NetXMS Support Forum

Hi Victor - thanks for that - except that you are not correct - but you were close enough!!

I thought I had tried your suggestion and failed - but tried it again - and failed again.

Tried double double quotes - no good.

Tried triple double quotes - and it worked!!     

Other than %t being empty, I got the whole message in %m . 

This works:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\scripts\create-inc-from-alarm.ps1 -device  "%n" -sev "%s" -tyme """%t""" -pd "%(pass)" -msg """%m"""

The only two questions that remain are a follows:
1. Is time Alarm Created available? - %t is empty
2. Can I get the Event message? I would like this so I can create the ticket with Event Message which I create as a summary of the alarm.

Wondering if anybody else has hit this problem - I am pretty sure I am not the first - and was wondering what I am missing.

Trying to add to my expanding collection of Object tools / Alarm tools - but having some bad luck with Alarms. I want an Alarm Tool to create a Help Desk ticket via PowerShell but NetXMS is not acting as expected.

I do not think it is the extremely limited documentation - I think it is an inconsistency in parameter availability.

The command below is designed to get the Alarm message either in its entirety, a specific variable, or even the Event Message, the severity and the time the alarm occurred.

The only documentation that half helped is this - https://netxms.readthedocs.io/projects/admin/en/latest/event-processing.html?highlight=message#event-processing-macros
as well as section 23.2.1 of the 2.2.11 admin guide (which lists in a table the fields available - but are for Event Processing Policy only??)

The problem is as follows:
1. Time of the alarm is not passed. %t is empty
2. %m passes the first word only.
3. NetXMS passes the rest of the message as variables (no idea what name) using a blank as the separator. I have added additional variables just to pick up them up.
4. Fortunately, using PowerShell names variables, the input variable is passed successfully, even if PowerShell has it last in its list.
5. I can export the Alarm as CSV and Message field and Created Time are correct and complete - exactly what I want - but seemingly impossible to achieve.
6. An alarm that has special characters such as / % , etc. cause NetXMS to hang the execution - either never finishes or terminates with blank output.
7. It would appear %A would do it - but that is empty - tried that as well.
 
This can be reproduced by anyone as per below. I changed %t to %c as %t caused the script to hang - using %c allows me to see that the -c Code  variables is working.

My Object tool command (local script): It has one input - variable name  is pass. The command does produce output 9tick the box)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\scripts\create-inc-from-alarm.ps1 -device  %n  -sev %s -tyme %c -pd %(pass) -msg %m

My PowerShell is as follows:

Param(
[string]$device,
[string]$msg,
[string]$tyme,
[string]$sev,
[string]$m1,
[string]$m2,
[string]$m3,
[string]$m4,
[string]$m5,
[string]$m6,
[string]$m7,
[string]$m8,
[string]$m9,
[string]$m10,
[string]$m11,
[string]$pd)


write-host  " Alarm on $device with msg $msg $m1 $m2 $m3 $m4 $m5 $m6 $m7 $m8 $m9 $m10 $m11 that occured at $tyme with severity $sev using pass $pd "

Was having a discussion with an icinga2 user and they have STATE as a severity which gets confusing - a Node that is down is critical - not because it has a status of critical - but because it has a state of down.

I like the simplistic view where I can look at the General panel of a Node and can see just what and where the problem is. Is the Node up or down, what is OK and what is NOT. This is standard Kepner Tregoe Problem Solving / Situational Analysis, in case anyone was wondering

A Node STATE is always UP or DOWN (or unmanaged)

A Node STATUS is OK / Warning / Major / Critical - made up of the following - each displayed in the General panel.

Interface Status (user selectable to affect Node STATUS - has a dependency on STATE being UP)
DCI Exception Status (user selectable to affect Node STATUS - has a dependency on Node STATE being up - show last value if STATE = down)
TRAP Exception Status (user selectable to affect Node STATUS) - still relevant if Node is up or down - shows what was happening on way down)

No - pretty confused.

I have about a thousand devices unmanaged and they send traps and do not turn into alarms.

I have interfaces unmanaged but an interface is not a node - alarms register against a node.

Is the issues you have is that traps are being sent from an unmanaged interface on a node - or - is NetXMS monitoring an unmanaged interface and generating an alarm at the Node level?

I am pretty sure you cannot (currently) disable traps at an interface level as the traps will always aggregate up to the node - which makes sense as it is the node which generates the traps.

If you have created interfaces as nodes, then the fact they are unmanaged would come under the Node rule and would not trigger.

Excluding the fact that if a device wants to send your NetXMS server a trap, and you don't want to see it solely because it is coming down an unmanaged interface, you could probably filter this out using some scripting on the Event processing policy.

For me, I got annoyed with Interface Down alerts - so I disabled the policy - no more alerts. Either the other end of the interface is a node and I will get a Node down alert, or I have redundancy in which case the redundancy kicks in - and no action required. For those I really care about, I have a container limited policy and apply alarms to those only.

There is no setting as far as I know for what you want, but what you want can be achieved a number of ways as per above. I hope this helps.

Once we get to the improved trap processing in V3 later this year as indicated by Victor, I will do the AVAYA / Dell / Dell IDRAC / CISCO / APC ixcs traps that have numerous oids that are the same per trap but need to be entered over and over. 

OK - I can see that setting - which is off by default. Can we have this added as a server default setting - enabled or disabled by default at initial discovery (node addition).

I have 4322 devices so doing this one-by-one is off the table. I assume this is about 3 or 4 lines of script to update all to have this ticked?

I was simply looking for a way to be able to display alarms where status = outstanding without having to type outstanding every time.

Alarm Log allows multiple filters - but is the log, so cannot acknowledge or terminate.

Dashboard gives me access to the xml, but do not know what xml I need to add to have State = Outstanding.

Having the State field as an additional display selection option on the Dashboard Alarms would be great - actually - it would be near perfect

Perfect would be to include a search field - that would be perfect and would be the pen-ultimate Alarm browser.

The ultimate? - have these in Alarm browser as well

Hi Vistor,

Thanks for that. If you need a beta tester, happy to help out.

Currently grinding through Dell normal, Dell IDRAC, AVAYA G3 and G7, and CISCO. - which includes finding and fixing the necessary support mibs.

Fantastic solution - thanks Victor

In my quest to read every post and learn all things wonderful, I found this little gem.

Am I correct in my understanding that what was being done here provided multi column filtering - which in this case is events, but equally applies to Alarms?

Does anybody have this or variations of this working?

I want to be able to select a container, show the alarm view, filtered by both the container and by status = Outstanding, and if possible, still have the filter visible. This seems to give me two out of three and putting it into an Object tool where I asks for the third filter, possible to have a three way filter that dynamically updates.

Similar request - being able to debug by node and or by function.

For example - debug level 5 is needed to see why event accepted / rejected - but I only need that on for 1 node - not every node and every event.

Currently example - PowerShell executable runs locally bit not on server - turn on debug and huge amount of irrelevant logging produced.

Would be nice to say debug Object_Tool level 9

and even nice Debug Object Tool scriptxwz level 9

Got distracted - Event Processing has inspired me to get Create_Help_Desk_Ticket going first - much greater payback !!.

To implement this, in its most rudimentary form, the following looks like it would work:


// Hash the 4th parameter into a less than 256 char size as it is too long for duplicate comparison which fails to match duplicates
// To use, $4 is the parameter that is to be shrunk and the alarm key is %n_%1_%M - the %M is the shortened %4
// This code is added to Actions and the action is added in Event Processing Policy

alarmhash=sha1($4);

CUSTOM_MESSAGE = alarmhash;

I had a look at that "fix" and noticed the setting I had mentioned "allow version change" was implemented with that fix - but it is not part of the default settings.

If anybody knows how "prevent automatic SNMP configuration changes" was implemented, this might be enough just to set that to yes, increase the timeout, and just move on

Out of curiosity - which version of Timescale are being considered being used - Open Source, community or Enterprise?

Well posted tnayak.

Should be pinned - including the initial problem - so those who hit this, which there will be others, have a clear and simple to follow solution.

I have benefited unbelievably from the assistance of Tursiops and as per his initial response "try these options...they just work", a simple statement that certainly got you a lot closer as well.

We went Windows as that was even easier, but even then, we hit the problem of trying a monitoring solution that relied on devices responding to snmp, but no snmp templates. Tursiops rescued us which otherwise probably would have seen us move on. The Linux and Windows SNMP based templates I ended up with have been posted for any and all to use.

What's next for me?  I have a bunch of PowerShell tools to add -Ping, Tracert, SNMPGET, Create Help Desk ticket - non-jira etc.

The simpler it is to enable people to use NetXMS, the wider its adoption and Development.  Your post will greatly assist that - well done and thanks.