Common Config Monitoring
Last updated on 26 September, 2023Common Config monitoring is an approach that uses a variety of collection types to identify the most reliable method a device supports. Coverage is typically focused on collection types that use variations on SSH style protocols. For example, SCP, SFTP, and SSH EXEC. The Common Config approach uses multiple PropertySources in a sequence and has some characteristics unique to this suite of modules.
- A device or brand-specific PropertySource, such as Cisco_Generic_Configs, applies host properties of collection information specific to each device. These provide subsequent steps of the process information specific to the kind of device you are working with.
- A number of “check” PropertySources run and attempt various collection types using the host properties applied. Upon the first successful collection a further host property is added, indicating a success. This stops less reliable checks from running and applying.
- With the host now containing a list of device-specific collection information – and a property representing what is believed to be the most reliable collection method – the matching “common” ConfigSources apply. Common ConfigSources share code and get their device-specific collection instructions from the host properties that are applied through the vendor-specific config related PropertySources. For more information, see LogicModules in Package.
Requirements for Common Config Monitoring
- The minimum collector version supported is 28.606. This is due to a requirement on the SSHJ library added in that version.
- Install the Common Config LogicModules. For more information, see LogicModules in Package.
Common Config Custom Properties
The following custom properties must be set on the device resource within LogicMonitor. For more information on setting properties, see Resource and Instance Properties.
Authentication Properties
Property | Value | Required |
config.user/ssh.user/telnet.user | User that is used for authentication | Yes |
config.pass/ssh.pass/telnet.pass | Password that is used for authentication | Yes |
ssh.cert/ssh.publickey | Path of the key used in authentication | No |
ssh.enable.pass | Password used for privilege escalation during interactive SSH | No |
ssh.port | Port used for SSH connections (Default : 22) | No |
config.hostname | An alternate host used in place of system.hostname | No |
Prompt and Command Properties
Property | Value | Required |
config.prompt | A user-specified prompt line to search for, rather than finding one automatically | No |
config.pty | A user-specified PTY type (Default : vt100) | No |
config.filter | Regex used to filter the output.For example, this may be used to filter MOTD messages or personal information. | No |
config.custom.response | Custom responses to regex lines in a comma-separated Line=>Response format.For example: Please Enter a to Continue=>a | No |
config.commands.formatting | A comma-separated list of commands sent prior to the main command.For example, you can format the CLI to ignore pagination. | No |
config.commands.standard | Specify comma-separated key value pairs for instances that you want to monitor.For example: show config=Config,show inventory=Inventory | No |
config.commands.dynamic | Specify comma-separated key value pairs for instances that you want to collect, but not alert on, even if they change. | No |
config.logs.permanent | When set to true or 1, this property adds regular permanent logging to common configs collected with pseudo interactive methods (ssh, telnet, etc). These logs can be used for diagnostics. Logs are written to the /logs/ConfigStats/ directoryNote: These logs are not automatically deleted and must be deleted manually. | No |
Properties to Control Protocol Used
You can use properties to define a single protocol for a device. This prevents other protocols from being attempted. For Telnet, you must use a property and value, as no other protocols are relevant and should not be attempted.
Protocol | Property | Value | Required |
Telnet | config.type.telnet | If set to “1” or “true”, forces Interactive Telnet collection for the device, bypassing checks. | Yes |
SCP | config.type.scp | If set to “1” or “true”, forces SCP as the collection type for the device, bypassing checks. | No |
SFTP | config.type.sftp | If set to “1” or “true”, forces SFTP as the collection type for the device, bypassing checks. | No |
SSH EXEC | config.type.exec | If set to “1” or “true”, forces SSH EXEC as the collection type for the device, bypassing checks. | No |
SSH | config.type.interactive | If set to “1” or “true”, forces Interactive SSH collection for the device, bypassing checks. | No |
Migration from Legacy LogicModules
The following vendor-specific ConfigSources have been deprecated in favor of Common Configs, which is the supported approach for network device Configuration Monitoring. If you are currently monitoring configs using any of these legacy ConfigSources, you will not experience data loss upon importing the new modules. However, you will collect duplicate data and receive duplicate alerts for as long as both sets of ConfigSources are active. For this reason, LogicMonitor recommends that you disable the legacy ConfigSources after importing the new set of ConfigSources and confirm that they are working as intended in your environment. Common Config monitoring provides a more reliable method for collection of generic or general purpose configs through existing stable collection types. However, LogicMonitor recognizes that there are devices with special circumstances that may require a more traditional approach.
- Arista_EOS
- Aruba_WirelessController
- Cisco_IOS
- Cisco_NXOS
- Cisco_Viptela
- Cisco_WLC_RunningConfig
- Cisco_WLC_SystemConfigs
- Citrix_Netscaler
- Dell_Networking
- Fortinet_FortiOS
- HPE_Network_Config
- Juniper_JUNOS
- PaloAlto_FW_CLIConfigs
Note: When a ConfigSource is disabled, it stops querying the host and generating alerts, but maintains all historical data. You may delete the legacy DataSources altogether, but consider this carefully as all historical data will be lost. For more information on disabling DataSources, see Disabling Monitoring for a DataSource or Instance.
Common Config Checks and Active Discovery
The Common Config modules use a series of checks to identify the most reliable collection method. The initial application can take up to 48 hours to complete. You can force Active Discovery for a device to speed up this process if faster results are required. For more information, see What is Active Discovery.
Config Metrics DataSource
This suite of modules provides a DataSource (LogicMonitor_ConfigSource_Metrics) to monitor its execution. Once instances have been created, this module can be used to identify and diagnose issues such as collection times close to or exceeding timeout, config sizes larger than configured limits, and sporadic collection. If you experience issues with config monitoring, LogicMonitor recommends that you look at this DataSource during troubleshooting to verify whether the issue relates to any of these metrics monitored.
LogicModules in Package
LogicMonitor’s package for Common Configs consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform. At any given time, only one set of ConfigSources from the below list will apply to a device, calculated automatically via the listed PropertySources (unless overridden). For more information, see Module Installation.
Display Name | Type | Description |
Config Metrics | DataSource | Metrics on collection success and failure. |
ConfigCheck_1_SFTP | PropertySource | Sets auto.config.type.sftp if collection is possible via SFTP. |
ConfigCheck_2_SCP | PropertySource | Sets auto.config.type.scp if collection is possible via SCP. |
ConfigCheck_3_Exec | PropertySource | Sets auto.config.type.exec if collection is possible via SSH Exec. |
ConfigCheck_4_Interactive | PropertySource | Sets auto.config.type.interactive if collection is possible via Interactive SSH. |
ConfigCheck_5_Telnet | PropertySource | Sets auto.config.type.telnet if collection is possible via Interactive Telnet. |
Config_Arista_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Aruba_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Brocade_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Cisco_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. Currently will only apply to devices where config.beta is set to 1, or previous Cisco common configs have been collected. |
Config_Fortinet_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_HPE_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Juniper_Generic | PropertySource | Checks for SSH compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Netscaler_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_PaloAlto_Generic | PropertySource | Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. |
Config_Sophos_Generic | PropertySource | Checks for SSH compatibility with a device and sets the relevant properties for modules to collect if successful. |
Dynamic Configs (SCP) | ConfigSource | Common module for handling generic SCP config collection. Dynamic configs are set to not alert on change by default. |
Dynamic Configs (SFTP) | ConfigSource | Common module for handling generic SFTP config collection. Dynamic configs are set to not alert on change by default. |
Dynamic Configs (SSH Exec) | ConfigSource | Common module for handling generic SSH EXEC config collection. Dynamic configs are set to not alert on change by default. |
Dynamic Configs (SSH Interactive) | ConfigSource | Common module for handling generic SSH Interactive config collection. Dynamic configs are set to not alert on change by default. |
Dynamic Configs (Telnet) | ConfigSource | Common module for handling generic Telnet Interactive config collection. Dynamic configs are set to not alert on change by default. |
Standard Configs (SCP) | ConfigSource | Common module for handling generic SCP config collection. These configs will alert on a non-filtered change. |
Standard Configs (SFTP) | ConfigSource | Common module for handling generic SFTP config collection. These configs will alert on a non-filtered change. |
Standard Configs (SSH Exec) | ConfigSource | Common module for handling generic SSH EXEC config collection. These configs will alert on a non-filtered change. |
Standard Configs (SSH Interactive) | ConfigSource | Common module for handling generic SSH Interactive config collection. Dynamic configs are set to not alert on change by default. |
Standard Configs (Telnet Interactive) | ConfigSource | Common module for handling generic Telnet Interactive config collection. Dynamic configs are set to not alert on change by default. |
Note: The ConfigSources in this package are configured to alert based on whether a config is classed as “Standard” or “Dynamic”. Dynamic configs are expected to change frequently and therefore do not alert on change. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.