Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Staj

#1
I thought the same thing but the nxagentd.conf on disk and the Agent Configuration that matches for the node in NetXMS are all identical, as written. I couldn't work it out either.
#2
General Support / NXSL: Array Size
December 16, 2020, 04:21:39 PM
Please add to the NXSL documentation on how to get array size.

For those wondering, it's size attribute:

array dataArray;
dataArray = %(1, 2, 3);
println dataArray->size;

Quote3

Also, can we get the old NetXMS Wiki pages on NXSL functions moved over to the new NXSL documentation? A number of functions are still missing documentation.
#3
Making literal $ doesn't work for ExternalParameters in 3.6-300 it seems as per this other thread?

Unless there is some other way to run PowerShell commands?

nxagentd.conf portion:

ExternalParameter=Get-ScheduledTask(*):powershell.exe -NoProfile -Command "$$Parameter = \"$2\"; Write-Host (Get-ScheduledTask -TaskName \"$1\").$$Parameter"


nxagentd.log portion:

2020.12.16 18:38:36.287 *D* [comm.cs.5          ] Received message CMD_GET_PARAMETER (699)
2020.12.16 18:38:36.287 *D* [comm.cs.5          ] Requesting parameter "Get-ScheduledTask("Test Task", "State")"
2020.12.16 18:38:36.287 *D* [comm.cs.5          ] H_ExternalParameter called for "Get-ScheduledTask("Test Task", "State")" "Spowershell -NoProfile -Command "$Parameter = \"$2\"; Write-Host (Get-ScheduledTask -TaskName \"$1\").$Parameter""
2020.12.16 18:38:36.287 *D* [exec               ] RunExternal called for "Get-ScheduledTask("Test Task", "State")" "Spowershell -NoProfile -Command "$Parameter = \"$2\"; Write-Host (Get-ScheduledTask -TaskName \"$1\").$Parameter""
2020.12.16 18:38:36.287 *D* [exec               ] RunExternal: command line is "powershell -NoProfile -Command "Parameter = \"State\"; Write-Host (Get-ScheduledTask -TaskName \"Test Task\").Parameter""
2020.12.16 18:38:36.287 *D* [exec               ] RunExternal (shell exec): worker thread created
#4
It would be useful to have additional agent tunnel node binding actions based on an attribute of a verified agent certificate (eg: Common Name, Subject, SAN, arbitrary OID etc. against node name, node IP etc.) such as "Bind tunnel to existing node using certificate" and "Bind tunnel to existing node or create new node".

With Windows Agents now able to access client certificates using the System Certificate Store (CAPI CNG), this would close the loop at the server and and allow for semi-or-fully automated TLS setups for NetXMS nodes, depending on user requirements.

One could use ADCS to make a NetXMS Agent Certificate Template that has an CA-decided attribute which allows for node matching, configure a GPO to enable certificate auto-enrolment using the Certificate Services Client on Windows devices to obtain said ADCS issued certificate. The NetXMS Agent certificate is presented to NetXMS server by the agent upon initial connection, the NetXMS server verifies it and, upon successful verification, matches the agent to a node utilising value(s) from the verified certificate, presented by the agent, either for existing nodes only or even automating node creation as well.

It would be important to consider certificate renewal scenarios though such as when new, but still verified and valid, certificates are presented by an agent to the server for a matching node that was already matched to the same agent but with an older certificate.
#5
Announcements / Re: NetXMS 3.6 released
November 26, 2020, 12:55:42 PM
Thank you for the Windows Certificate Store (CNG) Certificate support for Agent Tunnels, this is very much appreciated for our use-case.

Can you explain how https://github.com/openssl/openssl/issues/12859 affects nxagentd and the downgrade to TLS 1.1?

Looking at the code, it will find a Certificate in the SYSTEM Personal Certificate based on matching Friendly Name, Email, Subject, Template, Common Name, Org or Device Serial (in that order)? How does one specify what the agent should consider a match?

EDIT:
Tunnel::createFromConfig and ParseTunnelList seems to have the answer:
QuoteRecord format is address[:port][,certificate[,password]]
Records meaning the configured MasterServers, ControlServers and Servers. So I guess an example would be:
MasterServers = 10.0.0.1,ADCSTemplNetXMS
Assuming ADCSTemplNetXMS was the name of a Certificate Template (Eg: Certificate issued by ADCS)?
#6
I need to write a NXShell script that sets the severity-based settings for the Propagation of status for interface objects as I'm unhappy with the defaults.

I'm assuming I have to use AbstractObject's statusPropagationMethod and maybe statusTransformation? Except they're read only? Any quick snippets on how to change each status to another status should be helpful.
#7
I find that we always seem to be spend so much time trying to trying troubleshooting strange Status Calculation problems with nodes, trying to find the cause of incorrect statuses.
A nodes status can be influenced by children (interface etc.) and how they're setup to calculate and propagate status, status polling, Overridden Status DCI etc.

We really need an additional Tool in NetXMS Console which you can select a node and it gives us a tree/list of the things taken into account, and the result of each item, when calculating the status of a node to try to determine root causes of unexpected statuses.
#8
According to the documentation, ReadPersistentStorage() is suppose to return null if key does not exist but it seems to be returning an empty string ("") for a recently deleted (This is all happening within EPP) Persistent Storage value.

Is this a bug?
#9
I missed the notification for a reply on this topic. That's correct, our syslog traffic is just too much for typical database configurations to handle it seems but we didn't want to lose the syslog processing functionality.
#10
General Support / Re: Root cause analysis script?
August 11, 2020, 09:40:20 AM
Thanks for your help!
#11
General Support / Re: Per User Tool Authentication
August 11, 2020, 09:36:49 AM
Is PowerShell an option in your environment?
#12
What ever happened with this?
#13
At the moment, we're doing another pass on expanding our use of NetXMS given it's new features since the last time we did so (which was a while ago). What I am interested in is sharing some of the stuff we're doing, will continue that on another thread though.
#14
We currently have a some EPP rules that are the same as the Delayed Action Example in the documentation but we wanted to do the same thing for the uptime alert as well. We want to cause a notification action to occur if a node goes back up after the downtime has been longer than N (the length of the downtime timer) but don't want to cause a notification action to occur if the node goes back up if the downtime has been shorter than N (the length of the downtime timer).

I'm assuming the best way to do this is to utilise the Persistent Storage functionality? Set a timestamp when it goes down and have another rule that deletes the stored value if it goes back up before N (through use of a filtering script) and another rule that executes a notification action if it goes back up after N (through use of a filtering script)?

Any advice on specifics would be helpful.
#15
General Support / Re: Netxms for Ubiquiti
July 27, 2020, 03:43:00 AM
We do, we're due to update our DCI templates to the latest version of the MIB. The Ubiquiti MIB is notorious for being poorly documented however which has caused us problems in the past.