EA Collector 34.100

LogicMonitor EA Collector 34.100 is released on June 01, 2023 and includes the following updates.

Enhancements

• To enhance the security of customer data and LogicMonitor portal, and based on growing customer demand for reduction in privileges to run Windows collectors, we have developed Windows Remote Management (WinRM) based solution where Windows collectors are installed without administrator privilege. You can use this feature as part of the Open Beta program. For details, see Configuring WinRM for Windows Collector.
• On the Collector Status Page we have added a new module status SignatureValueChangedForHealthCheckScripts for collector health check scripts. It indicates whether the health check scripts are modified or not before they are run. If the scripts are not modified, the module status message indicates that the signature is verified successfully and the scripts are not modified. If the scripts are modified, the message indicates that the signature mismatch is found and the scripts are modified. The message also lists names of the modified health check scripts.
• Currently, a single set of credentials (for example, snmp.community, snmp.security, and so on) is applied on a device’s host property to receive SNMP traps (v1, v2c, and v3) and to collect data for SNMP DataSources that is SNMP polling. To support business requirements of multiple credentials, we have now separated credentials for SNMP traps and SNMP polling.
  • SNMP Polling – The current set of credentials/host properties for data collection are as follows: snmp.community, snmp.security, snmp.auth, snmp.authToken, snmp.priv, and snmp.privToken.
  • SNMP Traps – A new set of credentials/host properties to receive SNMP trap requests are as follows: snmptrap.community, snmptrap.security, snmptrap.auth, snmptrap.authToken, snmptrap.priv, and snmptrap.privToken. Because these properties are optional, if you do not define them, collector will continue to use snmp.* host properties to decrypt traps. This provision will also ensure backward compatibility.
• It was observed that collector installer carries multiple AWS SDK JARs which are used in the core and custom modules (DataSources). To ensure that the size of collector installer remains light, from now on, we will ship only the following AWS SDK JARs:
  • aws-java-sdk-core
  • aws-java-sdk-autoscaling
  • aws-java-sdk-ec2
  • aws-java-sdk-s3
  • aws-java-sdk-cloudformation
  • aws-java-sdk-cloudwatch
  • aws-java-sdk-dynamodb
  • aws-java-sdk-sqs
• As per the current design, when collector receives syslog event from an unmonitored device, the collector performs DNS resolution of all the devices monitored under it to check if any IP address matches with the IP of the syslog sending unmonitored device. In case of unmonitored devices, this method led to unnecessary DNS lookups and spike in DNS queries for every syslog event coming from the same unmonitored device. To overcome this challenge, we have optimised the design. Instead of doing the DNS resolution of all the monitored devices, collector will now do the DNS resolution of all the unmonitored devices only once and keep it in cache with configurable expiry time of 5 minutes. For subsequent syslog events from any unmonitored device, resource mapping will be done using this cache. In agent.conf setting, you can configure the expiry time in the lmlogs.syslog.unmonitored.device.cache.expiry.in.minutes property.

Fixed Issues

• Upgraded version of the following JAR for a minor security update.

• Fixed an issue where no data was collected in SNMPv3 because collector did not discover the engine ID at the time of actual data collection. To fix the issue, the SNMP engine ID will now be refreshed from SNMP4j cache on receiving null response from the device. If you insist on following the old behaviour of force cache clean, then in agent.conf, set snmp.datacollection.engineId.force.clean=true to refresh SNMP engine ID after every 10 minutes (default) interval. To configure this interval, in agent.conf, specify the duration in seconds in snmp.engineId.force.clean.intervalInSec property.
• Fixed an issue where after upgrading, the ping datasource failed to collect data and the ping debug command failed to display correct output.
• Fixed an issue where when you upgrade collector (that runs as root user) from version 28.004 to any version except EA 34.100 or GD 33.003 and then run the updateToNonRoot.sh script, the script failed due to the absence of the setnetcap file in the bin folder. To convert to non root user, you first upgrade to EA 34.100 or GD 33.003 that contains the setnetcap file in bin folder and then run the updateToNonRoot.sh script.
• Fixed an issue where when you upgrade a docker collector from root to non root using the UpgradeToNonroot.sh script, the script failed and led to errors. The error occurred because of the relative path in the UpgradeToNonroot.sh script:
  • -sf ./bin/logicmonitor-agent /etc/init.d/logicmonitor-agent
  • -sf ./bin/logicmonitor-watchdog /etc/init.d/logicmonitor-watchdog
    
    To fix the issue, we converted the relative path to absolute path by replacing “./” with “$DEST_DIR/agent“
    
  • -sf $DEST_DIR/agent/bin/logicmonitor-agent /etc/init.d/logicmonitor-agent
  • -sf $DEST_DIR/agent/bin/logicmonitor-watchdog /etc/init.d/logicmonitor-watchdog
    
    Also, because the UpgradeToNonroot.sh script is not designed for docker collector, if you try to run the script on docker collector, the system will stop running the script and display a warning message. 
• Fixed an issue where due to a bug Groovy script in SSE ran without being configured and consumed some memory. In the agent.conf setting, it was observed that even if the groovy.script.runner property is set to agent, it still picked SSE to run few collector health check scripts and internal web check in sitemonitor. To fix the issue, we have now ensured that SSE will not start if it is not set in the groovy.script.runner property.