About the LogicMonitor Collector

Product Documentation

About LogicMonitor
- Overview
- Technical Support
  - Support Overview
  - Accessing Support Resources
Getting Started
- Implementation Readiness
  - LogicMonitor Implementation Readiness Recommendations for Enterprise Customers
  - Top Dependencies for LogicMonitor Enterprise Implementation
- LogicMonitor Tutorial
- Advanced LogicMonitor Setup
LogicMonitor Concepts
- Limits, Quotas, and Constraints
Collectors
- Collector Overview
- Collector Installation
- Collector Configurations
- Collector Management
- Collector Integrations
- Collector Troubleshooting
Devices
- Adding and Managing Devices
- Device Groups
- Resources Page Overview
- Device DataSources and Instances
- Netscans
Dashboards and Widgets
- Managing Dashboards
- Managing Widgets
- Widget Types
Alerts
- About Alerts
- Alert Discovery
- Responding to Alerts
AIOps
- Anomaly Detection
  - Anomaly Detection Visualization
- Forecasting
  - Data Forecasting
- Topology Mapping
- AIOps for Alerting
LM Service Insight
- About LM™ Service Insight
- Adding Services
- Managing Services
LogicModules
- LogicModule Overview
- LM Exchange
  - LM Exchange
- DataSources
- Data Collection Methods
- Datapoints
- Active Discovery
- Groovy Support
- Powershell Support
  - Creating PowerShell Script Datasources
  - Using PowerShell Scripts in LogicMonitor
- ConfigSources
- EventSources
- Property Sources
  - Creating PropertySources
- TopologySources
  - TopologySource Overview
  - TopologySources Scripts
- AppliesTo
  - AppliesTo Scripting Overview
  - User-Defined AppliesTo Functions
- JobMonitors
- SNMP sysOID Maps
Reports
- Which report should I use?
- Creating & Managing Reports
- Scheduling a Report for Auto-Delivery
- Creating a Report Group
- Report Types
Security
- Two-Factor Authentication
- Single Sign On
- Multi Sign-On
- Configuring the Azure Active Directory SSO Integration
- LogicMonitor Security Best Practices
- Log4j Security Vulnerabilities
Settings
- About the Account Information Page
- About Audit Logs
- Message Templates
  - Alert Messages
  - New User Message
- Users and roles
Terminology and Syntax
- Scripting Support
LM Logs
- LM Logs Overview
- Log Ingestion
- Logs Query Language
- Reviewing Logs and Log Anomalies
- Log Processing Pipelines
- Log Alert Conditions
- LM Logs Roles and Permissions
- LM Logs Usage Monitoring
- Troubleshooting Logs
LM APM
- LM APM Overview
- Push Metrics
- OpenMetrics Integration
  - OpenMetrics DataSource Wizard
  - OpenMetrics Monitoring
- Distributed Tracing
- Synthetics
Cloud Monitoring
- Getting Started
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform (GCP)
SaaS Monitoring
- Airbrake Monitoring
- Microsoft Office 365 Monitoring
- SaaS Lite Monitoring
- Salesforce Monitoring
- Zoom Monitoring
Container Monitoring
- Kubernetes
- Docker
  - Docker Monitoring
Website Monitoring
- About Websites
- Adding and Managing Websites
- Website Groups
  - Adding Website Groups
  - Editing and Deleting Website Groups
Monitoring Solutions
- Applications and Databases
- Backup and Recovery Systems
- Networking and Firewalls
- Operating Systems and Virtualization
- Server and operations Hardware
- Storage Systems
- Network Traffic Flow
Workflow Integrations
- ServiceNow
  - LogicMonitor ServiceNow CMDB Integration
    - Getting Started with the LogicMonitor ServiceNow CMDB Integration
    - ServiceNow CMDB Update Set: Auto-Balanced Collector Groups
  - Service Graph Connector for LogicMonitor
    - Getting Started with the Service Graph Connector for LogicMonitor Application
- Ansible Integration
- StackStorm
- Terraform Integration
- Microsoft Teams
  - Microsoft Teams Integration Overview
  - Microsoft Teams Integration Setup
Alert Integrations
- Alert Integrations Overview
- Autotask Integration
- Campfire Integration
- ConnectWise Integration
- Custom Email Delivery
- Custom HTTP Delivery
- Integrations Logs
- PagerDuty Integration
- Puppet 4 Integration
- Puppet Integration
- ServiceNow (Incident Management) Integration
- Slack Integration
- Zendesk Integration
Mobile
- About LogicMonitor’s Mobile View and Application
- Responding to Alerts from a Mobile Device
- Viewing Alerts from a Mobile Device
- Viewing Dashboards from a Mobile Device
- Viewing Graphs from a Mobile Device
REST API Developers Guide
- Rest API Overview
- REST API v3
  - REST API v3 Swagger Documentation
  - LogicMonitor v3 SDK
- REST API v2
  - About REST API v2
  - Creating Services via the API
- Rest API v1
RPC API - Deprecated
- About LogicMonitor’s RPC API (Deprecated)
Training and Certification
- LogicMonitor Certified Professional Exam Information
- LogicMonitor Training and Certification

Overview

The LogicMonitor Collector is an application that runs on a Linux or Windows server within your infrastructure and uses standard monitoring protocols to intelligently monitor devices within your infrastructure.

LogicMonitor Collectors are not agents and do not have to be installed on every resource within your infrastructure that you would like monitored. Rather, you should install a Collector on a host in each location of your infrastructure. See Installing Collectors.

The Collector retrieves data from all the devices assigned to it, then encrypts the data and sends it back to the LogicMonitor servers over an outgoing SSL connection.

One Collector can typically monitor hundreds of devices; however, this capacity depends on how many metrics are being monitored for each device, as well as the available resources of the server on which the Collector is installed. For more information on capacity, see Collector Capacity.

How Collectors Determine What Metrics to Monitor for Devices

When you add a device into monitoring, LogicMonitor applies built-in intelligence to recognize what kind of device it is. Based on the information discovered about the device, LogicMonitor DataSources are applied.

DataSources are templates that tell the Collector how to monitor the device, what metrics to collect for the device, how to display those metrics as graphs, and what values indicate issues that need attention. LogicMonitor installs with hundreds of pre-built DataSources that will automatically apply when you add devices into your account.

Collector Data Storage

All of the data from your Collectors is consolidated in a LogicMonitor data center, and this data is accessible in your LogicMonitor portal from anywhere with an internet connection. This necessitates that the server your Collector is installed on can make an outgoing HTTPS connection to LogicMonitor’s data centers (note, however, that Collectors can be installed on proxy servers).

Ports Used by Collectors

The server on which a Collector is installed must be able to able to make an outgoing HTTPS connection to the LogicMonitor servers (proxies are supported). In addition, the ports for the monitoring protocols you intend to use (e.g. SNMP, WMI, JDBC, etc.) must be unrestricted between your Collector machine and the resources you want to monitor.

The following tables document how the Collector communicates outbound traffic so that firewall rules can be configured accordingly. Additionally, it highlights the use cases in which the Collector is listening for inbound traffic and, when applicable, the configurations that can be used to update these inbound ports.

Inbound communication

Port	Protocol	Use Case	Configuration Setting
162	UDP	SNMP traps received from target devices	eventcollector.snmptrap.address
514	UDP	Syslog messages received from target devices	eventcollector.syslog.port
2055	UDP	NetFlow data received from target devices	netflow.ports
6343	UDP	sFlow data received from target devices	netflow.sflow.ports
7214	HTTP/ Proprietary	Communication from custom JobMonitors to Collector service	httpd.port

Outbound communication

Port	Protocol	Use Case	Configuration Setting
443	HTTP/TLS	Communication between the Collector and the LogicMonitor data center (port 443 must be permitted to access LogicMonitor’s public IP addresses; If your environment does not allow the Collector to directly connect with the LogicMonitor data centers, you can configure the Collector to communicate through a proxy.)	N/A
Other non-privileged	SNMP, WMI, HTTP, SSH, JMX, etc.	Communication between Collector and target resources assigned for monitoring	N/A

Internal communication

Port	Protocol	Use Case	Configuration Setting
7211	Proprietary	Communication between Watchdog and Collector services to OS Proxy service (sbwinproxy/sblinuxproxy)	sbproxy.port
7212	Proprietary	Communication from Watchdog service to Collector service	agent.status.port
7213	Proprietary	Communication from Collector service to Watchdog service	watchdog.status.port
15003	Proprietary	Communication between Collector service and its service wrapper	N/A
15004	Proprietary	Communication between Collector service and its service wrapper	N/A

For instructions on editing a Collector’s configurations, see Editing the Collector Config Files.

Collector Security

The LogicMonitor Collector has been carefully designed and developed with high security in mind. For details on Collector security measures and recommended best practices, see LogicMonitor Security Best Practices.

Note: Windows Defender Credential Guard is not supported and should not be enabled on Windows Collectors. The security platform has application requirements, such as blocking specific authentication capabilities, that may interfere with Collector operation.

Anti-Malware Exemptions

Although the Collector has undergone rigorous security testing prior to release, its traffic patterns may look suspicious to anti-malware tools such as heuristic antivirus or intelligent endpoint detection and response services.

If you run anti-malware software on your Collector, be aware that it may interfere with the Collector’s operations and will require an exemption. For instructions on configuring anti-malware exemptions, see LogicMonitor Security Best Practices.