The ICMP Discovery Method

Last updated on 27 March, 2023

The ICMP ping discovery method pings and checks for specified open ports on all IP addresses you specify. As discussed next, several unique settings must be configured, under the ICMP Discovery Rules section, when you use this method to perform NetScans.

Setting ICMP Discovery

  1. Navigate to Settings > NetScans > Add Advanced NetScan.
    • In the ICMP Discovery Rules section, enter the following details:

    • Resource Credentials – To name the discovered resources using ##SYSTEMNAME## or to add only specified resources such as Cisco, NetApp, and so on, you must enter credentials that are used during NetScan to detect resource types.
      Note: These properties or credentials are not set on the resources after the NetScan is set. Therefore, you must specify a destination group that has the required credentials.
      The following are the two options for specifying credentials used for detecting resources during the NetScan.
      • Inherit credentials from Device Group — Select an existing resource group whose properties or credentials will be used for NetScan.
      • Use custom credentials for this scan — Enter the Property Name or Property value for the required resources for NetScan.

    • IP address range – Enter the IP address range. The accepted syntax is as follows:
      • A hyphenated range like this:
      • CIDR notation like this: (i.e. through
      • A comma-separated list like this:,
      • Mixture separated by commas like this:,,
    • Specify IP addresses to exclude from the Subnets range – Select the Specify IP addresses to exclude from the Subnets range option if you would like to exclude any IP addresses. You can exclude a single range of IP addresses and/or several IP addresses separated by commas.
    • Ignore system.ips when checking existing devices for duplicates – Allows for the discovery of resources that share an IP with a device already in monitoring, as determined by the system.ips property. If not slected, a resource that shares the same IP as one captured for an existing device’s system.ips property is considered to be a duplicate and not discovered.
    • Exclude duplicate IP addresses — Specify a range, comma-separated list of IP addresses, or both to exclude.
    • Included/Excluded Devices – By default, LogicMonitor includes all discovered resources and automatically assigns them to the Unmonitored Resource group. For more information, see Unmonitored Resources.

Note: You can manually decide which resources to add for monitoring. You can do this by override the settings to change the resources that are included, and for which groups these resources are assigned. In addition, you can specify which resources you want to exclude from monitoring.

You can include or exclude resources based on the resource type (Cisco, Linux, Windows, NetApp) or use a custom query. The properties supported for custom queries are a subset of those typically available with AppliesTo scripting, including:

  • system.devicetype
  • system.hostname
  • system.ips
  • properties set by the LogicMonitor auto-properties feature: system.sysoid, system.sysinfo, etc.

You must specify which resource group the discovered resources should be assigned while setting each inclusion criteria.

Note: The dynamic resource groups are not available for selection as discovered resources are not manually added to the dynamic resources groups. However, the newly discovered resources are automatically placed into any previously-created dynamic device groups with matching criteria, including the group you selected. For more information on dynamic resource groups, see Device Groups Overview.

In addition to setting a device group for each set of device inclusion criteria, you can also disable alerts for the required set by unchecking the Enable Alerting option.

Note: Rules for excluded devices are prioritized over rules for included devices.

  • Insert Token and Rename Discovered Devices-  You can optionally choose to name discovered devices using a naming convention other than (or in addition to) LogicMonitor’s default DNS naming for the ICMP discovery method. You can use a combination of text and tokens. The following tokens are supported:
    • ##IPADDRESS##. The IP address of the device.
    • ##SYSTEMNAME##. The system name is provided by the sysName OID if the device responds to SNMP. You require either the Inherit credentials from Device Group or the Use custom credentials for this scan option set to retrieve the SYSTEMNAME during the NetScan.
    • ##REVERSEDNS##. By default, the DNS name is provided by your reverse DNS resolution.

For example, you can add the text and tokens in combination as a prefix to the resources IP address: Cisco_switch_##IPADDRESS##.

Note: When a NetScan adds unique devices with duplicate names, those resources are added with display names set to IP_CollectorID.

  • Schedule — To run the NetScan on a schedule instead of running it on demand, enable the Run this NetScan on a schedule option, and select the required options such as the Frequency, Starts Hourly, and the time zone for running the NetScans.
  • Ports — You can modify the global default list of ports by selecting the Custom Ports for this NetScan option for the ICMP discovery method. If you know which TCP ports are open, you can determine the resource type.
    For example, Windows usually has ports 135 and 3389 open, while Linux does not.
  1. Enhanced NetScan Scripts – Use the LogicMonitor Enhanced Script Netscan option for improved output formatting, additional group assignment options, and resource filtering. You can choose to inherit device credentials from a specific resource, or resource group, or set custom credentials in the NetScan configuration. For more information, see Enhanced Script Netscan.