NetXMS Support Forum

Hi rojaraju,

I am unsure if I understand your problem correctly. Your Last Values tabs are empty?
Have you manually created any DCI on the nodes?
Or do you have Templates? Have you assigned those templates (manually or via auto-apply rules)?
Without DCIs, no Last Values.

Cheers

Hi Marco,

Not sure about the other parts in your post, but you can add a DCI to a fake node, as long as you select a real node as source inside the DCI?

Cheers

Hi,

I can certainly confirm that the only way firewalls are discovered for the topology at present is via switch FDB.
But if said firewall has multiple devices behind it, the FDB will show a number of MACs on the same port and at that stage topology discovery fails as it can't tell which of those MACs is indeed the next hop. Most firewalls don't support LLDP for discovery due to security concerns.

At the same time, if event correlation depends on knowing the topology then this would cause issues for alerts when a firewall goes down (as based on the topology none of the devices behind it are actually connected to it)? Correlation would not kick in until the switches report that they are unreachable?
Is there maybe a manual way to force a connection between devices for Topology purposes, i.e. if I know firewall x is directly connected to switch y? Kind of an override for automated discovery?

Cheers

Hi,

I believe I found the source of my problem as well.
A switch which was sending syslog data to a proxy node which was incorrectly configured with Zone ID 0 (default).
For every syslog message received, the logs showed that NetXMS was adding the same IP over and over again to the poller queue (I am not sure why it failed to detect that this IP was already in the queue in this particular instance?)
That node also just happened to be generating a syslog message every few seconds due to another monitoring tool setup and controller by a third party trying to connect to the switch using "public" (and failing, thus generating a log entry).

I fixed the Zone ID and now NetXMS can properly link the incoming messages to the node and our queue is in single digits now.

Still leaves the question how the IP could be added to the poller queue over and over? 

Cheers

Hi,

You are probably facing the same problem as mentioned in this post (which also has a solution):
https://www.netxms.org/forum/general-support/after-update-to-v2-1-m2-no-alarms/

Cheers

Hi,

I am gussing the problem is that the firewall may have other devices connected to it, e.g. a switch on one port a workstation, access point or even another switch on another. Without LLDP/CDP, the firewall in those cases basically looks like an unmanaged switch to the rest of the network.

I have lodged a feature request with WatchGuard to add LLDP/CDP, but not sure what will come of that (security concerns).

Cheers

Hi,

The logs show a lot of "potential node x.x.x.x rejected (IP address already queued for polling)".
When I check for existing objects, I either can't find them or they are in a different zone to the node that's used for discovery.

As it mentioned the "queued for polling", I had a look at the queues and Node Poller is at 40k+. Looks like that's our problem.
This value rarely decreases by 1, but otherwise just keeps increasing. Quite possible that 40k is simply the figure of all IPs across our networks which NetXMS discovered and wants to check.
I am not quite sure which poller figure to increase for this in the server config. Status? Discovery? Is there a NumberOfNodePollers configuration item?

Cheers

Hi,

It would be nice if Hyper-V hosts and guests would show on a Layer 2 Topology map.
The hosts obviously do, but the guests generally do not (unless they have a dedicated NIC).

I can use PowerShell to generate lists of Hyper-V guests, virtual switches and NICs and MAC addresses, but it having this whole setup visible on an automated topology map would be much more flexible.
Cheers

Hi,

It would be nice to have the ability to create a node from an unbound agent tunnel.
If the Agent configuration includes a Zone ID, it should be possible to search if such a node already exists in the system, e.g. by checking IPs & hostname? That could also be used to automatically bind tunnels to existing nodes if there is a 100% match.

Even just having the ability to right-click on a node in the Agent Tunnel Manager and selecting "Create Node" would be helpful when you roll out Agents to dozens/hundreds of nodes.

Cheers

Hi,

I assume VSS is referring to whoever is logged in to the Console session at the time.

The ability to actually authenticate and run actions as any given user, independent of it they are currently logged on or not (which would require providing and/or securely storing credentials), would be nice, too.

Cheers

Hi,

I wiped a number of discovered nodes from the system last night, ran hkrun and checked show objects before and after.
The nodes were definitely no longer in the list, but have not been rediscovered yet (~10 hours later, with passive discovery meant to run every 15 minutes).

Discovery also doesn't seem to pick up network changes. It really behaves like it only runs once. Is there some flag in the database that might be stuck?

Cheers

Hi,

Earlier today I created a network map and noticed that some of the configured labels on switches were incorrect, so I went ahead and reconfigured those on the switches.
I then ran an interface name poll and assumed the map would update its link labels. But it did not. The old labels remained.
I ran configuration and topology polls as well, same result.

Do link labels not get updated? Is this a one-off thing that maps do when they create a new connection between devices (i.e. check the interface names, then statically store the current value as part of the connection object itself)?

This is an automated L2 map, so I can of course recreate it, but doing so just because a link label needs an update seems excessive?
Or is that something that's updated as part of housekeeping once a day?

Cheers

Hi,

It appears there is an issue with getting WatchGuard firewalls to show peer connectivity properly.
I noticed that checks on interfaces almost always result in the firewall supposedly being "indirectly" connected to a specific switch port - as more than one MAC appears to be behind the interface in the ARP table and the firewalls do not do LLDP or CDP.

Not sure if there is a way around that? 

Cheers

Hi,

I'm seeing similar behaviour. As we are using a lot of proxies and zones, we have to rely on passive rather than active discovery.
It looks like it only discovers once and then never again (server restarts do not have any effect).

If I remove something that was discovered, it does not come back later.
If I add new devices to the network or install an Agent on some Workstation, they are not discovered, even though they do show in ARP tables of switches and have SNMP and or NetXMS Agents installed and match the filter condition.

Cheers

Sounds like {instance-name} is not being interpreted prior to calling the script.
Maybe add some trace commands to your script, e.g. something like this:
trace(0,"Instance Name: ".$1);
Then check your server logs and see what is being returned: Nothing? Literally "{instance-name}"? Something else?