v.148 of the LogicMonitor portal is scheduled to roll out to customers from February 17 through March 1.
- Feature Highlight: Log alerting
- General Enhancements and Fixes: More secure report URLs, new option for Interface Bandwidth report, and more
- New and Updated Monitoring: New LogicModules have been released for the monitoring of Cisco Unified Communications Manager (CUCM), H3C, Sophos XG, and more
- Entering Beta: Push Metrics API phase II (Python SDK); new alert grouping graph on Alerts page
Feature Highlight: Log Alerting
You can now generate alerts automatically on logs!
This release introduces a new concept called Pipelines, which are used to define filters and processing steps on logs as they are ingested. Pipelines are currently scoped to match one resource, but we’ll expand this scope with an upcoming release.
- Add a pipeline to filter logs from resources you always want to track. Manage pipelines in the new Logs > Pipelines page. See Log Processing Pipelines.
The first processing step lets you add alert conditions using regular expressions to match the logs in a pipeline.
- Create alerts directly from any log event or anomaly listed in the Logs page or from a configured Pipeline. Manage alerts from Logs > Pipelines > Pipeline alerts. See Log Alert Conditions.
When log alerts conditions are matched, they trigger standard LogicMonitor alert notifications based on the alert settings (critical, warning, error). You can also view the log alert in the Logs graph, where it will display as a line alongside the alerting log event, and acknowledge the alert in the log list.
You may find this new functionality useful for making logs more actionable, and automating the process of notifying someone when known issues occur.
General Enhancements and Fixes
- (FIX) Dynamic thresholds display on Alert Tuning tab. Previously, dynamic thresholds set at the resource group and DataSource levels were not displaying on Alert Tuning tabs. These inherited thresholds are now displayed appropriately in the Dynamic Threshold column, consistent with how inherited static thresholds display in the Static Threshold column.
- (FIX) SDT icon displaying for future SDT time window. On the Alerts page, alerts associated with resources/instances with scheduled downtime (SDT) for a future time window were erroneously displaying the SDT icon for a brief period of time after being selected. This has been fixed and alerts will now only display the SDT icon when the SDT is currently active.
- EA 29.106. Collector version EA 29.106 was released on February 10. This version fixes the known issue present in versions 29.101 through 29.105 that was resulting in resources with heartbeats to be incorrectly marked as dead/down. Collector releases are deployed independently of LogicMonitor platform releases. For more information on the various Collector versions available for upgrade and the differences between EA (early access), GD (general deployment), and MGD (minimum general deployment) versions, see Collector Versions.
- (FIX) Timeout issue preventing log display. Previously, a timeout issue was preventing the Logs page from displaying larger numbers of logs as a result of longer time range filters. This has been fixed.
- (ENHANCEMENT) More secure report URLs. Reports generated by LogicMonitor (either manually or scheduled) are accessible via a short link URL for a configurable period of time. Previously, the short link URL to access the report consisted of five characters. Conceivably, an attacker could brute-force this value to retrieve and access unexpired links. To safeguard report URLs from being guessed through brute force, report URLs now incorporate 17-character strings that are created by base62-encoding randomly generated 96-bit numbers.
- (ENHANCEMENT) Interface Bandwidth report. The Interface Bandwidth report now features a new Scale by units of 1024 checkbox. (By default, this report is scaled by units of 1000.)
- (Enhancement) Users with read-only privileges for LogicModules prohibited from passing any values to AppliesTo logic. Previously, users with read-only privileges for LogicModules were able to pass anything to AppliesTo logic. These users are now restricted to default values only when making updates in AppliesTo logic.
- Edge filter available when viewing topology maps from the Alerts page. When viewing topology maps associated with alerts from the Maps tab of the alert detail pane, you can now filter the maps by edges. Edge filtering is activated by selecting it as a filter from the dropdown of the funnel icon. When activated, deselected edge types will be removed from the topology map along with any unfocused nodes that are connected to them. Edge filters are not persisted and will reset upon page refresh, tab change, or other context change. The ability to remove edges and nodes that are not relevant can aid in faster troubleshooting.
- Access to relevant, previously-saved topology maps from the Alerts page. When viewing topology maps associated with alerts from the Maps tab of the alert detail pane, you are now able to access and display saved topology maps that incorporate the alerts’ triggering resources/instances. Use the dropdown, initially named after the alert ID, to select a saved map. If the dropdown is disabled, no relevant saved topology maps are available.
- (FIX) Payment method edits. An “Unknown error” exception was occurring when attempting to edit the payment method listed in the platform’s financial settings (Settings | Account Information | Financial). This has been fixed.
- (FIX) Erroneous redirect on Resources page. Previously, when selecting the Manage Alert Tuning option for a DataSource listed in the Graphs tab for a selected resource, the user was not being appropriately directed to the Alert Tuning tab for the DataSource. This has been fixed.
New, Updated, and Deprecated LogicModules
Recently released to the LogicMonitor public repository, our new and updated LogicModules are available for import to expand and enhance your monitoring coverage.
|addERI_Cisco_SDWAN||(ERI PropertySource) Sets ERIs and ERTs for Cisco SDWAN/Viptela devices.
Note: Several Cisco DataSources and one TopologySource have also been updated for the purpose of improving Cisco topology mapping.
|AWS_WAFv2_WebACL||(DataSource) A new DataSource designed to monitor v2 of AWS Web Application Firewall (WAF) has been added. This DataSource monitors the same metrics as the current AWS_WAF_GlobalWebACL DataSource, which has also been updated for v.148.|
|(6 DataSources,1 PropertySource) A new monitoring package for Cisco Unified Communications Manager (CUCM) has been released that leverages the CUCM XML API to monitor Location Bandwidth Manager bandwidth, MTP resource usage, replication state, service status, SIP calls, and overall system performance. For setup and monitoring details, see Cisco Unified Call Manager (CUCM) API Monitoring.|
|(4 DataSources, 1 PropertySource) A new monitoring package for Cisco Unified Communications Manager (CUCM) has been released that processes CDR and CMR files to provide summary metrics for call failures/success, durations, jitter, latency, throughput, queues, mean opinion score (MOS), cause codes, and processing of the the files themselves. For setup and monitoring details, see Cisco Unified Call Manager (CUCM) Records Monitoring.
Note: Requires Collector version 29.101 or higher.
|Cisco_IPSec_PolicyBasedTunnels||(DataSource) Tracks throughput and session status for Cisco Policy-based IPSec tunnels over SSH.|
Cisco NCS Alerts
|(1 DataSource, 1 EventSource, 1 PropertySource) Tracks alerts, receive/transmit power, and alarm/degrade states of interfaces for Cisco ONS 15454 devices.|
|(4 DataSources) New H3C DataSources have been released that replace existing H3C DataSources. The new DataSources use scripted Active Discovery to ensure unique instance naming. In addition, the new modules feature expanded alerting, minor graph fixes, updated tech notes and more frequent data collection.
Note: Four DataSources are deprecated by the release of these new DataSources. See the Deprecated LogicModules section of these release notes for details on how to transition from a deprecated to a replacement LogicModule.
Note: Historical data collected by the now-deprecated modules may be inconsistent with data collection by new modules if the system had components with duplicate names.
|Netscaler_GSLB_Domains||(DataSource) A new DataSource for monitoring domains served by Netscaler GSLB has been released with improved instance naming, overview graphs, and datapoint descriptions.
Note: The NetscalerGSLBDomains- DataSource is deprecated by the release of this new module. See the Deprecated LogicModules section of these release notes for details on how to transition from a deprecated to a replacement LogicModule.
|(4 DataSources) Added new DataSources for devices running v18 and above to accommodate the use of a new OID. Metrics monitored are the same as the existing Sophos XG DataSources with the exception of Sophos_XG_HAStatus_v18+ which tracks HA enabled/disabled status instead of HA state and licenses to account for an updated licensing model.
Note: Requires the new \.1\.3\.6\.1\.4\.1\.2604 SNMP SysOID Map (locator code: 2PEHAN).
Note: The Sophos_XG_Product_Info PropertySource has been updated to support v18+ devices.
|VMware_Horizon_Product_Info||(PropertySource) Determines the Horizon product version and writes it to a property.|
|addCategory_Meraki_API||(PropertySource) Updated to additionally assign “NoPing” to the system.categories property because, as of 21-01-20, api.meraki.com no longer responds to ICMP pings; fixed script failures for organizations without any devices.|
|addCategory_StatusPageIO_Key||(PropertySource) Fixed typo in LogicModule description.|
|addCategory_TopoSwitch||(PropertySource) Updated to extract RuggedCom LLDP data via SNMP; updated to pass null instead of empty maps for options parameter when doing SNMP walks.|
|(2 ERI PropertySources) Updated to ensure Cisco Catalyst 2360 devices are properly classified as switches; added ERI generation for network managed APC UPS systems.|
|addERI_Windows||(ERI PropertySource) Updated to block VMware PVSCSI Controller WWNs.|
|AWS_WAF_GlobalWebACL||(DataSource) Updated Active Discovery to use a new built-in method targeting Classic Web Application Firewalls.|
|(6 DataSources) Updated collection script to dynamically determine threadpool size based on the number of instances; implemented retry logic and removed hardcoded SNMP timeout.|
|Cisco_Nexus_Line_Card_Status||(DataSource) Updated Active Discovery to ensure that the correct slot number is included in the instance name.|
|Cisco_Nexus_CPU_Memory||(DataSource) Converted to scripted collection to use values from 64-bit OIDs when possible with fallback to 32-bit counters and account for value overflow; updated descriptions and added overview graphs.|
|(3 DataSources, 1 TopologySource) Updated to use hostname instead of IP for ERIs; moved some data to instance properties; added local token caching and management to mapping script.
Note: A new ERI PropertySource has also been released for the purpose of improving Cisco topology mapping.
|Citrix_XenApp_UserExperience||(DataSource) Rewrote collection script for significant performance gains (previous versions use classes which have been known to cause performance issues on some Collectors)|
|Dell_Networking||(ConfigSource) Updated scripts to use “no-more” command for pagination processing; added Boolean property dell.basicmode to control whether the module runs in basic mode (defaults to TRUE); accounted for more CLI prompt variations.|
|EMC_ScaleIO_Devices||(DataSource) Updated complex datapoints and graphs to provide latency value in milliseconds, previously recorded values were in microseconds.|
|Linux_Chrony||(DataSource) Fixed bug in error catch code; updated all variable declarations to be data specific.|
|LogicMonitor_Collector_LMLogs||(DataSource) Added a datapoint that measures the time taken for the ingest API to respond to requests (requires Collector version 29.106 or higher); added alert thresholds to the SizeOfBigQueue datapoint.|
|LogicMonitor_Portal_Users||(DataSource) Fixed various regressions inadvertently introduced in the previous version.|
|Microsoft_Azure_VMBackupStatus||(DataSource) Removed HealthStatus datapoint as that metric is no longer returned by the API.|
|MongoDB-||(DataSource) Updated the Collector version alert messaging to more clearly communicate the advance warning that the current set of LogicModules being used to monitor MongoDB will stop working upon upgrade to Collector version 29.106 or higher.|
|PaloAlto_FW_Reports_TopSources||(DataSource) Added support for IPv6 instances; made changes to ensure wildvalues are sanitized.|
|(1 DataSource, 1 TopologySource) Added support for devices that return MAC addresses in binary format; fixed issue preventing whitespace from being trimmed for shared namespaces.|
|SonicWall_SonicOS||(ConfigSource) Added filters for authentication related lines.|
|Sophos_XG_Product_Info||(PropertySource) Updated to support v18+ devices.
Note: Four new DataSources have additionally been released to accommodate v18+.
|(2 DataSources) Updated to ensure that spaces are removed from wildvalues.|
|VMware_ESXi_HostInterfaces||(DataSource) Added debug messages.|
|(16 DataSources, 1 PropertySource) For DataSources, removed explicit usage of TLS 1.1 protocol which was required for compatibility with the no longer supported Horizon v6.1; made various graph and description fixes; added alert for datastore space usage; limited discovery runs on Windows devices without Horizon credentials; and added support for Horizon v8.
For PropertySource, updated script to PowerShell and moved version discovery to a new PropertySource (this new PropertySource is also released in version v.148).
|VMware_vCenter_Alerts||(DataSource) Updated DataSource description to indicate that the DataSource monitors only alerts for ESX hosts in vCenter. Additional alerts not associated with an ESX host will not be discovered.|
|VMware_vCenter_VMInterface||(DataSource) Fixed graphs to display values corresponding to the label (previously displayed values were in kB/s while graph label was bps).|
|(2 DataSources, 1 TopologySource) Added support for vCenter installations with VMs but no ESXi hosts; updated to handle permissions errors encountered while querying clusters.|
|(7 DataSources) Updated to ensure CIM sessions are properly closed and scripts return the correct exit code.|
|Update made across an assortment of LogicModules:
|(1 DataSource, 5 ConfigSources, 3 PropertySources) Made necessary updates to ensure PowerShell sessions are properly closed before exiting scripts.|
LogicMonitor deprecates LogicModules for a variety of reasons. Most often, it is because we have published a replacement LogicModule that provides superior access to the monitored technology (for example, supports more versions of the technology or provides improved scalability).
However, there are times when a LogicModule is deprecated with no replacement (for example, when a technology becomes defunct or security issues beyond LogicMonitor’s control arise).
Note: When importing a replacement LogicModule, you will not experience any immediate data loss due to the name variation that LogicMonitor expressly adds. However, there will be a diversion in data collection between the deprecated and new LogicModule, and you will potentially collect duplicate data and receive duplicate alerts for as long as both LogicModules are active. For this reason, we recommend that you disable monitoring of the DataSource instances at the resource or resource group level after you have imported its replacement. When DataSource monitoring is disabled in this way, it stops querying the host and generating alerts, but maintains all historical data. At some point in time, you may want to delete the legacy DataSource altogether, but consider this move carefully as all historical data will be lost upon deletion. For more information on disabling DataSource monitoring, see Disabling Monitoring for a DataSource or Instance.
|LogicModule Deprecated/Replacement||Reason||End of Support Date|
LogicModules Deprecated in v.148
|(DataSource) This DataSource was creating excessive instances, resulting in degraded Collector performance.||2021-05-05|
|(2 DataSources) Released in v.145, Cisco_CPU_Usage performs the same functions as these deprecated DataSources in a more efficient manner.||2021-03-08|
|(4 DataSources) The replacement DataSources use scripted Active Discovery to ensure unique instance naming, a known issue with the now-deprecated DataSources.||2021-03-08|
|(DataSource) Development DataSource that was inadvertently published.||Immediate|
|(DataSource) The now-legacy DataSource produced indecipherable instance names. The replacement DataSource remedies this as well as features new overview graphs and datapoint descriptions..||2021-03-08|
LogicModules Previously Deprecated (over past five versions)
Unomaly Anomalies Frequency Spikes
Unomaly Known Events
Unomaly New Anomalies
New LM Logs feature, released in fourth quarter of 2020.
|(3 EventSources) Functionality has been fully replaced by LogicMonitor’s new LM Logs feature.||2021-02-17|
|(1 DataSource) It has been determined that all data gathered by this DataSource is being reported more robustly through the existing NetSNMPCPUwithCores and NetSNMP_Memory_Usage DataSources, making it redundant and unnecessary.||2021-02-09|
|(1 deprecated DataSource) Enhancements featured by replacement include an updated AppliesTo statement that includes OpenBSD systems; updated filters to exclude /proc and /dev and allow discovery of files between 0-100 bytes on filesystems; new complex datapoints; and support for drives over 8 TB and block sizes other than 4 K.||2021-01-19|
|(7 deprecated DataSources) The replacement DataSources apply to the cluster VNN rather than each node individually, significantly reducing the incidence of duplicate alerts.
Note: The six replacement DataSources listed here are part of a bigger monitoring package for Microsoft Windows Failover Clusters that was released in v.146.
|(4 DataSources)General cleanup of DataSources that are not widely used and no longer work correctly.||2021-01-19|
|(1 DataSource) Converted to a scripted DataSource and uses an additional OID to resolve duplicate wildvalues.||2021-01-04|
Liebert Power lines
Liebert Temperature probes-
Liebert UPS Temperature probes-
|(3 DataSources) Rewrote DataSources as scripted SNMP; merged monitoring of temperature and UPS temperature probes into a single DataSource; added new power and voltage metrics for power lines monitoring; fixed an incorrect filter for power lines.||2021-01-04|
|(1 DataSource) LogicMonitor released five new DataSources that provide 15 additional datapoints and group related metrics into separate DataSources, making it easier to hone in on specific aspects of your portal. For more information, see LogicMonitor Portal Monitoring.||2021-01-04|
|(1 DataSource) Active Discovery and data collection methods were converted from SNMP to script to improve overall efficiency.||2020-12-07|
|(1 DataSource) “VMware” was removed from the DataSource name as the backups are not VMWare specific.||2020-12-07|
Cisco AIP SSM Memory Pools-
|(1 DataSource) The replacement DataSources offer a scripted SNMP version that returns accurate values. If you were previously using the now-deprecated DataSource, it can be deleted as it was providing invalid data.||2020-11-16|
Python SDK for Push Metrics API
LogicMonitor is developing a Push Metric API in order to allow metrics to be sent directly to LogicMonitor without the use of a Collector.
The first phase of the beta is continuing and we are now opening up the second phase of the beta which features a Python SDK for the Push Metrics API.
If you are currently participating in the first phase and would like to expand your testing to include the new Python SDK, see the Push Metrics API Solution guide (this guide will be updated shortly with SDK details).
If you are not currently participating in the first phase, please complete the Customer Beta survey and use the comments section to indicate your interest in participating in testing for the Push Metrics API Python SDK.
Easy Alert Grouping with New Header Graph on Alerts Page
Available as a beta feature for all Enterprise and Enterprise MSP customer accounts, the Alerts page incorporates a brand new time-series header graph that provides immediate visual insight into an alert storm or other event requiring investigation.
Mirroring the alerts currently displayed in the alert table, this graph’s aggregated alert counts can be grouped by a number of dimensions including alert severity, associated alert triggers (resource, LogicModule, instance, datapoint), matching alert rules, or the escalations chains used to deliver alert notifications.
Available by clicking the more options icon located in the upper right corner of the Alerts page, the header graph is highly interactive, allowing you to zoom in on a time range or use the graph’s legend to quickly include/exclude a group of alerts. As you interactively change the graph’s filters, the alert table will automatically update to remain in sync.
Note: As a beta feature, this header graph may exhibit some performance or functional issues; closing the graph will eliminate any potential impacts you experience when using other aspects of the Alerts page.
For more information on using this new alert header graph, see Managing Alerts from the Alerts Page.
In the following months, LogicMonitor will continue enhancing alert grouping capabilities with the addition of treemap graphs for subgrouping and new grouping dimensions.