Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    General Requirements and Considerations for the StackStorm Integration

    Last updated on 25 July, 2022

    To integrate LogicMonitor with StackStorm, you must install StackStorm on a device with one of the following:

    • RedHat
    • CentOS
    • Ubuntu

    For instructions on installing StackStorm, see StackStorm’s Installation documentation.

    Network and Security Considerations

    By default, LogicMonitor uses port 5000 on the StackStorm device. You can change this port by modifying self. port = 5000 in the logicmonitor_sensor file in the LogicMonitor Pack. Modifying the port requires you to reload StackStorm with the following command:

    st2ctl reload

    The following diagram illustrates a basic network configuration from LogicMonitor to the device where StackStorm is installed along with the networking considerations for proper communication:

    1. Your firewall must accept traffic coming from LogicMonitor. See Public IP Addresses and DNS Names for more information.
    2. Your router must use Network Address Translation (NAT) to forward incoming traffic to the StackStorm device.
    3. The StackStorm device must be configured to receive Transmission Control Protocol (TCP) on the port you have open for network communication. For example, you can execute a command similar to the following on the StackStorm device to configure the port to receive TCP:
    iptables -I INPUT -p tcp --dport 5000 -j ACCEPT

    File Permissions and User Role Considerations

    To minimize security risks, ensure the appropriate file and user permissions are granted for both StackStorm and LogicMonitor.

    StackStorm File Permissions

    Ensure that only the appropriate users have access to the files where StackStorm is installed (/opt/stackstorm/). You can modify the permissions as needed in the /opt/stackstorm/ directory.

    For more information about StackStorm permissions, see StackStorm’s Role Based Access Control documentation.

    LogicMonitor User Roles for API Token

    When you create the API Token, ensure the user associated with the token has the minimum required permissions. This involves creating a role in LogicMonitor with only the necessary privilege required to execute the StackStorm Action, and then associating that role with the user. This is the user you would associate with the API Token required to enable communication between your LogicMonitor portal and the LogicMonitor Pack. The more defined the Action in StackStorm you need, the more granular your permission set must be for your LogicMonitor user.

    For example, if you want to execute an Action in StackStorm that schedules downtime (SDT) for a LogicMonitor Collector so you can conduct server maintenance in your environment (i.e., using the logicmonitor.add_sdt.action command), your API Token should be associated with a LogicMonitor user that has a role with the “Manage” permission for Collectors.

    For more information about users and roles in LogicMonitor, see the following:

    In This Article