About the LogicMonitor Collector

Introduction to the LogicMonitor Collector

The LogicMonitor Collector is an application that runs on a server within your infrastructure and uses standard monitoring protocols to intelligently monitor devices within your infrastructure.

LogicMonitor Collectors are not agents and do not have to be installed on every resource within your infrastructure that you would like monitored. Rather, as discussed in Adding Collectors, you should install a Collector on a host in each location of your infrastructure. The Collector retrieves data from all the hosts (i.e. devices) assigned to it, then encrypts the data and sends it back to the LogicMonitor servers over an outgoing SSL connection.

One Collector can typically monitor hundreds of devices; however, this capacity depends on how many metrics are being monitored for each device, as well as the available resources of the server on which the Collector is installed. For more information on capacity, see Collector Capacity.

How Collectors Determine What Metrics to Monitor for Devices

When you add a device into monitoring, LogicMonitor applies built-in intelligence to recognize what kind of device it is. Based on the information discovered about the device, LogicMonitor DataSources are applied.

DataSources are templates that tell the Collector how to monitor the device, what metrics to collect for the device, how to display those metrics as graphs, and what values indicate issues that need attention. LogicMonitor installs with hundreds of pre-built DataSources that will automatically apply when you add devices into your account.

Collector Data Storage

All of the data from your Collectors is consolidated in a LogicMonitor data center, and this data is accessible in your LogicMonitor portal from anywhere with an internet connection. This necessitates that the server your Collector is installed on can make an outgoing HTTPS connection to LogicMonitor's data centers (note, however, that Collectors can be installed on proxy servers).

Ports Used by Collectors

The server on which a Collector is installed must be able to able to make an outgoing HTTPS connection to the LogicMonitor servers (proxies are supported). In addition, the ports for the monitoring protocols you intend to use (e.g. SNMP, WMI, JDBC, etc.) must be unrestricted between your Collector machine and the resources you want to monitor.

The following table documents how the Collector communicates outbound traffic so that firewall rules can be configured accordingly. Additionally, it highlights the use cases in which the Collector is listening for inbound traffic and, when applicable, the configurations that can be used to update these inbound ports.

Port Protocol Traffic Type Use Case Configuration Setting*
162 UDP Inbound SNMP traps received from target devices eventcollector.snmptrap.address
443 HTTP/TLS Outbound Communication between the Collector and the LogicMonitor data center (port 443 must be permitted to access LogicMonitor's public IP addresses; If your environment does not allow the Collector to directly connect with the LogicMonitor data centers, you can configure the Collector to communicate through a proxy.) n/a
514 UDP Inbound Syslog messages received from target devices eventcollector.syslog.port
2055 UDP Inbound NetFlow data received from target devices netflow.ports
6343 UDP Inbound sFlow data received from target devices netflow.sflow.ports
7211 Proprietary Internal Communication between Watchdog and Collector services to OS Proxy service (sbwinproxy/sblinuxproxy) sbproxy.port
7212 Proprietary Internal Communication from Watchdog service to Collector service agent.status.port
7213 Proprietary Internal Communication from Collector service to Watchdog service watchdog.status.port
7214 HTTP/Proprietary InboundCommunication from custom JobMonitors to Collector service httpd.port
15003 Proprietary Internal Communication between Collector service and its service wrapper n/a
15004 Proprietary Internal Communication between Collector service and its service wrapper n/a
other non-privileged SNMP, WMI, HTTP, SSH, JMX, etc. Outbound Communication between Collector and target resources assigned for monitoring n/a

*For instructions on editing a Collector's configurations, see Editing the Collector Config Files.

Antivirus Exclusion for Windows Collectors

If the Windows OS where your Collector is installed is protected by an antivirus application, the antivirus application may interfere with Collector behavior, causing frequent Collector service restarts and process crashes. To avoid this interference, you will need to put in place a recursive exclusion for the LogicMonitor Collector application directory.

Exclude this directory recursively: C:\Program Files (x86)\LogicMonitor\

See the following resources for more information on setting exclusions in common antivirus applications:

Collector Security

The LogicMonitor Collector has been carefully designed and developed with high security in mind. All communications made by the Collector are outbound: either within your LAN to the devices it's been assigned to monitor, or out to the LogicMonitor platform. All sensitive device data (e.g. credentials) handled by the Collector are always stored in-memory and never written to disk.

Note: As discussed in Collector Caching, Collectors do cache Collector data to disk by default during periods where your Collector is unable to deliver data to your LogicMonitor account (e.g. as a result of network issues). This data consists of reported metrics and is not highly sensitive; however, you can disable Collector caching if you deem it a security concern.

Communication between the Collector and the LogicMonitor platform is initiated only by the Collector, as outgoing HTTPS connections are typically in accordance with our customers’ existing firewall security policies. The Collector uses trusted certificates to prevent any possible man-in-the-middle attack between itself and the LogicMonitor platform. Each Collector authenticates itself to the LogicMonitor platform via a strong credential which undergoes regular rotation.

To ensure the security of your LogicMonitor account, Collectors should be installed on secured systems and networks to prevent unauthorized access. At minimum, we recommend applying baseline security hardening on all Collector systems:

  • Use strong passwords for administrative accounts
  • Change default passwords as applicable
  • Disable guest accounts and unnecessary network services
  • Stay current with vendor-provided security patches
  • Ensure the network on which it is installed isn't directly accessible from the public internet