Using Properties to Set Credentials
LogicMonitor may require credentials (for example, JDBC passwords, SNMP community strings, SSH username, and so on) in order to collect data from your devices. You can use properties to set this information at the global, group, or device level.
Before you set properties for your devices, you should understand where to set them, which depends on how many devices that property applies to. For example, if you have the same SNMP community string set for all of your Linux devices, it doesn’t make sense to go and set that as a property individually for each Linux device in your account. It may be better to instead set this community string at the account level so that it applies to all Linux devices.
Note: For strategies and instructions on where and how to set properties, see Resource and Instance Properties.
The following table lists many predefined properties that can be used to store credentials (and authentication details) for various common protocols and systems.
Note: Any values assigned to properties with names ending in .pass, .auth, .key, or password will be obfuscated throughout the LogicMonitor interface for security purposes. Values assigned to the snmp.community, snmp.privtoken, and snmp.authtoken properties, as well as the aws.accesskey property, will also be obfuscated.
System: Citrix Xen*
|The username, password, and url used to access your XenServer.||For more information about configuring your Citrix XenServer, see Citrix XenServer.|
|xen.pool||Used to enable or disable discovery of the entire resource pool’s VMs rather than just the hypervisor’s current VMs.|
|xen.pool.concurrency||Manages the maximum number of connections to the Xen pool master. This property defaults to 10.|
|The username and password to access XenApp/XenDesktop.||For more information on configuring Citrix XenApp/XenDesktop for monitoring, see Citrix XenApp/XenDesktop Monitoring.|
System: Dell EMC
|The username, password, port, and SSL enablement status for EMC devices.|
System: ESX Server
|Username, password, and URL, if necessary, for accessing your ESX server.||For more information on configuring your ESX server, see ESXi Servers and vCenter/vSphere Monitoring.|
|The username, password, and port, if necessary, for the web page collection method.|
|The username and password used to access IPMI sensors and event logs.||For more information about configuring IPMI, see IPMI Support.|
|The username, password & database name used for MySQL access||For more information about MySQL credentials see MySQL Monitoring and Microsoft SQL Server Monitoring.|
|The username & password used for Oracle access||For more information on configuring access to Oracle, see Oracle Monitoring.|
|The username, password & database name used for SQL server access||By default, the SQLServerConnection- datasource uses integrated security, so it is not necessary to set these if the user the collector runs as has rights to query the database.|
|The username, password & database name used for DB2 access|
|The Tomcat JMX ports (comma separated), username and password for JMX access to your Tomcat server.||For more information about configuring your Tomcat server, see Tomcat.|
|A singular port to monitor a JMX object, a list of ports (comma separated) to monitor multiple JMX objects, and the JMX username and password that should be used for authenticating.|
|The username and password used to access for MongoDB database access.||For more information about configuring your MongoDB, see MongoDB.|
|The username and password used to access your Navisphere server.|
|The username & password used for accessing NetApp filers via the API||For more information on declaring netapp.api.port, netapp.ssl, and netapp.api.sslport, see NetApp FAS Monitoring.|
|The Windows username & password for remote perfmon access||Usually these properties do not need to be defined because the wmi.user/wmi.pass properties will be used to access perfmon data. However, these may be needed if the WMI credentials include a domain\user, but the remote computer is in a different domain, and the user is local.|
|The alternative ports and password for your Redis data store.||For more information about configuring Redis, see Redis.|
|snmp.community||The SNMP community string for SNMP versions 1 and 2c (the default is public)||See the Defining SNMP Credentials and Properties section of this support article|
|snmp.security||The username for SNMP version 3|
|The authentication algorithm (default="SHA") and the secret token for authentication (similar to password) for SNMP v3 (SNMPv3). "MD5" is also supported for the snmp.auth property and, if you are running Collector version 28.606 or a higher numbered version, "SHA224", "SHA256", "SHA384", and "SHA512" are additionally supported.|
|The privacy algorithm (default=AES, DES is also supported), and the secret token for privacy (similar to password) for SNMPv3.||AES128 and AES256 are supported out of the box.
For Collector versions 28.607 or greater, AES2563DES and AES1923DES are supported (usually for Cisco devices).
|snmp.port||The UDP port for SNMP (defaults UDP 161).|
|These properties identify the SNMP context (a collection of management information) associated with the SNMP device.|
|ssh.user||SSH username. This property must be set on the Linux resource in LogicMonitor.||For more information on configuring Linux-based system monitoring via SSH, see Linux (via SSH) Monitoring.|
|ssh.pass||SSH password. Only required if username and password are used to authenticate connection between LogicMonitor and the Linux resource. If a username and SSH key are being used instead of a password, set the
|ssh.cert||Path to the SSH key located on the Collector host (stored in a .pem or .pub file). Defaults to
|ssh.port||Port used for SSH connections. Defaults to port 22 if not set.|
|remotesession.ssh.port||Populate to override default SSH port value.||For more information on using SSH to remotely access and operate on devices from within your LogicMonitor portal, see Remote Session.|
|The Windows username & password for remote WMI and PerfMon access||If the collector is running as a domain account with local admin privileges on the host to be monitored, this is not necessary.To specify a local user when running in a domain, use ##HOSTNAME##\administrator. For more information on configuring remote Windows host access, see Credentials for Accessing Remote Windows Computers.|
|wmi.authType||The NTLM protocol version used to authenticate to a remote WMI host||If this property is not set, it defaults to a value of “NTLMv1”. Specify “NTLMv2” for authentication via NTLM version 2. A value of “Kerberos” is also supported; if “Kerberos” is assigned you should use the ServerName or FQDN to add device, and start your Collector services using AD account credentials instead of Local System. For more information on configuring remote WMI host access, see Credentials for Accessing Remote Windows Computers.|
Defining SNMP Credentials and Properties
LogicMonitor can use SNMP versions 1, 2c or 3. If your device supports 2c, it supports 64-bit counters and is preferable over version 1. SNMPv3 adds authentication and encryption, making it more secure, but also more complicated to set up and troubleshoot.
- On an individual device, snmp.version is automatically set by LogicMonitor to the version of SNMP which responds. LogicMonitor attempts SNMP communication initially with version 3, then 2c, and finally version 1. The highest responding version is set for this value, and any attempts to edit it will automatically revert.
- If you attempt to change the SNMP version after initial device addition (by entering new credentials), you must ensure it and the pertinent credentials function. If LogicMonitor is not able to communicate using the new version specified, it will automatically revert to the original version as a result of the failure.
- If you want to override the default UDP 161 port, set snmp.port (defined in the table above) to reflect your SNMP port.
SNMP Versions 1 and 2c
For SNMP versions 1 and 2c, you need to set the snmp.community property (defined in the table above).
SNMP Version 3
For SNMPv3, to communicate with authentication and privacy (referred to as authPriv security level), you need to set the snmp.security, snmp.auth, snmp.authToken, snmp.priv, and snmp.privToken properties (all defined in the table above).
If communicating with authentication only (no privacy), referred to as authNoPriv, include the snmp.priv and snmp.privToken properties, but leave them blank.
SNMPv3 also introduces support for snmp.contextName and snmp.contextEngineID. The snmp.contextEngineID value is a string used to identify the device on which the management information is hosted. The snmp.contextName identifies the individual SNMP context.