation?

[16:30] Are there new wildcards that can be used with JDBC connection collection to account for the new MSSQL connections created through the Microsoft_SQLServer_Connections propert source?  Discovery JDBC URL works by just telling it to use mssql, but collector attributes Url wants either the specific property source created like ##auto.mssqlserver.mssql_url## or a specifc string that wildcards the host, port, etc.  We have cases where a server can have multiple property strings created and need to account for that. the new property source builds out the whole string like you displayed, but each version will be a new property.  so if we have 2 SQL instances each one would be a property created, but to use the standard JDBC data sources I have to make duplicate data sources with each having rhe unique property entered as the Collector Url.  It seems to stuggle with the standard string wildcarded like you displayed where there is multiple values to a single wildcard like DBName or DBPort can have multiple

[18:20] can we create a map for depicting devices in AWS VPCs? we have AWS Subaccounts, and within them, VPCs. COuld  a map with top level as AWS account, and VPC hierarchy be created?
Stuart says: I'll provide some more info on this, including how to setup the Mario Topology, which can be used as an example for creating the AWS VPC to Subaccount mapping. Stay tuned.

[22:01] I’m in the process of switching my Meraki gear over to API calls for monitoring.  During this time, I noticed that there are gaps in data frequently (usually 5 minutes at a time).  It almost seems like a specific polling instance failed.  Is this a common issue with monitoring Meraki devices? Secondly, on Meraki org and Network instances, the snmp setting system.categories MerakiAPIOrg,NoPing.  Yet On each of my org and network instances, it is throwing alarms due to no ping data.  Is this a bug or should I go in and uncheck the monitoring for ping on those devices?
[Another participant]: I have had discovery issues where the NoPing is not correctly applied to start and running a manual "Run Manual Discovery" gets the "Ping removed.  I also raised a case about this with my CSM last week with the lag and because the NoPing seems to also think the devices are "Dead" at times
[Original Asker]: I added them with a groovy script
[Original Asker]: my applies to has isDevice()

[29:45] Hello. Question: I'm attempting to add an email distribution group to an escalation chain. When adding the specified group to the "Recipient" under "Stages", I'm getting an error stating that I have to select a group from the prepopulated groups. Is this by design? I can add individuals, but not new dist groups.

[31:53] How to remove devices from one collector (Windows) and add it to another collector (Linux), we are not using the same SNMP credential, v3, different username/password.  We plan to decommission the Windows collector.

[33:37] Is there a way to add arbitrary emals to a scheduled report?
[Another participant]: you have to hit enter after typing the email in to keep it

[37:49] Can you go over snmp walk?  We are trying to add a Cisco Wireless Controller.

[44:04] Another Meraki question ... the DNS name for the API method for Meraki gear has them end in .invalid.   On the orgs and networks, the DNS is also throwing an alarm ... would I add && !contains(invalid) to the DNS datasource properties to  exclude them from DNS checks?

[45:10] Can you demonstrate how you might troubleshoot high memory utilization on a windows collector? I sometimes find it difficult to isolate which devices or datasources are specifically taxing the collector.
[Another Participant]: We LOVE the "No Data" DataSources!!  They are so helpful!
[Another Participant]: One note of caution: Since the amount of work to monitor the "No Data" relates to the number of Instances, you can actually overload your Collectors trying to monitor "No Data" if you're not careful.
[Another Participant]: The metrics data source is depricated with v145 as there are now several new data sources with more data
"No Data" DataSources: https://communities.logicmonitor.com/topic/3396-universal-no-data-monitoring/?tab=comments#comment-7903
Stuart's DataSources that give per device and per collector metrics: https://github.com/sweenig/lmcommunity/tree/master/CollectorLoad

[58:28] we are alerting on disk space. We have to monitor this windows PC due to its purpose. THe PC has one disk in two partitions. We added it to monitoring but the second partition is trigger a disk space. I dont' want it to trigger disk space on the second volume but under disk in resources the C:\D: show up together with the D:\ having an alarm. How do i go about stopping the alert for the second partition?
[Original Asker]: ok thank you. We're alerting on Physical Disks
 

Link to post
Share on other sites
  • Administrators

For the Super Mario World topology map example:

Search the public repository of the exchange for "mario" and you should see a package called "Super Mario TopologySource Example". Go ahead and install it. There are two parts: a DataSource and a TopologySource. You'll need to modify the AppliesTo of both to point to a single device in your infrastructure. This can be a collector or if you are monitoring LogicMonitor from LogicMonitor, that's an option as well. Since the goal is to discover individual VPCs and the devices in them, you might want to eventually apply them to multiple devices, one in each VPC, for segregation purposes. Let's look at how this static version works and then how it could be adapted to pull in dynamic data from AWS.

The DataSource will create instances under that device for each world in Super Mario. Each of those instances has a unique identifier that is set on the instance when it is created. This is all the DataSource does, it doesn't actually do anything for collection. The DS does this by means of an active discovery script that outputs the list of worlds. For each world, it lists the unique identifier (wildvalue), display name (wildalias), a description (which isn't strictly necessary), and some properties. Included in those properties are two "predef." properties: predef.externalResourceID and predef.externalResourceType. The externalResourceID is the ERI and is the ID that the topology source will use to tie objects together. We'll look at that next. The externalResourceType just determines what icon will display on the map for that object.

Now that the instances are created, we can tie them together using the TopologySource. Once again, the relationships between objects is static. The TS simply outputs which ERIs are connected to which other ERIs. 

Once the DS creates the instances and the TS maps them together, what you get is this, a mapping between the instances, showing which worlds have exits to which other worlds. This is the map that is automatically generated on the instance level, configured to show 2 degrees away.

image.thumb.png.de21e9364832675e41be5d6260a8d20f.png

Then, you can create a larger map including all the instances, to see the map of the entire set of worlds.

image.thumb.png.6299630b14c3bd19293248646a2e8453.png

 

How does this relate to AWS VPCs and objects in those VPCs? Well, think about it this way: 

What if the DataSource, instead of outputting the static names of the Mario worlds, queried some system that had the list of VPCs. It could then create those VPCs as instances under some device somewhere.  If your AWS is being monitored by LogicMonitor, you could pretty easily write some code to query the API to get the list of those VPCs. The DS would need to create them with ERIs and ERTs, just like in the Mario example. You could write a pretty simple PropertySource to make sure that each device monitored in your AWS environment has ERIs and ERTs. 

Then you could write a TopologySource to map the VPC instances to the AWS devices in which they reside.

Currently, the Mario active discovery output looks like this:

Yellow_Switch_Palace##Yellow Switch Palace##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yellow_Switch_Palace&predef.externalResourceType=SMWExit
Yoshi_s_House##Yoshi's House##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yoshi_s_House&predef.externalResourceType=SMWExit
Yoshi_s_Island_1##Yoshi's Island 1##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yoshi_s_Island_1&predef.externalResourceType=SMWExit
Yoshi_s_Island_2##Yoshi's Island 2##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yoshi_s_Island_2&predef.externalResourceType=SMWExit
Yoshi_s_Island_3##Yoshi's Island 3##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yoshi_s_Island_3&predef.externalResourceType=SMWExit
Yoshi_s_Island_4##Yoshi's Island 4##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Yoshi_s_Island_4&predef.externalResourceType=SMWExit
Iggy_s_Castle##Iggy's Castle##Yoshi's Island####auto.world=Yoshi%27s+Island&predef.externalResourceID=Iggy_s_Castle&predef.externalResourceType=SMWExit
Green_Switch_Palace##Green Switch Palace##Donut Plains####auto.world=Donut+Plains&predef.externalResourceID=Green_Switch_Palace&predef.externalResourceType=SMWExit
Donut_Plains_1##Donut Plains 1##Donut Plains####auto.world=Donut+Plains&predef.externalResourceID=Donut_Plains_1&predef.externalResourceType=SMWExit
------------------ OUTPUT TRUNCATED ------------------

The output from the TopologySource looks like this:

{
  "edges": [
    {"from": "yoshi_s_island_1", "to": "yoshi_s_house", "type": "path"},
    {"from": "yoshi_s_island_2", "to": "yoshi_s_house", "type": "path"},
    {"from": "yoshi_s_house", "to": "yoshi_s_island_2", "type": "path"},
    {"from": "yoshi_s_house", "to": "yoshi_s_island_1", "type": "path"},
    {"from": "star_world_5", "to": "front_door", "type": "path"},
    {"from": "yoshi_s_island_1", "to": "yellow_switch_palace", "type": "Normal"},
    {"from": "yoshi_s_island_2", "to": "yoshi_s_island_3", "type": "Normal"},
    {"from": "yoshi_s_island_3", "to": "yoshi_s_island_4", "type": "Normal"},
    {"from": "yoshi_s_island_4", "to": "iggy_s_castle", "type": "Normal"},
    ============= OUTPUT TRUNCATED =============
    {"from": "star_world_2", "to": "star_world_3", "type": "Secret"},
    {"from": "star_world_3", "to": "star_world_4", "type": "Secret"},
    {"from": "star_world_4", "to": "star_world_5", "type": "Secret"},
    {"from": "star_world_5", "to": "gnarly", "type": "Secret"},
    {"from": "gnarly", "to": "tubular", "type": "Normal"},
    {"from": "tubular", "to": "way_cool", "type": "Normal"},
    {"from": "way_cool", "to": "awesome", "type": "Normal"},
    {"from": "awesome", "to": "groovy", "type": "Normal"},
    {"from": "groovy", "to": "mondo", "type": "Normal"},
    {"from": "mondo", "to": "outrageous", "type": "Normal"},
    {"from": "outrageous", "to": "funky", "type": "Normal"}
  ]
}

 

You could change the instance discovery script to look like this:

VPC_A##VPC A######predef.externalResourceID=VPC_A&predef.externalResourceType=VPC
VPC_B##VPC B######predef.externalResourceID=VPC_B&predef.externalResourceType=VPC
VPC_C##VPC C######predef.externalResourceID=VPC_C&predef.externalResourceType=VPC
VPC_D##VPC D######predef.externalResourceID=VPC_D&predef.externalResourceType=VPC
VPC_E##VPC E######predef.externalResourceID=VPC_E&predef.externalResourceType=VPC
VPC_F##VPC F######predef.externalResourceID=VPC_F&predef.externalResourceType=VPC
VPC_G##VPC G######predef.externalResourceID=VPC_G&predef.externalResourceType=VPC
VPC_H##VPC H######predef.externalResourceID=VPC_H&predef.externalResourceType=VPC

 

And the TopologySource output would look like this:

{
  "edges": [
    {"from": "VPC_A", "to": "Device_A1", "type": "path"},
    {"from": "VPC_A", "to": "Device_A2", "type": "path"},
    {"from": "VPC_A", "to": "Device_A3", "type": "path"},
    {"from": "VPC_A", "to": "Device_A4", "type": "path"},
    {"from": "VPC_A", "to": "Device_A5", "type": "path"},
    {"from": "VPC_A", "to": "Device_A6", "type": "path"},
    {"from": "VPC_A", "to": "Device_A7", "type": "path"},
    {"from": "VPC_B", "to": "Device_B1", "type": "path"},
    {"from": "VPC_B", "to": "Device_B2", "type": "path"},
    {"from": "VPC_B", "to": "Device_B3", "type": "path"},
    {"from": "VPC_B", "to": "Device_B4", "type": "path"},
    {"from": "VPC_C", "to": "Device_C1", "type": "path"},
    {"from": "VPC_C", "to": "Device_C2", "type": "path"},
    {"from": "VPC_C", "to": "Device_C3", "type": "path"},
    ============== OUTPUT TRUNCATED ==============
  ]
}

 

The only real trick is actually querying some system that knows the names of each of the VPCs, adding ERIs to the devices, and querying some system that knows the relationships between them.

Btw, if you haven't added yourcompany.logicmonitor.com as a device in your portal, I highly recommend it. It can be a great place to put this kind of stuff, rather than associating it with a particular collector or some other random device (although that is always an option). 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.