FEATURE AVAILABILITY: The ability to create ConfigSources for the purpose of monitoring configuration files is only available to customers that are using the LM Config add-on feature.
Introduction to ConfigSources
Available to users of LogicMonitor's add-on LM Config feature, ConfigSources are templates based on Groovy or Powershell scripts that define how LogicMonitor should access, collect, and alert on your devices' configuration files.
Similar to other LogicModules, LogicMonitor installs with pre-configured ConfigSources for many common systems and applications. However, you can also create your own custom ConfigSources.
Note: In order for ConfigSource data collection to work properly for cloud resources, you'll need to first enable monitoring via local Collector, as discussed in Enabling Monitoring via Local Collector.
Note: Monitored configuration files cannot exceed 3MB in size per individual file.
Creating a ConfigSource
To create a ConfigSource, navigate to Settings | LogicModules | ConfigSources | Add | ConfigSource. From the Create New ConfigSource dialog that displays, there are four categories of settings that must be configured:
- Name: The unique name of the ConfigSource. As a best practice, this name should be descriptive: specify the platform or application name, then, if necessary, a specific component of the platform.
- Displayed as: The name the ConfigSource will be displayed with in the Device page. This name does not need to be unique.
- Description: The description that will be associated with this ConfigSource. As a best practice, if the ConfigSource name is not unambiguous as to what the ConfigSource is collecting, the description field should provide enough information that someone seeing the name and the description will be clear what the ConfigSource does.
- Search keywords: Tag the ConfigSource with keywords (related to its name, purpose, scope, etc) that will facilitate a search for it.
- Technical Notes: This field can contain any miscellaneous technical notes associated with the ConfigSource, beyond what is included in its description.
- Group: The ConfigSource Group to which the ConfigSource will be added. If this field is left empty, the ConfigSource will not be added to a group. If you enter text that does not match an existing ConfigSource Group, one will be created.
The Applies To field defines which devices will be associated with this ConfigSource. This field needs to be in AppliesTo Scripting Language syntax.
Test Applies to
Select the "Test" option to display a list of all devices which will be impacted by the new Applies To configuration
The Collect Every field defines how frequently data will be collected (i.e. the data collection interval).
This field should be set to an interval appropriate for the Configs being checked. For example, items that change frequently or require immediate attention in the event of an error (e.g. supervisor/management CPU is overloaded) should have a short poll cycle, such as one hour.
Note that longer poll cycles impose less load on both the server being monitored and the Collector.
If this option is checked, the ConfigSource will be multi-instance.
Multi-instance means there are multiple occurrences of a config file, e.g. for multiple network interfaces on a Fortigate firewall, each containing its own config file.
Active Discovery is used to manage the monitored instances of a ConfigSource. This is only applicable for multi-instance ConfigSources. If Active Discovery is enabled, LogicMonitor will automatically find a Configsource's instances on your device, determine their display names or aliases, and keep them up to date
Enable Active Discovery
Check Enable Active Discovery to automatically manage a ConfigSource's instances. This option is only available if the Multi-instance? option is checked.
The Active Discovery Parameters script is an embedded Groovy or PowerShell script which determines what device configuration files are available and creates ConfigSource instances for them. Exactly how the script discovers instances varies according to device type. For an example, see this ConfigSource discovery script for Cisco ASA devices.
Here, you will need to embed the Groovy or PowerShell script used to retrieve your config files. If you would like to use a scripting language other than Groovy or Powershell, you also have the option to upload a script file. Please note that, when possible, best practice is to use an embedded Groovy script so you can take advantage of the EXPECT syntax.
The syntax for ConfigSource scripts is largely standardized. When writing your own ConfigSource script, LogicMonitor best practices suggest you copy-and-paste an existing ConfigSource template from the LogicMonitor repository and make the necessary syntactical changes to fit your environment. For instance, if you are working with Juniper devices, you would substitute the expect ("#") command used in the screenshot below to identify Cisco configs for an expect ("<") command.
Prior to running your script, you must set your SSH authentication credentials as properties on the device(s) you wish to implement config monitoring. These properties should take the form of ssh.user/ssh.pass if the applied devices permit SSH or config.user/config.pass for non-SSH devices (ie. telnet/FTP). The script is designed to pull-in these properties and use them to SSH in to your device. In devices that do not automatically have SSH authentication privileges enabled (ie. Cisco ASAs), a third credential may need to be saved as a property, ssh.enable.pass.
For the sake of understanding a ConfigSource script's structure, here is a broken-down view of an example script written in Groovy:
- Obtains the SSH authentication credentials set in the device's properties.
- SSHs into the device. Expect that "#" will indicate a successful connection and that the device is ready to receive commands.
- Disables pagination for the device's config file. This ensures the file is obtained in a single uninterrupted view.
- Requests the config file.
- Logs out of the SSH session with the device.
- Strips the NTP clock period value from the retrieved config file. This value constantly changes and these changes are typically of no concern. Removing this value prevents the ConfigChecks from generating unnecessary alerts.
- Closes the SSH connection and imports the script's output (the config file) into your LogicMonitor account.
Note that this particular script assumes that the provided SSH authentication credentials are sufficient for viewing the running config. Some devices, such as Cisco ASAs, will require an extra step to enable these elevated permissions.
In these cases, if there is an additional device property defined called "ssh.enable.pass", the script will attempt to use that to escalate it's privileges. If the "ssh.enable.pass" property does not exist, then the script will attempt to use the standard "ssh.pass" property to escalate its privileges:
ConfigSources generate alerts based on config checks. Much like a datapoint and threshold in a DataSource, a config check monitors the availability of a config file, or specific contents of the file, and triggers an alert when defined criteria are met. There are five types of config checks, each providing a specific method to monitor the config file.
The options available for each type of config check vary depending on the file format selected in the ConfigSource definition. Selecting the file format most appropriate to the config file you are monitoring can make the process of defining config checks easier and less prone to error.
Three file formats are available: arbitrary text, java-properties, and Unix. Using the java-properties or Unix file format provides some implicit checks that may make it easier to set up your ConfigSource. The default file format is arbitrary text.
Note: The file format must be selected when the ConfigSource is created and cannot be modified once the ConfigSource has been saved.
File Format Descriptions
Unix. Lines are separated by the line feed character (\n), as opposed to the DOS format which uses a combination of carriage return and line feed characters (\r\n) to separate lines. Lines starting with "#" are treated as comments.
java-properties. Also referred to as ".properties". Lines starting with "#" or "!" are treated as comments. Text preceding "=" is treated as a key (field), text following "=" is treated as a value. Below is a sample of text in java-properties format.
# You are reading the ".properties" entry. ! The exclamation mark can also mark text as comments. website = https://en.wikipedia.org/ language = English # The backslash below tells the application to continue reading # the value onto the next line. message = Welcome to \ Wikipedia! # Add spaces to the key key\ with\ spaces = This is the value that could be looked up with the key "key with spaces". # Unicode tab : \u0009