LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

EventSource Configuration

Last updated on 18 September, 2024

EventSources define monitoring and alerting activity for non-numeric event-based data. An EventSource is a definition that tells your Collector what information is collected or received, what resource(s) the information is collected or received from, and when alerts are triggered on that information. EventSources monitor for the following types of events: IPMI event logs, SNMP traps, Windows event logs, and Syslog events, Log events, and more.

The following are the types of EventSources:

  • EventSources that monitor asynchronous event messages received by the Collector.
  • EventSources that are poll-based and actively monitor event logs or log files for the presence of specific events and poll APIs for events.

You can add an EventSource to your account using one of the following methods:

  • Importing an EventSource from LogicMonitor’s repository
  • Importing an EventSource from XML
  • Configuring a Brand New EventSource

Collection Methods for EventSources

The following types of collection methods are used to create a custom EventSource:

  • Log File
  • SNMP Trap
  • Syslog
  • Windows Event Logging
  • Script

The rest of the collection methods support LM cloud and are not recommended for creating custom EventSources.

Collection Method Settings

Depending on the type of collection method, you can configure the following additional settings:

SettingDescription
Collector attributesOnly required for Log File and Script EventSources. These attributes provide additional detail on how custom events are accessed. For more information, see Log File Monitoring and Script EventSources.
FiltersIf you add filters, events must meet the filter criteria in order to be detected and alerted on. Available filtering options will change depending on your EventSource type. As you’re defining filters, you can use the Test Event Logging button to perform test runs of your Log File, SNMP trap, Syslog, and Windows Event Log EventSources to ensure events are being filtered and captured as you intended. You can also use the testing capability before any filters are defined to return all messages from a resource and use this information to determine the parameter values that should be filtered on.

Note: LogicMonitor supports IN filters for EventSources, which allow you to include a list of individual events (such as IN 1|3|23). We also include an equivalent operator NOT IN for excluding a specific set of events (such as NOT IN 2|34|25).

The following table describes each collection method type and whether they have collector attributes or filters associated with them:

Collection MethodDescriptionCollector AttributesFilters
Log FilesLogicMonitor allows you to monitor log files generated by your OS or applications (such as MySQL or Tomcat). For example, you can monitor the MySQL slow query log so you can alert is triggered every time a slow query is logged in the log file.x
SNMP TrapInvolves the monitored resource sending a message to the LogicMonitor Collector to notify of an event that needs attention. Through the creation of an EventSource, LogicMonitor can alert on SNMP Traps received by the Collector.x
SyslogUse the Syslog EventSource to monitor syslog messages pushed to the Collector for alert alerting purposes only. The Syslog EventSources is not intended as a syslog viewing or searching tool. For more information, see LM Logs and Collecting and Forwarding Syslog Logs.x
Windows Event LoggingLogicMonitor can detect and alert on events recorded in most Windows Event Logs. An EventSource must be defined to match the characteristics of an event in order to trigger an alert. When a Collector detects an eventx
Script EventUse the Script Event collection method to detect and alert on any event. This is useful if you have custom logging that cannot be monitored with the other EventSource collection methods (Log Files, Windows Event Logs, Syslogs, and SNMP Traps).xx
AWS Health APIThese collection method types support LM Cloud and are used for monitoring the status pages of public cloud providers. These are pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.x
AWS Service HealthThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
AWS Trusted AdvisorThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
Azure Service HealthThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
GCP Service HealthThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.x
Azure AdvisorThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
AWS RDS Performance InsightsThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.x
Azure Resource Health EventThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
Azure Emerging IssueThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx
Azure Log AnalyticsThis collection method type supports LM Cloud and is used for monitoring the status pages of public cloud providers. This is pre-built for the various public cloud providers and LogicMonitor does not recommend creating custom EventSources for this purpose.xx

Requirements for Configuring an EventSource

This test feature requires Collector version 28.400 or later. For more information, see EventSource Testing.

Configuring an EventSource

  1. In the LogicMonitor navigation sidebar, select Modules.
  2. From My Module Toolbox, select the Add icon.
  3. In the Add window, select EventSource.
    The Add New EventSource window displays with tabs for Info, AppliesTo, Filters, and Alert Settings.
  4. On the Info tab, enter the following:
    1. Name: Enter a unique name for the EventSource. Specify the platform or application and, if necessary, a specific component of the platform.
    2. (Optional) Description: Provide enough detail to ensure that the EventSource’s purpose can be determined.
    3. (Optional) Group: Specify the group to which the EventSource will be added.
    4. Collection Method: Select the collection method you want to collect data with.
      You cannot edit the collection method once it is saved. Some of these collection methods allow you to configure additional settings. For more information on collection method types, see Collection Methods for EventSources.
    5. (Optional) Technical Notes Preview: Enter any notes or technical information using markdown.
  5. (Optional) On the AppliesTo tab, do the following:
    1. In the AppliesTo field, enter AppliesTo scripting.
      The AppliesTo field accepts LogicMonitor’s AppliesTo scripting as input to determine which resources are associated with this EventSource. For more information, see AppliesTo Scripting Overview.
    2. Select the Test Script icon to return a count of matching resources and display them in the AppliesTo results panel.
  6. (Optional) On the Collector Attributes tab, do the following:
    The Collector Attributes tab is only available for some EventSource Types. For more information, see Collection Methods for EventSources.
    1. If you’re adding Log Files:
      1. Select + Add Record.
      2. Enter a Logfile Path.
      3. (Optional) Toggle on the Treat as glob pattern switch.
      4. Select an Encoding option.
      5. Set up trigger alerts for when the line matches and not trigger alerts if the line matches.
      6. Select Save.
    2. If you’re adding a Script Event: Select a schedule time frame, and then select whether to embed Groovy Script or upload and test a script file.
    3. If you’re adding any other collection method type that uses collector attributes (for more information, see Collection Methods for EventSources): From the Schedule dropdown, select a collector attributes schedule.
  7. (Optional) On the Filters tab, do the following:
    Events must meet the filter criteria in order to be detected and alerted on.
    1. Select + Add Records to open the Add Record panel.
    2. In the Type field, enter a record type.
    3. In the Comparison Operator dropdown, select a comparison operator.
    4. In the Value field, enter a value for the filter.
    5. (Optional) In the Comment field, enter a comment.
    6. Select Save.
  8. (Optional) On the Alert Settings tab, do the following:
    1. In the Clear after (in Minutes) field, select or enter a number of minutes for the alerts to clear after.
    2. (Optional) Toggle on the Acknowledge switch to allow acknowledgement of the alerts.
    3. In the Alert Subject and Alert Message fields, enter an alert subject and alert message.
      Entering and alert subject and message overrides the default EventSource alert notification subject and message for this particular EventSource. For more information, see Alert Messages. You can choose to customize the alert subject or message using tokens. For more information, see Tokens Available in LogicModule Alert Messages.
  9. Select Save.
  10. (Optional) Select Commit Version to save this version of the module and roll back to it at a later date, and then do the following:
    1. (Optional) In the Commit a Version window, enter any version notes.
    2. (Optional) Toggle on the Make this version public switch to make this module available to all LogicMonitor users in the LM Exchange.
    3. Select Commit Version.
In This Article