NetXMS Support Forum

I have been reading up on scripting with SSH and NETXMS and various items about NXSL without much success.

I believe what I want to do is fairly simple but I don't understand how to implement it in NetXMS.

I monitor many Unifi Edgerouters with NetXMS, some of these firewalls have VPN's to remote subnets / devices that I would like to confirm the state of the VPN as up or down.  One way to do this is to ping a device on the other end of the VPN that also has the benefit of causing traffic to keep the VPN's up.  Since the Edgerouters do not have a NetXMS agent installed I don't know how to implement a script from the device like I do with other agents.  I believe it should be just an SSH script but I don't know how to get NetXMS to fire the script and record the output.

Basically I want to be able to run an SSH script on a non agent device to ping or other functions and return information.  I would also like to do this on a schedule if possible or during polling.

Any ideas on how to implement this?

The basic approach is data collection via SSH - you just create a DCI with SSH origin, its running a command on the remote system and saves first line of output as DCI value.
https://www.netxms.org/documentation/adminguide/ssh-monitoring.html

Please inform, if this suits your needs.

I have attempted to create a DCI for a given node using only the "uname -a" under the DCI parameter.  I have the Origin set to SSH, and the Data Type to String. This is to attempt to get anything back in the DCI value.

I have attempted entering the NetXMS server and a windows 10 system running with NetXMS agent with the ssh.nsm enabled.  I have also attempted setting the windows 10 system as the SSH proxy, nether of these configurations work.

The only information that I get is an <<error>> in the value of the DCI when I force a DCI poll or just wait.

Obviously I am missing something or doing something wrong, can you assist further?

Set debug level on agent to 6 and check agent's log for SSH related messages.

Best regards,
Victor

Thank you Victor, I will do that and review, but if you could explain to me in simple terms exactly where these items should be configured.  I presume the DCI parameter should be created on the agent PC node, not the router in question?  I am confused as to where each of these items should actually be created.

I have continued testing with the log verbose setting to 6.  In the Agent log, that is a windows 10 system that I am attempting to use an ssh DCI parameter, the agent log does say that the SSH sub agent is loaded successfully, however the DCI parameter is never mentioned in the log.  I have other custom DCI parameters on this test machine and they do show up in the log.

Ok, I beleive I am making progress.

I have created a DCI parameter on a test PC - windows 10 running NetXMS agent with SSH.nsm subagent.

I have created a DCI parameter as follows:
Parameter:
   SSH.Command(192.168.239.1,username,password,ping 192.168.240.1)

Origin:
   NetXMS agent

Data Type:
   String

I have tried using the origin of SSH but I never get anything back. 

With the above settings I now see this in the log:



2021.02.15 08:51:45.001 *D* [comm.cs.2          ] Requesting parameter "SSH.Command(192.168.239.1,username,password,ping 192.168.240.1)"
2021.02.15 08:51:46.157 *D* [                   ] SSH: created new session [email protected]:22/2


So I am presumably getting a return of "created new session..."

How can I use this to SSH into my device, and ping another device and return the result of "successful" or "failed"??


Thank you all for your assistance.

If the system you're doing the ping on is something like Linux, then "ping" never actually stops to give output with it's default commandline.  You'll want whatever you run through the SSH subagent to return a final value/string that you can deal with.

For instance, on Linux, a better ping command would be something like:

ping -qc1 192.168.240.1

And then parse it with awk or grep to give you a single line output.  There are some good ideas in this thread:

https://unix.stackexchange.com/questions/409203/ping-show-only-results

-zeb

Thank you for your input Zebbie, I figured once I got any info other than <<error>> on the DCI parameter then I would begin the process of parsing the data as you recommend.

Update, for anyone trying to do anything similar, I believe I have a working solution.  I was able create a polled DCI parameter from a Windows Agent using the SSH.nsm subagent to access a router / firewall and then run a script from that device ( in my case Edgerouter ).  Below is how I setup the DCI properties on the Windows Agent System:

Data - Parameter:
SSH.Command(192.168.239.1,username, password,sudo /config/scripts/polling_script.sh)

Origin:
NetXMS Agent 
   ( this differs from information online that says it should be "SSH", I could not get this to work )

Data Type:
String

Source Node:
Pointing at the Same windows Agent

I run a script that is found on the remote router / firewall that consist of a ping command that is parsed for information on if the ping is successful and returns either "OK" or "Failed"

my script is similar to this:
if ping -q -c 1 10.200.200.112 2>&1 > /dev/null ; then
    echo "Ok"
else
    echo "Fail"
fi


Thank you all for your help, this will allow me to confirm the status of VPN's that I do not control any remote devices, that only allow certain IP's to ping them.