Defining authentication credentials
LogicMonitor may require credentials (e.g. JDBC passwords, SNMP community strings, etc.) in order to collect data from your devices. You can use properties to set this information at the global, group, or device level.
Understanding property hierarchies
Before you set properties for your devices, you should understand where to set them, which depends on how many devices that property applies to. For example, if you have the same SNMP community string set for all of your Linux devices, it doesn't make sense to go and set that as a property individually for each Linux device in your account. It may be better to instead set this community string at the account level so that it applies to all Linux devices.
Properties set at the device level will override properties set at the group level, and properties set at the group level override properties set at the global (account) level. As a best practice, we recommend that you set global credentials and override them as needed for groups of devices or individual devices.
Note: A device that is a member of multiple groups with the same property defined uses the properties set at the deepest level group. If the same property is set in two groups at the same level, and a device is a member of both these groups, the selection of which property that the device will take effect is nondeterministic.
Adding a property
- Navigate to the Devices tab
- Navigate to the level that you want to set the property - the root level for your device tree, a group, or a device
- Click the Manage button for that group or device
- From the Manage dialog you can change the value for a property by clicking on the value field or add a new property by clicking the '+'
- Click Save for the property, and then save for the manage dialog. Remember that the value you set is inherited downward in the hierarchy until it is overridden at a deeper level. For example, applying wmi.user at the global level will attempt to use that user value wherever WMI is detected except when the property is defined at the group or device level.
- Repeat this process for any device properties necessary for the LogicMonitor collector to get data from your devices. (e.g. snmp.community, netapp.user, jdbc.ports)
- If you run the LogicMonitor collector as a windows service with sufficient rights to collect data, for example as a domain account that is local administrator on the systems being monitored, there is no need to enter any WMI credentials in LogicMonitor. In this case, as LogicMonitor never has the credentials, they are never transmitted anywhere by LogicMonitor.
- If credentials are added they will be transmitted back to LogicMonitor, but will be encrypted while in transit and stored.
The following table provides examples of common credentials that can be set:
Defining SNMP credentials and properties
LogicMonitor can use SNMP versions 1, 2c or 3. If your device supports 2c, it supports 64-bit counters and is preferable over version 1. SNMP version 3 adds authentication and encryption, making it more secure, but also more complicated to set up and troubleshoot.
For SNMP versions 1 and 2c you need to set the snmp.community (defined in the table above)
For SNMP version 3 you need to set the snmp.security, snmp.auth, snmp.authToken, snmp.priv, snmp.privToken (all defined in the table above).
SNMP version 3 also introduces support for snmp.contextName and snmp.contextEngineID. The snmp.contextEngineID value is a string used to identify the device on which the management information is hosted. The snmp.contextName identifies the individual SNMP context.
- On an individual device, snmp.version is set by LogicMonitor to the version of SNMP which responds. LogicMonitor attempts SNMP communication initially with version 3, then 2c, and finally version 1. The highest responding version is used.
- If you want to override the default UDP 161 port, set snmp.port (defined in the table above) to reflect your SNMP port.