Pack which allows integration with your company's LogicMonitor Portal.
LogicMonitor now supports StackStorm as an official Integration!
You can now create a StackStorm Integration inside your LogicMonitor Portal which can be used to send your LogicMonitor Alerts to your StackStorm environment which provides a way for you to automate your response to any type of alert you receive.
The LogicMonitor Pack creates a webhook-sensor (a Flask server) that is launched on port 5000 on the machine where StackStorm is installed. You must allow internet traffic to reach port 5000 on the machine on which StackStorm has been installed.
This LogicMonitor Pack must be used in conjunction with a StackStorm Integration inside your LogicMonitor Portal:
- Install the LogicMonitor Pack into your StackStorm environment.
- Setup the pack's configuration file.
- Requires your company name as it exists in your LogicMonitor URL.
- Requires a valid LogicMonitor API Access ID and Access Key pair.
- Setup the pack's configuration file.
- Create a StackStorm Integration in your LogicMonitor Portal.
- Settings -> Integrations -> Add -> StackStorm
- Requires a StackStorm API Key and the URL to your StackStorm environment.
The LogicMonitor Pack includes a set of Rules that can fire an action when an alert of a certain type is sent to StackStorm.
The LogicMonitor Pack includes a set of Actions that make REST Requests to your LogicMonitor Portal.
Everything in this section is described in more detail below.
If you wish to use this pack to manage collector down alerts you will need to update the payload in LogicMonitor to include the alert_url
there is an example in the examples folder.
Copy the example configuration in logicmonitor.yaml.example
to /opt/stackstorm/configs/logicmonitor.yaml
and edit as required.
It must contain:
-
company
- The name of your company as seen in your LogicMonitor portal's url.
For example, if your company's name is "Example Company" and you access your portal at example.logicmonitor.com then this field should be "example". -
access_id
- Your LogicMonitor portal's API Access ID.NOTE: The LogicMonitor Pack includes a set of Actions that make REST requests to your LogicMonitor Portal using the LogicMonitor Python SDK. Therefore, it requires a valid LogicMonitor API Access ID and Access Key.
You can create an Access ID and Access Key Pair in your LogicMonitor Portal by going to Settings -> Users & Roles -> API Tokens -> LMv1 -> Add. -
access_key
(SECRET) - Your LogicMonitor portal's API Access Key.WARNING:
access_key
is a secret value so don't save it in/opt/stackstorm/configs/logicmonitor.yaml
directly as clear text. Instead, use StackStorm's dynamic configuration values to populate theaccess_key
field.
NOTE: When using thest2 key set key_name key_value
command to create a dynamic configuration value:- Be sure to encrypt the value by using the
--encrypt
flag. - Use
--
after the last flag to indicate to the compiler the end of flag-processing. This guarantees that all API Access Keys generated by LogicMonitor will be accepted by the command.
The final command to generate a dynamic configuration value should look something like this:
st2 key set --scope=user --encrypt -- lm_access_key "{k%J7I(Gkf^5sgH8tdT=85485fX-}V2z4gkCfkPH"
Once a dynamic configuration value has been created you must reference it in your configuration file using"{{st2kv.user.key_name}}"
.
Read the documentation to ensure you understand how dynamic configuration values work.NOTE: The LogicMonitor Pack includes a set of Actions that make REST requests to your LogicMonitor Portal using the LogicMonitor Python SDK. Therefore, it requires a valid LogicMonitor API Access ID and Access Key.
You can create an Access ID and Access Key Pair in your LogicMonitor Portal by going to Settings -> Users & Roles -> API Tokens -> LMv1 -> Add. - Be sure to encrypt the value by using the
-
auth_enabled
- True or false, defaults to true.
If enabled, this authenticates all requests made to StackStorm using the StackStorm API Key entered into your StackStorm Integration in your LogicMonitor portal. Set this to false to make testing easier. If this is set to false, you can enter a dummy value into your StackStorm Integration's "StackStorm Api Key" field.WARNING: We strongly recommend setting
auth_enabled
to true for production.
Note : When modifying the configuration in /opt/stackstorm/configs/
please remember to tell
StackStorm to load these new values by running
st2ctl reload --register-configs
The LogicMonitor Pack launches a sensor (a Flask server) on port 5000. Be sure to modify your network settings to allow internet traffic to reach port 5000 on the machine on which StackStorm has been installed.
If you need to restart your sensor-webhook on port 5000, use the st2 pack register logicmonitor
command from the terminal. If that fails, try st2ctl reload
.
As mentioned, the LogicMonitor Pack comes with a number of Actions (listed further below) that make REST requests to your LogicMonitor Portal using the LogicMonitor Python SDK . Therefore, it requires a valid LogicMonitor API Access ID and Access Key .
You can create an Access ID and Access Key Pair in your LogicMonitor portal by going to
Settings -> Users & Roles -> API Tokens -> LMv1 -> Add.
As discussed further above, you must enter a valid LogicMonitor API Access ID and Access Key Pair
into your /opt/stackstorm/configs/logicmonitor.yaml
configuration file.
- The Access ID is entered into the configuration file's
access_id
field. - The Access Key is a SECRET that is should be entered into the configuration
file's
access_key
field using StackStorm's dynamic configuration values . The access key should never be exposed or visible in any files or logs.
The LogicMonitor Pack launches a sensor on port 5000 that authenticates every request with StackStorm using a StackStorm API Key.
The StackStorm API Key must be generated in StackStorm and then copy/pasted into your LogicMonitor StackStorm Integration's "StackStorm Api Key" field.
To create a new StackStorm Integration in your LogicMonitor Portal go to Settings -> Integrations -> Add -> StackStorm.
WARNING: The StackStorm API Key is stored in the "apiKey" object in the payload of the POST Request sent out by your LogicMonitor StackStorm Integration. Therefore, the "apiKey" object must exist in every POST payload you send to StackStorm. Authentication with StackStorm will fail if by default if you remove the "apiKey" object from the payload.
You can view and modify the POST Request's payload sent by your LogicMonitor StackStorm Integration at the bottom of the StackStorm Integration dialog.
As mentioned, you need to create a StackStorm Integration inside your LogicMonitor Portal for this pack to work.
To create a new StackStorm Integration in your LogicMonitor Portal go to Settings -> Integrations -> Add -> StackStorm. Once the StackStorm Integration has been created, it requires:
- A URL to port 5000 of the machine where you installed StackStorm.
- A valid StackStorm API Key for authentication.
Once the StackStorm Integration has been saved, setup an Escalation Chain and an Alert Rule so that alerts can be sent to your StackStorm environment.
Once an alert payload has been successfully authenticated with StackStorm, the sensor will inject
the
logicmonitor.alert_trigger
trigger with the alert payload into StackStorm. The purpose of
injecting the trigger with the concomitant payload is to fire a custom Action if the conditions in a
Rule are satisfied. In that regard, the LogicMonitor Pack has provided a number of Rules (disabled
by default) that fire an Action based on the type of alert being sent:
RULES
alert_throttling_alert_rule.yaml
- Maps Alert Throttling Alerts (LMT) to an actioncollector_failover_alert_rule.yaml
- Maps Collector Failover Alerts (LMF) to an actioncollector_failover_unreachable_alert_rule.yaml
- Maps Collector Failover Unreachable Alerts ( LMF) to an actioncollector_unreachable_alert_rule.yaml
- Maps Collector Unreachable Alerts (LMA) to an actionconfigsource_alert_rule.yaml
- Maps ConfigSource Alerts (LMD) to an actiondatasource_alert_rule.yaml
- Maps DataSource Alerts (LMD) to an actiondevicegroup_alert_rule.yaml
- Maps DeviceGroups Alerts (LMHC) to an actioneventsource_alert_rule.yaml
- Maps EventSource Alerts (LME) to an actionjobmonitor_alert_rule.yaml
- Maps JobMonitor Alerts (LMB) to an actionlmlogs_alert_rule.yaml
- Maps LM Log Alerts (LML) to an actionservice_alert_rule.yaml
- Maps Service Alerts (LMS) to an action
NOTE: All of these Rules are disabled by default. Enable them inside the Rule's .yaml file if you wish to use them.
NOTE: All of these Rules fire the
get_alert_list
dummy action by default. Be sure to modify the Action that gets fired when a Rule's criteria is satisfied by changing the Action reference inside that Rule's .yaml file.
The LogicMonitor Pack also comes with a large (but not exhaustive) number of Actions that make their corresponding REST Requests to your LogicMonitor Portal. On a high level, the list of actions the currently exist in the pack are:
Acknowledge Alert By ID
Get Alert By ID
Get Alert List
( Add, Delete, Get, Patch ) x Admin
( Add, Delete, Get, Patch ) x Alert Rule
( Add, Delete, Get, Patch ) x Collector
( Add, Delete, Get, Patch ) x Device
( Add, Delete, Get, Patch ) x Device Group
( Add, Delete, Get, Patch ) x Escalation Chain
( Add, Delete, Get, Patch ) x Ops Note
( Add, Delete, Get, Patch ) x SDT
More specifically, the LogicMonitor Pack has provided these Actions:
ack_alert_by_id
ack_collector_down_alert_by_id
add_admin
add_alert_rule
add_collector
add_device
add_device_group
add_escalation_chain
add_ops_note
add_sdt
delete_admin_by_id
delete_alert_rule_by_id
delete_collector_by_id
delete_device_by_id
delete_device_group_by_id
delete_escalation_chain_by_id
delete_ops_note_by_id
delete_sdt_by_id
get_admin_by_id
get_admin_list
get_alert_by_id
get_alert_list
get_alert_rule_by_id
get_alert_rule_list
get_collector_by_id
get_collector_list
get_device_by_id
get_device_group_by_id
get_device_group_list
get_device_list
get_escalation_chain_by_id
get_escalation_chain_list
get_ops_note_by_id
get_ops_note_list
get_sdt_by_id
get_sdt_list
patch_admin_by_id
patch_alert_rule_by_id
patch_collector_by_id
patch_device
patch_device_group_by_id
patch_escalation_chain_by_id
NOTE: All of these Actions correspond to REST functions that exist in the LogicMonitor Python SDK of the same name. For example, the
patch_escalation_chain_by_id
Action will fire thepatchEscalationChainById
function in the LM Python SDK.
NOTE: All of these Actions call the same /opt/stackstorm/packs/logicmonitor/actions/run.py method but with different parameters.
NOTE: We did not include every action that exists in the LogicMonitor Python SDK.
If you need to use an action/function from the LM Python SDK but it hasn't been included in the pack, copy/paste an existing action and modify it to call the corresponding function from the LM Python SDK. Be sure to refer to the documentation to see the list of parameters needed for the specific function you intend on using.
Within your action using get_device_by_id
as an example, if you wanted to get the device name from the result you would use task(task1).result.result._name
all objects returned from the API are available under result.result