NetXMS Support Forum

First thing needed is Java 17

Port 161 is probably not needed - is there anything inside the container that listens to it? Anyways, if there is - agent should be able to work as a proxy for the node where it is running.

For proxying - you need to have:
EnableProxy=yes
EnableSNMPProxy=yes
SubAgent=ping
SubAgent=ssh            # optional, only if you want to use ssh monitoring
in configuration of the agent

Is agent able to send ICMP requests - you can try collecting Icmp.Ping(1.2.3.4) metric from that agent

You can also try operation without network discovery - by adding a node for a device in that zone and manually specifying that proxy in properties of the node.

Yes, correct, since devices in your management network are directly accessible from NetXMS server, there is no need for zoning to monitor them.

In the scripting language it's different then in SQL. When the script (you probably use script threshold) is invoked, DCI value is contained in $1 variable. Any operation with this variable will take it as a whole thing.

We will increase the limit, fix will be in a patch release that should be out in a few days.

Yes, to communication from server to agent you need just one port - 4700 on agent side. So yes, if you have several agent nodes behind a firewall, you can forward e.g. 4700, 4701, etc to these agents. Check "Communication through external gateway" checkbox in node properties - this is for the server to allow several nodes with same IP and to build topology information correctly.

However, this approach is not very convenient, as you need to specify port number for each node. Alternatives are:
- if you have a machine behind the NAT that is running all the time (or several machines and at least one of them running) you can configure netxms agent there as proxy. In this case communication to other systems will happen through that proxy, you don't need to open any more ports, network discovery will work
- netxms agent can establish tunnel connection to the server - in this case you don't need any port forwarding


Proxy agent is specifically netxms agent (with a few params in it's config - EnableProxy=yes, EnableSNMPProxy=yes...). For your router to act as a proxy you need to have a way to install netxms agent there. It's possible to build netxms agent for openwrt, or it can work on mikrotik routers that support docker.


If you specify some address as proxy for a zone, that agent should be configured to work as proxy. For your approach with port forwarding there's no need to create a zone or specify proxy (buy anyways you can create a zone to group the nodes or to add a proxy in the future)

What is the maximum length that you are encountering?

We will add option to specify authentication method in a future release, but currently that's not possible. Meanwhile you can use "shell" notification channel and call some script that would invoke curl from command line

From the capture it's seen that exchange successfully switches to TLS mode, but we don't see much beyond that due to encryption.
Please try sending email using curl from command line of machine where netxms is running:

curl -v --ssl-reqd  --url 'smtp://pro1.mail.ovh.net:587' --user '[email protected]:password' --mail-from '[email protected]' --mail-rcpt '[email protected]' --upload-file mail.txt
for that you need mail.txt file in the folder where you launch curl with content like this:

From: "User Name" <[email protected]>
To: "John Smith" <[email protected]>
Subject: This is a test

Hi John,
I'm sending this mail with curl thru my gmail account.
Bye!
Please adjust the command and mail.txt file with your actual addresses. curl should produce verbose output, pls share that.

Please try to capture traffic on NetXMS using tcpdump:
tcpdump -s 0 -w smtp.pcap -i INTERFACE_NAME host pro1.mail.ovh.net and tcp and port 587
STARTTLS has unencrypted phase of communications in the beginning, so we might see some clue there. You can send capture file to me in a private message.

Первый вопрос - на какой версии все это происходит, потому что print a; уже достаточно давно переделан в print(a);

t = AgentReadTable($node, "System.InstalledProducts");
for (row : t->rows)
{
  if (row->get(0) like "*Agent*")
  {
    s = "";
    for(cell : row->values)
    {
      s = s . cell . "-";
    }   
    println(s);
  }
}

This error was fixed, fix will be included in patch release that should be out this week.

In event processing policy you can use a filter script like this:
ifName = $dci->instance;
if (ifName == null or ifName == "") return false;

dciDescription = "Port Speed auf " . ifName;
portSpeed = GetDCIValueByDescription($node, dciDescription);

if (portSpeed->contains("HD")) return false;

return true;


$dci->instance will work if your DCIs are created by instance discovery, otherwise you might need to get the interface name by parsing description.

Alternative approach could be to use script threshold on your network error DCIs - that script could also get value of port speed DCI and generate threshold violation event only when both conditions are met. This way you would have less events (which also consume resources as they are stored in the DB).

Feel free to ask if you need more script examples.

Please add
DebugLevel = 6
to agent config file and share full agent log since it's start till sessions run out. You can share the log in private message if needed.

Make a script named getPackageVersion in script library:

packageName = $ARGS[1];
if (packageName == null) return "package name not provided to script";
for (s : $node->softwarePackages) {
  if (s->name == packageName) {
    return s->version;
  }
}
Then create a script DCI with metric e.g.:
getPackageVersion("curl")
The script is using information about packages collected during configuration poll, so it will provide a value even if the agent is not available at the moment.