NetXMS Support Forum

Ok, I have all of the automatic port / service detection working and I will try to get this all up on the Wiki at some point soon.  Here is the next issue that I am facing in regards to templating services.  Let's just take Telnet as an example as it is very simple.

If the node is running an agent this is pretty much a non-issue.  I can create the necessary DCI(s) and away we go.  However, many of the devices we are looking to monitor are things like access points, routers, switches,... which of course cannot run the agent.

I see a few possible solutions but not sure which / if any can be accomplished:

1.  We need a way to bind network services to templates.
2.  I need some way to create a DCI on the server to use the agent it is running to perform the check for me.  Cannot figure out how to do this via scripting in the server.
3.  If we setup the Proxy on the node to check to be the server can we then create a DCI ServiceCheck right on that node and will this work?

Any suggestions would be appreciated.

Yep, that resolved it.  Thought the rights on  the nodes were a subset / fine tooth version of the user rights.  It is working.  Off to automatic service profiling for me.......

In the interim until there is a package for the tools we have compiled them and installed (pretty simple of course, but prefer packages).  However, I have yet to figure out the how to get nxevent to work, this is running on the same box as the server.  I have also tried all the combinations below replacing the XL_TESTEVENT name with the number assigned and the same results.  Here is what I get:
# nxevent -d -e -P MyPassword -u myser 123.123.123.123 XL_TESTEVENT
*debug* SendMsg("CMD_GET_SERVER_INFO", id:0)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:0)
*debug* SendMsg("CMD_REQUEST_ENCRYPTION", id:1)
*debug* RecvMsg("CMD_REQUEST_SESSION_KEY", id:1)
*debug* SendMsg("CMD_SESSION_KEY", id:1)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:1)
*debug* SendMsg("CMD_LOGIN", id:2)
*debug* RecvMsg("CMD_LOGIN_RESP", id:2)
*debug* SendMsg("CMD_TRAP", id:3)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:3)
Unable to send event: Access denied
*debug* Network receiver thread stopped



Have also tried this to localhost (127.0.0.1) and using the event number instead of name.  Have tried it with no username / password:
*debug* SendMsg("CMD_GET_SERVER_INFO", id:0)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:0)
*debug* SendMsg("CMD_REQUEST_ENCRYPTION", id:1)
*debug* RecvMsg("CMD_REQUEST_SESSION_KEY", id:1)
*debug* SendMsg("CMD_SESSION_KEY", id:1)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:1)
*debug* SendMsg("CMD_LOGIN", id:2)
*debug* RecvMsg("CMD_LOGIN_RESP", id:2)
*debug* Network receiver thread stopped
Unable to connect to server: Access denied


No username/password and no encryption:
*debug* SendMsg("CMD_GET_SERVER_INFO", id:0)
*debug* RecvMsg("CMD_REQUEST_COMPLETED", id:0)
*debug* SendMsg("CMD_LOGIN", id:1)
*debug* RecvMsg("CMD_LOGIN_RESP", id:1)
*debug* Network receiver thread stopped
Unable to connect to server: Access denied

The user is setup in the server and at this point has ALL the permissions set just to make sure that was not causing issues.  Can you let me know what might be happening.  Also, what is the MINIMAL permissions that can be given and still allow the submission of nxevents.  Finally, should the <event_id> be specified by the name or the number? 

Thanks!

Ok, now that I can see the keys ins 1.2.2 I was able to find the problem and have worked out a solution.

When we get a SNMP_LINK_DOWN event we create an alarm with key SNMP_IF_DOWN_%i_%2, then on the SNMP_LINK_UP we terminate alarm SNMP_IF_DOWN_%i_2.  This is working and the event is clearing as it should be.  However, further down our processing policy have an event that creates an alarm NOTIFY_%i_%1.  To start a process of notification to pagers if an event does not clear.  Of course when I get the clearing event for this pair %1 is different than the first time as that contains the OID of the trap.  I have fixed this and we now seem to be fine.

Thanks for adding the Alarm key in 1.2.2 display!

For the database part of your question just use the native database tools to handle this.  I would probably suggest stopping the server and agent before any of these items. 

For example using MySQL since that is what your configuration shows to change the password for the netnxms user on a MySQL system:

$ mysql -u root -p    # Enter root password when promted
   mysql> use mysql;
   mysql> update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='netxms';
   mysql> exit
$ vi /etc/netxmsd.conf
   # Updated DbPassword with NEW-PASSWORD-HERE in configuration


Similarly, if you wanted to start over with a clean database you would run the following:
BE WARNED THIS WILL WIPE YOUR DB SETUP COMPLETELY TO INITIAL VALUES!!!

$ mysql -u root -p    # Enter root password when promted
   mysql> drop database netxms;
   mysql> exit
$ /usr/local/bin/nxdbmgr init  /usr/share/netxms/sql/dbinit_mysql.sql     # Path might be /usr/local/share... based on install


Yes, that and the other tools provided in the console install as a package of its own would be great.  Thanks!

Appreciate the suggestions, will post to wiki as an example.  I notice that nxevent is not installed on my system however and is only in the client folder when viewing the source code trees which we have for viewing but install using the .deb files.  Does this only come from .deb installation if you install the console package?  Seems like some of this should be included in the server build as well. 

At this point we have all of the SNMP and Agent monitoring setup using templates with automatic bind rules so that as we add a device to the network we are assured to at least get the minimum amount of information so we know about it, and record standard metrics.

Now, however I want to try and template services (SSH, Telnet, HTTP,...).  I can manually create them on devices after they are discovered, but to make this as automated as possible I would like to have it do this for me at node discovery.  I have come up with one way for doing this, but want to see if somebody has a more elegant solution.  We have 100's of services to monitor (maybe 1,000's) and would like to do this right the first time.

Here is the current thought:

1.  We already have an event fired when a node is added that e-mails us to make sure we actually
want this device on our network and setup all the items manually that we currently need to.
2.  When this event is fired we would call an action that runs a process on the local server (something like nmap for example to get ports ope, or chkconfig to see services enabled) so that we can see the ports open.
3.  We can then setup a push of data back to the NetXMS node nicely formatted with values like:
                          mynode      port      22
                          mynode      port      80
                          mynode      service  spamassassin
                          mynode      service  reallyneatservice
4.  These pushed back values are then used by script to create custom attributes on the node.
                          portScan          22:80
                          serviceScan      spamassassin:reallyneatservice
5.  Templates are setup looking to bind nodes that have the specific custom attribute / value pair.


This of course only works for templating services that are running on the node at the time it is discovered.  I could of expand on this to scan again at a later time using one of many methods.

As mentioned, I am really hoping for feedback on either refining this idea or saying to me - that is ridiculous "xyz" is a much better way to do this.   Thanks to all in advance. 

Now I am off to upgrade everything to 1.2.2 which I see just made it onto the site  

Agreed, can't wait.  This NMS is so flexible, love working with it.

I expected it would use IP to find node.  Can see up hitting with trap monitor and same IP, just not creating event it appears.

We have created a template where one of the SNMP items in that template applies to the majority of the devices in the template, but some not.  We are trying to create the system as automatic as possible so we have created rules to assign templates to devices as discovered.  When one of the devices that does not support this SNMP item is discovered it kicks off an error:

Status of DCI 877 (SNMP: .1.3.6.1.4.1...) changed to UNSUPPORTED

This is fine, I would expect that during the initial application of the template.  We then go in and change this item to  Disabled, but leave it in there.

The problem comes in that if we go into the template to make any further changes, or even just to check things it seems to update some sort of flag and try to apply the template items again.  This causes all the nodes to once again process the unsupported message above and for us to clear them and set the item to disabled.

Maybe during the applying of templates it could check if the item exists for the node already and set to disabled.  If so, NOT fire this message as it has likely already been seen and handled. 

Ok, tried creating them "cloning" the link up / down policies that exist.  For the down event I create an alarm SNMP_IF_DOWN_%i_%2 and then for the up event terminate the alarm SNMP_IF_DOWN_%i_%2.  However, it never clears even though the trap for clearing it is sent and received by the server as it is in the Trap Monitor when I watch it. 

Is it possible that the macro %i is not allowed for traps since the "source" is really not a node object as others would be and that it is grabbing just some sort of random value for that.  If so, is there a macro variable that would contain the source IP of the trap or what would you use to give it a unique alarm key?

Also, and I believe I mentioned this in the past would be nice if you could view the alarm KEYS so that it is easier to see if for some reason you are not matching properly.  In both the Alarm Browser and Alarm Log would be great.

Actually, I created no event processing policy for either of them, just apparently the even was set for down through receipt of the trap all on its own, unless that got picked up by some of the base policy rules.  I was just hoping the up would be processed likewise.  It is not an issue to create these of course, was just asking since one processed "automatically" and the other did not.

The walk requests are attached to the message.

I recently decided to start moving our trap notifications over to NetXMS from what I hope will soon be our old NMS.  We have a number of various model Procurve switches which the system seem to try and detect.  It shows the driver on the general tab as PROCURVE.  However, when we get a trap for link down and then a trap for link up it is NOT clearing the Link down event and it stays up on the device until we manually terminate.  It is detecting the ports correctly from the varbinds, just not clearing.

First traps .1.3.6.1.6.3.1.1.5.3 (link down) followed by .1.3.6.1.6.3.1.1.5.4 (link up).  These appear to be the "standard" down / up noticed and are listed in the SNMP Trap Configuration section.

Not sure how it comes up with the port drawings either, but it is wrong.  For example our 4000M switch shows an odd layout of ports 1-22 in slot 1, 0 - 23 in slot 2, 0 in slot 3 and 1 in slot 4.  In actuality there are 6 8 port cards, 1 1 port card.  It also pops up a components tab with nothing filled in.

Also, would like to make a suggestions that you allow clipboard copy from the SNMP Trap Monitor display so it is easier to grab OID's or messages. 

Thanks as always!

Thanks, guess I can even setup this thing to monitor myself   Now that is power!