NetXMS Support Forum

I am monitoring services from a windows agent, in a table.  I have a threshold set to look for any service set to auto that is not running.  I have exceptions as well, ignoring Software Protection, Google and other services that start and stop on demand (although set to auto in the service itself).  This works well for the most part, however I am getting false positives on this.  For example:

Threshold reached for data collection item   "SYS - Services" (Parameter: System.Services; Threshold value: 0x00000086; Actual value: 18)

Do I need to break up my conditions or something? How do I narrow down what service it is that hitting the threshold?

Thanks in advance!

Hi,

first of all, I would recommend to change events for threshold to SYS_TABLE_THRESHOLD_ACTIVATED and SYS_TABLE_THRESHOLD_REARMED - you will get much more meaningful messages including service name. Other than that configuration seems fine (you can actually use == instead of like when you are not using metacharacters, but it should not make any difference in result).

Best regards,
Victor

Victor,

Thanks for the reply.  I did make that change after noticing that myself.  I changed to the SYS_TABLE... however, I still get false positives.  Unless I need to be looking for hex codes versus verbose text comparisons.  This also happens with a table looking at volume sizes... seems like it could be a bug?

Can you provide more detailed information how exactly false positive looks like (service name, etc.). I tested it on my machine and everything works as expected.

Best regards,
Victor