Getting Started

Support > Getting Started > Advanced LogicMonito... > Defining Authentication Credentials

Defining Authentication Credentials

Using Properties to Set Credentials

LogicMonitor may require credentials (e.g. JDBC passwords, SNMP community strings, etc.) in order to collect data from your devices. You can use properties to set this information at the global, group, or device level.

Before you set properties for your devices, you should understand where to set them, which depends on how many devices that property applies to. For example, if you have the same SNMP community string set for all of your Linux devices, it doesn't make sense to go and set that as a property individually for each Linux device in your account. It may be better to instead set this community string at the account level so that it applies to all Linux devices.

Note: For strategies and instructions on where and how to set properties, see Device Properties.

Common Credentials

The following table provides examples of common credentials that can be set.

Note: Any values assigned to properties with names ending in .pass, .auth, .key, or password will be obfuscated throughout the LogicMonitor interface for security purposes. Values assigned to the snmp.community, snmp.privtoken, and snmp.authtoken properties, as well as the aws.accesskey property, will also be obfuscated.

Property Name

Meaning

Notes
snmp.community The SNMP community string for SNMP versions 1 and 2c (the default is public) See the Defining SNMP Credentials and Properties section of this support article
snmp.security The username for SNMP version 3 See the Defining SNMP Credentials and Properties section of this support article
snmp.auth

snmp.authToken

 The authentication algorithm (default=SHA, MD5 is also supported), and the secret token for authentication (similar to password) for SNMP v3. See the Defining SNMP Credentials and Properties section of this support article
snmp.priv

snmp.privToken

 The privacy algorithm (default=AES, DES is also supported), and the secret token for privacy (similar to password) for SNMP v3. See the Defining SNMP Credentials and Properties section of this support article
snmp.port The UDP port for SNMP (defaults UDP 161). See the Defining SNMP Credentials and Properties section of this support article
snmp.contextName

snmp.contextEngineID

 These properties identify the SNMP context (a collection of management information) associated with the SNMP device. See the Defining SNMP Credentials and Properties section of this support article
wmi.user

wmi.pass

 The Windows username & password for remote WMI and perfmon access If the collector is running as a domain account with local admin privileges on the host to be monitored, this is not necessary.To specify a local user when running in a domain, use ##HOSTNAME##\administrator
pdh.user

pdh.pass

 The Windows username & password for remote perfmon access Usually these properties do not need to be defined because the wmi.user/wmi.pass properties will be used to access perfmon data. However, these may be needed if the WMI credentials include a domain\user, but the remote computer is in a different domain, and the user is local.
netapp.user

netapp.pass

 The username & password used for accessing NetApp filers via the API For more information about declaring netapp.api.port, netapp.ssl, and netapp.api.sslport, see NetApp Filers.
jdbc.mysql.user

jdbc.mysql.pass

dbname

 The username, password & database name used for MySQL access For more information see MySQL Credentials.
jdbc.oracle.user

jdbc.oracle.pass

 The username & password used for Oracle access
jdbc.mssql.user

jdbc.mssql.pass

dbname

 The username, password & database name used for SQL server access By default, the SQLServerConnection- datasource uses integrated security, so it is not necessary to set these if the user the collector runs as has rights to query the database.
jdbc.db2.user

jdbc.db2.pass

dbname

 The username, password & database name used for DB2 access
mongodb.user

mongodb.pass

 The username and password used to access for MongoDB database access. For more information about configuring your MongoDB, see MongoDB.
redis.ports

redis.pass

 The alternative ports and password for your Redis data store. For more information about configuring Redis, see Redis.
esx.user

esx.pass

esx.url

 Username, password, and URL, if necessary, for accessing your ESX server. For more information on configuring your ESX server, see ESXi Servers and vCenter/vSphere Monitoring.
xen.user

xen.pass

xen.url

 The username, password, and url used to access your XenServer. For more information about configuring your Citrix XenServer, see Citrix XenServer.
xen.pool Used to enable or disable discovery of the entire resource pool’s VMs rather than just the hypervisor’s current VMs. For more information about configuring your Citrix XenServer, see Citrix XenServer.
xen.pool.concurrency Manages the maximum number of connections to the Xen pool master. This property defaults to 10. For more information about configuring your Citrix XenServer, see Citrix XenServer.
xenapp.user

xenapp.pass

 The username and password to access XenApp/XenDesktop. For more information on configuring Citrix XenApp/XenDesktop for monitoring, see Citrix XenApp/XenDesktop Monitoring.
naviseccli.user

naviseccli.pass

 The username and password used to access your Navisphere server.
cim.user

cim.pass

cim.port

cim.ssl

 The username, password, port, and SSL enablement status for EMC devices.
http.user

http.pass

http.port

 The username, password, and port, if necessary, for the web page collection method.
tomcat.jmxports

jmx.user

jmx.pass

 The Tomcat JMX ports (comma separated), username and password for JMX access to your Tomcat server. For more information about configuring your Tomcat server, see Tomcat.
jmx.port

jmx.ports

jmx.user

jmx.pass

 A singular port to monitor a JMX object, a list of ports (comma separated) to monitor multiple JMX objects, and the JMX username and password that should be used for authenticating.
ipmi.user

ipmi.pass

 The username and password used to access IPMI sensors and event logs. For more information about configuring IPMI, see IPMI Support.

 

Defining SNMP Credentials and Properties

LogicMonitor can use SNMP versions 1, 2c or 3. If your device supports 2c, it supports 64-bit counters and is preferable over version 1. SNMP version 3 adds authentication and encryption, making it more secure, but also more complicated to set up and troubleshoot.

Notes:

  • On an individual device, snmp.version is automatically set by LogicMonitor to the version of SNMP which responds. LogicMonitor attempts SNMP communication initially with version 3, then 2c, and finally version 1. The highest responding version is set for this value, and any attempts to edit it will automatically revert.
  • If you want to override the default UDP 161 port, set snmp.port (defined in the table above) to reflect your SNMP port.

SNMP Versions 1 and 2c

For SNMP versions 1 and 2c, you need to set the snmp.community property (defined in the table above).

SNMP Version 3

For SNMP version 3, to communicate with authentication and privacy (referred to as authPriv security level), you need to set the snmp.security, snmp.auth, snmp.authToken, snmp.priv, and snmp.privToken properties (all defined in the table above).

If communicating with authentication only (no privacy), referred to as authNoPriv, include the snmp.priv and snmp.privToken properties, but leave them blank.

SNMP version 3 also introduces support for snmp.contextName and snmp.contextEngineID. The snmp.contextEngineID value is a string used to identify the device on which the management information is hosted. The snmp.contextName identifies the individual SNMP context.


Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy

Due to import regulations in some countries, Oracle provides a default cryptographic jurisdiction policy file that limits the strength of cryptographic algorithms. Below are the maximum key sizes allowed by this "strong" version of the jurisdiction policy files:
Algorithm
 Maximum Keysize
DES 64
DESede *
RC2 128
RC4 128
RC5 128
RSA *
all others 128


If stronger algorithms are needed (for example, AES with 256-bit keys), the JCE Unlimited Strength Jurisdiction Policy Files must be obtained and installed in the JDK/JRE. This is only relevant for collector versions prior to 26.300, subsequent versions have this enabled by default.

  1. Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download from Oracle.  
  2. Rename the existing files /logicmonitor/agent/jre/lib/security/local_policy.jar and US_export_policy.jar as a backup.
  3. Copy the Local_Policy.jar and US_export_policy.jar from the download to the security directory.  
  4. Restart the collector service.  

The snmp.priv property can then be set to AES256 or another desired level. Beginning with GD26.000, this change will remain intact following any collector upgrades.