External AlertingLast updated on 01 March, 2022
Alert notifications are typically sent directly from servers within LogicMonitor’s data centers. However, with external alerting, a Collector is configured to pull triggered alerts from LogicMonitor and deliver them via SNMP traps, Syslog messages, or custom scripts.
External alerts are processed independent of standard alert delivery. In other words, they are delivered separately (and in addition to) any alert notifications configured via standard alert rules and their escalation chains.
Note: You can only configure one external alert definition per Collector.
Creating External Alerts
To create an external alert, navigate to Settings | Alert Settings | External Alerting | Add. As discussed next, the Add External Alerting dialog displays, containing several settings that must be configured in order to create an external alert.
From the Groups field, limit the resources to which the external alert will apply by designating one or more device groups. You can use an explicit group name or glob expression in this field.
From the Collector field, designate the Collector that will process alerts for the specified groups. You can only configure one external alert definition per Collector. If need be, Collectors can be added specifically for external alerting to overcome firewall rules or other obstacles unique to the external alerting environment (e.g. accessing a ticket management system).
From the Delivery Mechanism field’s dropdown menu, select the method (i.e. “SNMP trap”, “Syslog”, or “Script”) that the Collector will use to deliver external alerts for the resources contained by the specified groups. Depending on the method selected, varying configurations display.
SNMP Trap Delivery
If “SNMP trap” is selected as the delivery mechanism, the Collector will send an SNMP trap to an SNMP trap server for each alert triggered by resources in the group(s) specified. SNMP traps must be less than 1024 bytes, so the message may be truncated.
SNMP Trap Server
In the SNMP Trap Server field, enter the server to which SNMP traps will be sent. SNMP traps sent from Collectors will carry the LogicMonitor enterprise OID of 184.108.40.206.4.1.39832.
In the SNMP Community field, enter the community string required for Collector authentication when sending SNMP traps to the specified server.
From the SNMP Version field’s dropdown menu, select the version of SNMP the Collector will use when sending SNMP traps.
If “Syslog” is selected as the delivery mechanism, the Collector will send a Syslog message to the specified Syslog server for each alert triggered by resources in the group(s) specified.
In the Syslog Server field, override the placeholder loopback IP address with the IP address of your Syslog server.
If “Script” is selected as the delivery mechanism, the Collector will execute a script for each alert triggered by resources in the group(s) specified.
External alerting scripts should be saved to the Collector’s directory (i.e. <lm_install_directory>\agent\local\bin). Assuming this is the case, simply enter the name of the script into the Script field. If an alternate folder is used, be sure to specify the script using its full path and ensure the Collector has the appropriate permissions.
Script Command Line
In the Script Command Line field, enter any arguments or parameters to be passed to the script. Any of the supported LogicModule tokens can be used as script parameters, but it is recommended that tokens common to all LogicModule alert types be used. If this is not possible, scripts should be constructed to function in the presence or absence of specific arguments, which can vary based on alert type. For more information on the available tokens, see Tokens Available in LogicModule Alert Messages.
Managing External Alerts
Once created, external alerts can be managed from the External Alerting page. Available by navigating to Settings | Alert Settings | External Alerting, this page allows you to view details for, sort, edit, and delete existing external alerts.