General Requirements and Considerations for the StackStorm Integration

Last updated on 25 July, 2022

To integrate LogicMonitor with StackStorm, you must install StackStorm on a device with one of the following:

  • RedHat
  • CentOS
  • Ubuntu

For instructions on installing StackStorm, see StackStorm’s Installation documentation.

Network and Security Considerations

By default, LogicMonitor uses port 5000 on the StackStorm device. You can change this port by modifying self. port = 5000 in the logicmonitor_sensor file in the LogicMonitor Pack. Modifying the port requires you to reload StackStorm with the following command:

st2ctl reload

The following diagram illustrates a basic network configuration from LogicMonitor to the device where StackStorm is installed along with the networking considerations for proper communication:

  1. Your firewall must accept traffic coming from LogicMonitor. See Public IP Addresses and DNS Names for more information.
  2. Your router must use Network Address Translation (NAT) to forward incoming traffic to the StackStorm device.
  3. The StackStorm device must be configured to receive Transmission Control Protocol (TCP) on the port you have open for network communication. For example, you can execute a command similar to the following on the StackStorm device to configure the port to receive TCP:
iptables -I INPUT -p tcp --dport 5000 -j ACCEPT

File Permissions and User Role Considerations

To minimize security risks, ensure the appropriate file and user permissions are granted for both StackStorm and LogicMonitor.

StackStorm File Permissions

Ensure that only the appropriate users have access to the files where StackStorm is installed (/opt/stackstorm/). You can modify the permissions as needed in the /opt/stackstorm/ directory.

For more information about StackStorm permissions, see StackStorm’s Role Based Access Control documentation.

LogicMonitor User Roles for API Token

When you create the API Token, ensure the user associated with the token has the minimum required permissions. This involves creating a role in LogicMonitor with only the necessary privilege required to execute the StackStorm Action, and then associating that role with the user. This is the user you would associate with the API Token required to enable communication between your LogicMonitor portal and the LogicMonitor Pack. The more defined the Action in StackStorm you need, the more granular your permission set must be for your LogicMonitor user.

For example, if you want to execute an Action in StackStorm that schedules downtime (SDT) for a LogicMonitor Collector so you can conduct server maintenance in your environment (i.e., using the logicmonitor.add_sdt.action command), your API Token should be associated with a LogicMonitor user that has a role with the “Manage” permission for Collectors.

For more information about users and roles in LogicMonitor, see the following:

In This Article