Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. SSH clients are distributed with most Linux-based machines. Typical SSH applications include remote command-line, login, and remote command execution, but any network service can be secured via SSH.

LogicMonitor offers monitoring for Linux systems that leverages the SSH protocol to collect various metrics including CPU, memory, and filesystem utilization; uptime; and throughput to name a few. However, this monitoring is designed to only go into effect if SNMP isn't configured for the system. Generally, if SNMP is configured, more robust out-of-the-box monitoring will activate and there is no need to configure the SSH monitoring provided by this Linux SSH package.

Setup Requirements

Add Resource Into Monitoring

Add your Linux host into monitoring. For more information on adding resources into monitoring, see Adding Devices.

Enable SSH

SSH must be configured on the Linux host in order for the DataSources to apply.

Generate SSH Keys

If you will be authenticating the Collector's access to the device using an SSH key (rather than a password), you'll need to generate the SSH public-private key pair and copy the public key between the Collector host that is assigned to the device in LogicMonitor and the device itself. For instructions on generating the SSH key pair and copying the public key, see Generate a New SSH Key.

Assign Properties to Resources

The following custom properties must be set on the Linux resource (or, depending on property, the Collector host accessing the device) within LogicMonitor. These properties allow LogicMonitor to pass the appropriate credentials onto the Linux host for authentication. For more information on setting properties, see Resource and Instance Properties.

Property Description
ssh.user SSH username. This property must be set on the Linux resource in LogicMonitor.
ssh.pass SSH password. Only required if username and password are used to authenticate connection between LogicMonitor and the Linux resource. If a username and SSH key are being used instead of a password, set the ssh.cert property instead. This property must be set on the Linux resource in LogicMonitor.
ssh.port Port used for SSH connections. Defaults to port 22 if not set.
ssh.cert Path to the SSH key (stored in a .pem or .pub file). Defaults to ~/.ssh/id_rsa if not set. This property must be set on the Collector host that is assigned to the Linux resource within LogicMonitor. LogicMonitor will attempt to use key-based authentication if configured, otherwise username and password will be used for authentication.

Import LogicModules

From the LogicMonitor public repository, import all Linux SSH LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions.

Once the LogicModules are imported (assuming all previous setup requirements have been met), the suite of DataSources will automatically begin collecting data. ​

Manually Enabling Active Discovery for Linux SSH Control Groups and Services

The Control Groups and Service Status DataSources have Active Discovery enabled from their DataSource definitions, however these LogicModules will not auto-discover control groups (cgroups) or services as instances unless the module is manually configured to do so within the Groovy Active Discovery script. The engineering team found that auto discovering all cgroups and services on a given host had the potential to produce too many instances, causing rapid alert flooding in the LogicMonitor platform or an unmanageable list of 10,000 docker instances, for example.

For this reason, we recommend manually adding selected cgroups and services as monitored instances, as outlined in the following two sections.

Note: The following instructions assume a minimum version installation of at Linux kernel 2.6.24. LogicMonitor’s Control Groups and Service Status DataSources are verified to be compatible with the following Linux distros:

  • Arch
  • Debian
  • Redhat

Finding and Manually Adding Control Groups as Instances

The following set of instructions uses a Docker container as an example of a cgroup we would like to monitor.

  1. From the command line, run: systemd-cgtop -n1 -b --raw

    This command displays the cgroups that are using the most resources. The -n1 flag denotes that we only want one iteration of the command to execute ( it is a shorthand version of --iterations=1. The -b flag forces the command to run in “batch” mode (in other words, do not accept input and run until the iteration limit set is exhausted or until killed). Finally, --raw ensures that we get the raw string values of any output collected.

  2. From the resulting output, copy the name of the parent container /docker, which displays at the top of the output with its children listed underneath.

  3. Navigate to the Linux host on the Resources page and select ‘Add Monitored Instance’ from the dropdown menu located next to the Manage menu.

    Note: For more information on manually adding instances, see Adding Instances.

  4. In the Add Monitored Instance dialog, we’ll select “Linux_SSH_CGroups” from the DataSource field’s dropdown menu and enter “/docker” in both the Name and Wildcard Value fields.
  5. After completing the dialog, click Save. If the action was successful, you’ll be able to see the instance under the DataSource, on the Resources page.

  6. We can now manually poll the instance to ensure that data collection is taking place.

Finding and Manually Adding Services as Instances

  1. From the command line, run: systemctl list-units --type=service
  2. The resulting output displays all units on a given host whose type is a service.

    Note: You can further specify that this list display by state or by activity by including the --state=<YOUR DESIRED UNIT STATE> flag.

  3. Find the name of the service, and modeling the steps listed in the previous set of steps for manually creating an instance for a cgroup, add this new service instance to the Linux_SSH_ServiceStatus DataSource and use the service name as the instance’s name and wildcard value.

Enabling Active Discovery for Automatic Instance Adding

If you are confident that your system will not be overwhelmed with an unmanageable number of instances, you may enable the default Active Discovery that exists within the DataSource definition to auto-discover instances on all hosts that the DataSource is applied to.

To enable Active Discovery:

  1. Navigate to the Active Discovery section of the DataSource definition and locate the Active Discovery script. Near the beginning of the script, there is a variable named enableAD.
    // Flag for manually enabling Active Discovery. Change value to 'true' to auto-discover instances.
    def enableAD = false
    // Refer to documentation and technical notes before changing this value.
  2. To enable auto-discovery, change the variable’s value to true: enableAD = true.
  3. Save the DataSource.


The Control Group Status DataSource exists to capture issues connecting to systemd via SSH. If data is not being returned as expected, navigate to this DataSource in the Resources tree and check for the existence of errors (errors display as instances in the Resources tree). Additionally, any errors captured by this troubleshooting DataSource are included in alert details.​

LogicModules in Package

LogicMonitor's package for monitoring Linux via SSH consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display Name Type Description
addCategory_Linux_SSH PropertySource Assigns a value of "Linux_SSH" to the system.categories property for hosts (excluding AWS and Azure) which have not been properly identified due to unconfigured SNMP, and attempts to connect via SSH using the properties set on the resource/Collector.
Linux_SSH_Info PropertySource Gathers Linux system information such as kernel name, kernel release, kernel version, hardware name, hardware platform, node name, processor type, and operating system.
Block Device Performance DataSource Monitors I/O for disks and partitions on Linux systems via SSH.
Control Groups DataSource Linux Control Groups resource and task usage via the systemd-cgtop command.
Control Group Status DataSource Linux Control Groups status monitoring via the systemd-cgtop command.
CPU Cores DataSource Monitors CPU usage per core via SSH.
CPU / Memory DataSource Monitors Linux CPU and Memory statistics via SSH.
Filesystems DataSource Monitors the Linux filesystem utilization metrics.
Network Interfaces DataSource Monitors Linux network interfaces metrics such as throughput, packet transmission, errors, packet drops, collisions and operating status.
Service Status DataSource Linux systemd services via the systemctl command.
TCP / UDP Stats DataSource Retrieves TCP and UDP statistics from netstat.
Uptime DataSource Monitors the Linux hosts uptime via SSH.

When setting static datapoint thresholds on the various metrics tracked by this package's DataSources, LogicMonitor follows the technology owner's best practice KPI recommendations. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.

In this Article: