NetXMS Support Forum

I have a site that has about 20 Cisco 2960S switches and a couple Cisco 4900M switches that I have NetXMS monitoring.

NetXMS is using the CATALYST-GENERIC Driver so it appears that the switches are being recognized.

I am on NetXMS version 1.2.17 at this site.

The problem I'm running into is that NetXMS seems to only be aware of some of the MAC addresses on the switch.  If I try to find a switch port, it never reports a direct connection.   It always reports that a given node is indirectly connected to a remote switch.

In researching the problem, I've determined that NetXMS is only storing "dynamic" MAC addresses.   It ignores "static" MAC addresses.   We use Cisco's security features where it learns what mac addresses are directly connected to a port and only lets those addresses on that port.   This prevents someone from plugging in a foreign device that we don't know about.   Apparently, even though those addresses are "learned", Cisco classifies them as Static.

Strangely when I snmpwalk the switches, all the mac addresses appear and I don't see anything obvious that would distinguish between static addresses and dynamic addresses.   When I researched cisco literature, I couldn't even find a reference for using SNMP to look at whether an address is static or dynamic.   So, I'm puzzled at why the static addresses are missing.

Is there are way of configuring NetXMS to store all the addresses?   I would really like to be able to use the "Find switch port" feature on an object to see the local port it is connected to.  Seeing that it indirectly connects to a root switch in the core isn't helpful since all my devices connect to one of the two root switches.

I've attached the following files to demonstrate the problem.   I picked a simple 24 port gigabit switch, that has an additional 2 ports of ten-Gigabit.  We always use one of the Ten Gigabit ports as a trunk to the other switches.   typically the gigabit ports are connecting to servers and other nodes in the same rack.

• An SNMP walk of the 3 VLANs and typical OIDs used for mapping the MAC table to switch ports.   I used the following reference to get those OIDs:
  
  
  
  • http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/44800-mactoport44800.html
• A screen capture from Object Details of the switch
• An Excel Spreadsheet in which I compared the output of NetXMS's exported Switch Forwarding Database to the list produced by telneting into the switch and running a "show mac address-list".   I sorted both of those items by MAC address and inserted blank lines whenever appropriate to keep the MAC addresses matching.   When looking at that comparison, you can see that all the "static" entries are missing from NetXMS's data.   There are other items missing from NetXMS and from the Cisco output, but I consider that related to timing and just noise because there is no consistent pattern.

Please let me know if you need additional info.

While your solution fixed my problem for the Cisco 2960S switches, my Cisco 4900M switch (which identifies itself as a 4500 series switch still uses a generic driver.

The Object ID=.1.3.6.1.4.1.9.1.917

I assume that the detection logic isn't aware of this switch.   Is there a way of tricking NetXMS into thinking it is another switch that is supported to see if it works?   

This is the software I'm running on the switch:
System Description=Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASEK9-M), Version 12.2(53)SG9, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Tue 29-Jan-13 03:04 by p

I have two of these switches at the core of my network (they are 10GBit switches).   It would be nice if NetXMS recognized them.

Let me know if there is anything I can provide that would help.

Thanks in advance.

Thanks again Victor for your quick response.

Your solution solved my problem.

The driver is now showing as Catalyst-Generic and the other vlans are being looked at.

Here is a copy of the new log:

[07-Jan-2015 17:59:56.465] Log file opened
[07-Jan-2015 17:59:56.481] [INFO ] Database driver "mysql.ddr" loaded and initialized successfully
[07-Jan-2015 17:59:56.904] [INFO ] Network device driver "AIRESPACE" loaded successfully
[07-Jan-2015 17:59:56.904] [INFO ] Network device driver "AT" loaded successfully
[07-Jan-2015 17:59:56.904] [INFO ] Network device driver "BAYSTACK" loaded successfully
[07-Jan-2015 17:59:56.919] [INFO ] Network device driver "CATALYST-2900XL" loaded successfully
[07-Jan-2015 17:59:56.935] [INFO ] Network device driver "CATALYST-GENERIC" loaded successfully
[07-Jan-2015 17:59:56.935] [INFO ] Network device driver "CISCO-ESW" loaded successfully
[07-Jan-2015 17:59:56.950] [INFO ] Network device driver "CISCO-SB" loaded successfully
[07-Jan-2015 17:59:56.950] [INFO ] Network device driver "DELL-PWC" loaded successfully
[07-Jan-2015 17:59:56.950] [INFO ] Network device driver "ERS8000" loaded successfully
[07-Jan-2015 17:59:56.966] [INFO ] Network device driver "H3C" loaded successfully
[07-Jan-2015 17:59:56.966] [INFO ] Network device driver "MIKROTIK" loaded successfully
[07-Jan-2015 17:59:56.966] [INFO ] Network device driver "NETSCREEN" loaded successfully
[07-Jan-2015 17:59:56.982] [INFO ] Network device driver "NTWS" loaded successfully
[07-Jan-2015 17:59:56.982] [INFO ] Network device driver "PING3" loaded successfully
[07-Jan-2015 17:59:56.982] [INFO ] Network device driver "PROCURVE" loaded successfully
[07-Jan-2015 17:59:56.982] [INFO ] Network device driver "SYMBOL-WS" loaded successfully
[07-Jan-2015 17:59:56.997] [INFO ] Network device driver "UBNT" loaded successfully
[07-Jan-2015 18:00:03.376] [INFO ] Listening for SNMP traps on UDP socket 0.0.0.0:162
[07-Jan-2015 18:00:03.392] [INFO ] NetXMS Server started
[07-Jan-2015 18:00:03.392] [INFO ] Listening for client connections on TCP socket 0.0.0.0:4701
[07-Jan-2015 18:00:03.392] [INFO ] Listening for client connections on TCP socket :::4701
[07-Jan-2015 18:00:03.392] [INFO ] Listening for mobile device connections on TCP socket 0.0.0.0:4747
[07-Jan-2015 18:00:03.392] [INFO ] Listening for mobile device connections on TCP socket :::4747

Thanks for your quick response.

It looks like the GENERIC driver is being selected.

Does GENERIC mean completely Generic or is it CATALYST_GENERIC (which is mentioned in the Wiki)? 

• If it is Catalyst_generic, then what can I do to determine why it is only paying attention to VLan 1?
• If it is completely generic, then what is the next step to determine why it isn't selecting the Catalyst drivers?    I did verify that snmpget returns a value ("9") for .1.3.6.1.4.1.9.5.1.2.14.0

Is there a way of determining which drivers are loaded?  I don't see any network drivers in the server log (which I posted in my first message).


When I do a configuration poll, this is the output:

[2015-01-07 08:04:45] **** Poll request sent to server ****
[2015-01-07 08:04:45] Poll request accepted
[2015-01-07 08:04:45] Starting configuration poll for node Edge-Switch-1
[2015-01-07 08:04:45] Checking node's capabilities...
[2015-01-07 08:04:45]    Checking SNMP...
[2015-01-07 08:04:45]    SNMP agent is active (version 2c)
[2015-01-07 08:04:45]    System description changed to Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Wed 09-Apr-14 03:09 by prod_rel_team
[2015-01-07 08:04:45]    System name changed to 0xee1400
[2015-01-07 08:04:46]    LLDP node ID changed to 4@6C9CEDEE1400
[2015-01-07 08:04:46] Capability check finished
[2015-01-07 08:04:46] Checking interface configuration...
[2015-01-07 08:04:46] Interface configuration check finished
[2015-01-07 08:04:46] Checking node name
[2015-01-07 08:04:47] Node name is OK
[2015-01-07 08:04:47] Finished configuration poll for node Edge-Switch-1
[2015-01-07 08:04:47] Node configuration was changed after poll
[2015-01-07 08:04:47] **** Poll completed successfully ****

I'm not sure about what you mean by verview, but I did see an object details option on the view menu.   When I've tried to pull that up before, I just got a blank page.    I tried a couple times, and this time I received the following on the general page.

ID=472
GUID=c1116b44-1ee4-8b40-9f0b-b905c296c3f1
Class=Node
Status=Normal
Primary Host Name=10.3.101.1
Primary IP Address=10.3.101.1
System Description=Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Wed 09-Apr-14 03:09 by prod_rel_team
SNMP sysName=0xee1400
SNMP Object ID=.1.3.6.1.4.1.9.1.1208
Bridge Base Address=6C:9C:ED:EE:14:00
Driver=GENERIC
Boot Time=2014-12-10 09:22:49

I've been using NetXMS for a while, but recently installed version 1.2.17 on a Windows Server 2012 machine at a site that uses Cisco 2960S switches and 4500 switches.   

I use primarily 3 VLans for most of the traffic and don't use vlan 1.   NetXMS doesn't seem to show any information except for vlan 1.  When I look at the forwarding database, I only see vlan 1 related info.

I know that Cisco uses a modified form of the community string for vlans and have tried that without any better results.

I'm skeptical that the Catalyst driver is loading or working.   I just restarted the NetXMS server and don't see any mention about loading the network drivers.

[07-Jan-2015 01:35:32.010] Log file opened
[07-Jan-2015 01:35:32.026] [INFO ] Database driver "mysql.ddr" loaded and initialized successfully
[07-Jan-2015 01:35:38.711] [INFO ] Listening for SNMP traps on UDP socket 0.0.0.0:162
[07-Jan-2015 01:35:38.727] [INFO ] Listening for client connections on TCP socket 0.0.0.0:4701
[07-Jan-2015 01:35:38.727] [INFO ] Listening for client connections on TCP socket :::4701
[07-Jan-2015 01:35:38.727] [INFO ] NetXMS Server started
[07-Jan-2015 01:35:38.727] [INFO ] Listening for mobile device connections on TCP socket :::4747
[07-Jan-2015 01:35:38.727] [INFO ] Listening for mobile device connections on TCP socket 0.0.0.0:4747

I'm curious if this is a bug in the current version, or something odd about my configuration.

I did search to see how to determine which driver it is trying to use, but the articles are very old and refer to things I can't find on my system.

We don't install NetXMS in the standard "Program files" location for Windows.  We try to keep Windows Operating System stuff separated from the applications we install.   So, we install on C:\programs\NetXMS\NetXMS\  (Yes NetXMS is listed twice).  Within that directory, we have the standard installation (bin, database, doc, etc, lib directories).   Within the lib directory is a ndd directory which contains 19 files (including the catalyst.ndd and some other cisco ndds).

We are using SNMP polling for the switches and seem to be able to get SNMP data in DCI and SNMP Trap configuration.

Could you provide guidance on how to determine which NetXMS driver is in use for a switch?   Also, any other tips on how to debug this issue would be appreciated.

Bill

Victor:

The information was very useful.   

Thanks

Bill

I have a moderate sized NetXMS installation with NetXMS monitoring 80 individual remote sites plus the local master servers.   Each remote site is basically identical to the other sites.

At only one site, NetXMS is returning "Unsupported" for the "system.uptime" and "system.cpu.usage" DCI variables when it polls.   But, if I right click on the node, and use tools->info->agent->Supported Parameters, both of those parameters appear.   This behavior of declaring them unsupported is recent.

Other system parameters such as system.servicestate and process.count are working fine on that same node.

I've seen Unsupported occasionally appear in what I assume are race conditions on system startup.   In those cases, if I re-enable, restart the agent, and re-poll, it won't reflag them as unsupported.  I tried this for this node and it didn't solve the issue.   I restarted the server and it didn't help.   I used Windows Update to bring the server current and restarted and it didn't solve the issue.

The agent is version 1.2.9.        The server was just upgraded to 1.2.17 a couple days ago, but this problem was happening when the server was 1.2.9.   We haven't had time to upgrade the 80 agents yet.   79 of the 80 are working just fine.   The DCI configuration is managed by templates and not individually for each site, so I don't think there is a typo in the DCI configuration.    I've verified the agent configuration is identical to other sites - we have an internal update management system that pushes out the configuration files which are common to all locations.

I believe that this issue is likely to be a windows configuration corruption issue.    What components of Windows does the agent use to return uptime and cpu usage?   Is it WMI or something else?   At a former job, I occasionally saw WMI corruption on earlier versions of Windows, but don't want to rebuild WMI's database if it isn't involved.     The remote nodes are all running Windows 8.

Any suggestions would be appreciated.

I forgot to mention that when nxshell is able to connect, if I monitor the process I see it go into a CMD_GET_OBJECTS state with AES-256 and a CLTYPE of DESKTOP    [nxjclient/1.2.9 Linux 3.13.5-1-ARCH; libnxcl 1.2.9)]

When it is failing, I've tried it with and without encryption and don't see any difference in the error message.

At the moment, nxshell is behaving again.   I don't know how long it will last.

I've been experimenting with nxshell to create an alarm monitoring process.   

After using it for a while, somehow things get into a strange mode where I can not invoke nxshell successfully anymore.   It doesn't matter whether I specify a script or try interactive mode.   

During this time, I don't see any other issues with NetXMS.   For example, I can connect to it with the java management console app successfully.   Even if I restart the NetXMS server, I seem to have the same problem.

To debug, I went into the server console in the management console and typed "show connections" while nxshell was trying to connect.  At the start of the process I see a "CMD_REQUEST_ENCRYPTION" state, then it switches to an "init" state, and then the session goes away.   Eventually nxshell/java returns the error "ncxexception: Request timed out".   the "CLTYPE shown during the failed attempt is "DESKTOP <not logged in> [n/a]".

Once in a while it will work again, but then subsequent attempts fail.   This happened to me yesterday evening and I finally gave up.  This morning I was able to use nxshell for several hours and then this failure started again.   I'm guessing that if I let it sit for a while, things will start working again.

The version of the nxshell and server are 1.2.9    I can't upgrade yet to the latest version because I'll have to update 80 different locations and need to schedule that.   The server is on a different system than nxshell, so I'm specifying its IP address to connect to with the "-D" command.   

Is there some sort of parameter I should be playing with on the server or nxshell to get this to work consistently?  Any ideas would be appreciated...

Thanks

Bill

If we leave the management console running on a workstation displaying something like the alarm browser, things work just fine for several hours.

But, after a long time (maybe a half day to a day), the screen stops refreshing.   Trying to do anything in the console tends to then give errors (typically indicating timeout or non response).

Is there a way of keeping the session Live and functional for very long periods without having someone click on the screen every hour?   This is very helpful when setting up a monitor wall.

Bill

We are trying to create a display wall for monitoring in our office.   The purpose is to highlight the issues.   If a user needs details, they can open up NetXMS on their own workstation.    We find the Alarm Browser and Alarm dashboard contain more info than we would like.    What we would like would to be able to limit which columns are displayed and make the fonts big enough to read across the room.   For example, we would probably limit the display to Source, Message, Ack, and Modify Date.   We would sort on Modify Date in reverse order.

If we also had the ability to display the modify date as elapsed time (ie 1 hour, 2 days, etc.) it would be very nice.

I have a need to monitor the replication status of MySQL on several hundred remote servers.    Initially when a server first is installed I would like to monitor how far replication is since the process can take more than a day.   Once a server is fully in production, I need to monitor some status fields to ensure everything is OK with replication.

I'm on MySql version 5.5.32 and version 1.2.8 of NetXMS.

In MySQL, the way of getting the fields I'm interested is to do the query "Show Slave Status;" which returns a wide table with lots of variables.  Currently, there is no "select" statement that will return the info I need.
 
I've written a powershell script that can launch mysql, perform the query, and grab the output from the table.  I can configure external commands to call the script and get the value into NetXMS.   Unfortunately, external commands and powershell specifically have a fair amount of overhead.    I'd prefer that there is a more direct way within NetXMS to get this info.  The servers that I'm monitoring are very CPU bound decoding and monitoring multiple live camera streams and every bit of overhead added for monitoring the database has the potential of disrupting that process.  That is why I'm trying to lighten the footprint.

I tried using the NetXMS ODBC subagent.   I can get it to execute the query, but the subagent is hardcoded to select only column 1.  I'd like to track columns 6, 11, 12, and 19.

Is there a more native way of using NetXMS to either:

• return a table using an odbc inquiry
• or select a column from an odbc subagent inquiry
• or perhaps execute SQL statements from within an netxms script that would do the query and filter the resulting column

If not, are any of those options being considered in the future?  For example, the ODBC subagent seems to have column 1 hardcoded in it.   If there was an optional way of specifying the column number in the agent config file, it would be helpful.   The new table functionality looks very intriguing - it would seem to me that ODBC queries would be a natural extension because they can return tables.

Thanks in advance.

Bill