LogicMonitor Appliance¶
About¶
With LogicMonitor’s Oracle package, you can monitor a large number of Oracle operations such as blocked session metrics, library cache performance, backup and recovery activities, resource usage, and more.
Product Details¶
Vendor URL: logicMonitor
Product Type: SAAS
Product Tier: Tier II
Integration Method: Custom
Log Guide: LogicMonitor - Cyderes Documentation
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 98-100%
Data Label: LOGICMONITOR
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Action | labels.key |
| Device | labels.key |
| InstanceName | labels.key |
| Type | labels.key |
| GENERIC_EVENT | metadata.event_type |
| id | metadata.product_log_id |
| LogicMonitor | metadata.product_name |
| LogicMonitor | metadata.vendor_name |
| ip | principal.hostname |
| ip | principal.ip |
| username | principal.user.userid |
| Description | security_result.category_details |
| Description | security_result.description |
| Description | security_result.summary |
| Description | target.hostname |
| Description | target.user.userid |
Product Event Types¶
| Event Type |
|---|
| All events |
Log Sample¶
{"description":"\"Action=Update\"; \"Type=Instance\"; \"Device=NA\"; \"InstanceName=NA\"; \"Description=Found new instance(s) for: instance (CollectorID=15) [DB_BlockedSessions-procid]; \"","happenedOn":1632932135,"happenedOnLocal":"2021-09-29 12:15:35 EDT","id":"id","ip":"domain\\user","john.doe":"System:ActiveDiscovery"}
Sample Parsing¶
metadata.product_log_id = "p4XhEV-3TmuZbboAPlXvHA"
metadata.event_timestamp = "2021-09-29T16:06:09Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "LogicMonitor"
metadata.product_name = "LogicMonitor"
metadata.ingested_timestamp = "2021-09-29T16:10:50.445586Z"
principal.hostname = "domain\user"
principal.user.userid = "System:ActiveDiscovery"
principal.asset.hostname = "domain\john.doe"
target.hostname = "host"
target.asset.hostname = "host"
security_result.category_details = "backupfile.arc (p47)"
security_result.category_details = "backupfile.arc (p47)"
security_result.summary = "Found new instance(s) for: instance (CollectorID=15)"
security_result.category_details = "backupfile.arc (p47)"
security_result.category_details = "backupfile.arc (p47)"
security_result.summary = "Instance(s) disappeared from: instance (CollectorID=15)"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon