Linux RemediationSources Monitoring

Last updated - 27 May, 2026

The Linux Remediation Monitoring package provides SSH-based remediation for Linux hosts, enabling remote execution of commands to manage process lifecycles and system availability.

These LogicModules use standard Linux utilities to identify, terminate, and launch processes, and to reboot systems, improving service availability and reducing mean time to resolution (MTTR).

Remediation actions run over SSH using password or public key authentication and execute in the context of the configured SSH user.

The LogicModules package supports the following remediation capabilities:

• Terminate processes using kill (graceful or forceful)
• Launch processes using nohup for background execution
• Reboot systems using the reboot command

Process targeting uses the following rules:

• remediation.process must match the full command line, including arguments
• Matching is exact and does not support partial or fuzzy matching

Remediation actions run under the configured SSH user. Actions affecting other users or system-level operations may require root or passwordless sudo.

Remediation behavior is controlled by host properties that govern duplicate handling and process termination. By default, duplicate processes are not launched if an existing instance is detected, unless explicitly allowed. Process termination supports both graceful signals and forceful termination using SIGKILL, and can target either a single process or all matching processes.

This package operates on Linux systems that support OpenSSH access, standard utilities (for example, ps, kill, nohup, reboot), and non-interactive command execution (for example, exec). Most modern Linux distributions are supported, although restricted shells or limited environments can impact functionality.

Requirements for Linux RemediationSources Monitoring

To use Linux Remediation Monitoring, ensure the following:

• A LogicMonitor user with Manage permission for modules and resource permissions for ‘Remediation Source’ settings.
• SSH access is enabled on the target host
• The LogicMonitor Collector can reach the host over port 22
• Authentication is configured using the following:
  • Username and password (remediation.ssh.user, remediation.ssh.pass)
  • Public key authentication (remediation.ssh.publickey)
• The remote system includes the following utilities: ps, kill, nohup, reboot
• The configured SSH user has sufficient privileges to execute remediation commands

Adding Resources into Linux RemediationSources Monitoring

Add the target Linux host into LogicMonitor. For more information, see Adding Resources.

Ensure the following during setup:

• The assigned Collector can establish SSH connectivity
• Required host properties are configured
• The system supports standard Linux process management commands

Assigning Properties to Resources

Configure remediation behavior using the following properties:

For more information, see Resource and Instance Properties.

Property	Description	Required For
remediation.ssh.user	SSH username used to execute remediation commands	All
remediation.ssh.pass	SSH password for authentication NOTE: Optional if using key	All
remediation.ssh.publickey	SSH public key for authenticationNOTE: Optional if using password	All
remediation.process	Exact process command used for matching and execution	Kill, Launch
remediation.process.duplicate	Enables duplicate process creation when launching	Launch
remediation.sigkill	Enables forceful process termination (for example,SIGKILL)	Kill
remediation.killall	Terminates all matching processes instead of the first match	Kill

Troubleshooting for Linux RemediationSources Monitoring

The following table outlines common issues and guidance:

Issue	Information
SSH Authentication Failures	Verify credentials and ensure the SSH user has appropriate permissions
Permission Denied Errors	Ensure the user can execute required commands (for example, reboot, kill) without interactive prompts
Process Not Found	Confirm remediation.process exactly matches the running process, including argumentsVerify process matching using ps aux | grep <process>. Confirm the process is running and that the full command line, including arguments, matches remediation.process. Differences in arguments or execution path can prevent detection.
Debug Mode Risks	Running RemediationSources in debug mode still executes actions and is not a safe simulation

Use the following troubleshooting steps:

• Review RemediationSources output to validate process detection and remediation execution. Check for mismatches in process names and any execution errors.
• Ensure sudo configurations support non-interactive execution. Remediation actions fail if the SSH user is prompted for a password or if sudo requires a TTY. Configure passwordless sudo or update sudoers rules as needed.

Import LogicModules into Monitoring

Install all Linux RemediationSources LogicModules from the LogicMonitor’s Module Exchange. For more information, see the list of LogicModules in Package. If these LogicModules are already present, ensure you have the most recent version of each module. 

Data collection automatically starts when the LogicModules are imported.​

LogicModules in Package

LogicMonitor’s package for Linux RemediationSources Monitoring consists of the following LogicModules. For full coverage, import the following LogicModules into your platform:

Display Name	Type	Description
Kill Linux Process	RemediationSource	Kills a process on a Linux system.
Launch Linux Process	RemediationSource	Launches a process on a Linux system via nohup.
Restart Linux Device	RemediationSource	Runs the reboot command on a Linux system.

When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations.