NetXMS Support Forum

I have 1 server on witch netxms is watching ~20 log files. I get event about every matched entry. But i want get only one notification independent of issues are 1 or 3 or 30. What and how i need configure in netxms node to get only one notification.


A

Hi there

I have a similiar situation. Every time an event is raised in the Windows Eventlog Logwatch creates an event. For some situations I would prefere to be noticed only once (after numerous events) or likely in the DCI configuration just raise an event if  there are more than one consecutive samples.

Does someone know a solution here? Are there any plan to implement that.

Thank you

Joël

Btw: This Monitoring Software is genious.

I'll add to this question...

I want to get notified via text message if a certain critical error occurs in a process on a monitored server. However, this critical error could happen 300 times before I can get in and fix it. I do not want to get 300 text messages!    So I'd like to create a situation that states "if this event occurs x number of times, continue processing the event and send the email."

I created a situation and instance with an attribute "counter"

There is an event that runs first that sets the attribute "counter" to zero. That event processing is running; however, when I look in "View Situations" I can't see the "counter" attribute value. I have another event script that as follows:

sub main() {
  s = FindSituation("Multiple FAXes printed", "FaxFinder");
  if (s != NULL) {
    s->counter = s->counter+1;
    if (s->counter > 5) {
      return true; }
    else {
      return false;
    }
  }
}

It seems like if I could get the counter attribute to work this might work, but I can't even see the counter attribute. I still get the email every time, so the script is not processing. Not sure if I'm doing this correctly or not?

Hi!

There are two different problems. One is a bug in console - it does not show attributes under instances even if they exist. But your main problem is that situation attributes are read only, i.e. you cannot do s->counter = s->counter+1; in your script. I will do something to simplify that, but currently you have only two relatively complicated workarounds:

1. In matching script in the rule, set variable CUSTOM_MESSAGE to new counter value, and in "Situation" column, set attribute counter to value "%M" (without quotes).
2. Set counter's value to %{your_script}, and create script in the library which will increase the counter. For example, you can use %{IncreaseFaxCounter} and create script named IncreaseFaxCounter in script library like this:


s = FindSituation("Multiple FAXes printed", "FaxFinder");
if (s != NULL)
    return int32(s->counter) + 1;
return 1;


It will return either increased counter value or 1 if counter was not set before.

In any case you will have two rules - one for updating counter and second to match required counter value and perform required actions. You will also need to reset counter somewhere.

Best regards,
Victor

Hi Victor,

Thanks for your reply! Everything worked the way you said except for one thing: Using the pointer notation inside the filtering scripts does not appear to work. For example, this works:

CUSTOM_MESSAGE = GetSituationAttribute(s, "FaxCount") + 1;

but this does not:

CUSTOM_MESSAGE = (s->FaxCount) + 1;

It could be that I don't have the syntax right, but throughout my testing, the GetSituationAttribute always worked.

So for people that may want to do this in the future, I'll post this in more detail.

1) Go into Events and define custom event(s) that you want to look for. In my case, I also set up an event to reset the error counter to zero (a "normal" event). An EventID will automatically be assigned.
2) On the monitored server, set up the event log agent to generate the events in #1. Don't forget the event to reset the error counter to zero from #1.
3) Define a situation.
4) Add an event processing rule for the "normal" event in #2. In the Situation column, have it set a counter attribute (for the applicable instance) to zero.
5) Add event processing rules for the "exception"-type events from #2. In the script column, do the following:

sub main() {
 s = FindSituation("MySituation", "MyInstance");
 if (s != NULL) {
   CUSTOM_MESSAGE = GetSituationAttribute(s, "MyCounter") + 1; }
 else {
   CUSTOM_MESSAGE = 1;
 }
 return true;
}

For each "exception" event, in the Situation column, set the MyCounter attribute to "%M" (no quotes)
6) Add an event processing rule with the following script:

sub main() {
  s = FindSituation("MySituation", "MyInstance");
  if (int32(GetSituationAttribute(s, "MyCounter"))==5) {
    return true; }
  else {
    return false;
  }
}

On this same line, set up a custom email or text message action to advise you when the situation has occurred.

NOTE that the test for the counter uses the equals operator rather than "greater than." If you use "greater than" you will still get tons of emails/messages.

Once the "normal" even described in #1 occurs, it will set the counter back to zero.

Hi!

What version of NetXMS server you are using? There was a bug with accessing situation attributes using -> operator, but it was fixed in 1.0.8.

Best regards,
Victor

Hi Victor!

I'm not 100% sure how to get the version info, but when I go to the Server Console it comes up as "NetXMS Server Remote Console V1.0.8 Ready"

Not that it would probably matter, but the Logwatch agent is also 1.0.8 as is the console.

The only time I noticed an issue with the pointer notation was in the filtering script.

Thanks!

Torry

Yes, that means that you are running 1.0.8. I'll check this.

Best regards,
Victor