NetXMS Support Forum

Finally with the next regex I managed to get it working, so it's only matching admin users' logins:
Virtuális fiók:\t\tNem.*Emelt szintű jogkivonat:\t\tIgen.*Fióknév:\t\t(\w+).*Fiók tartománya:\t\t(?!NT AUTHORITY)

I did manage to get events when trying simple regexes that didn't try to match multiple lines of windows log messages.
But I'm a bit confused now about what is the tested string, since the docs only mention single lines, but the windows event is multiple lines and when I simply put (.*) as the match regex, in the event %1 was a multi line string with the full windows event message; which is strange since as far as I know . matches everything except new line; but either way the regex I used had . and explicit \r\n matched multiple times so it should've catched each case, also it worked when I tested it on regexr.com

I tried creating a template and added a log parser policy with the following content:
<parser checkInterval="1" name="Admin activity parser">
   <macros/>
   <file>*Security</file>
   <rules>
      <rule name="Login">
         <match repeatCount="0" repeatInterval="3600" reset="false">Emelt szintű jogkivonat:\s+Igen(?:.|\r\n)+Fióknév:\s+(\w+)</match>
         <event>VV_ADMIN_LOGON</event>
         <id>4624</id>
         <push group="1"></push>
         <agentAction action=""></agentAction>
      </rule>
   </rules>
</parser>It didn't crash the server however it also doesn't trigger the event, I tried to:

• reduce the checkInterval from the default 10000 to 1 (what is the unit for this?)
• make the regex match the whole message
• use literal \r\n and \t in the expression

I made sure that the template is applied to the node I'm testing with, and in the windows events view I can see the windows event for the login. Also I'm still running netxmsd from gdb and I can only see entries like this and nothing else when I log into an account on the client:
*D* [agent.conn.10794   ] AgentConnectionEx::onWindowsEvent(): Received event from agent at 10.255.7.114, node ID 1814

Attached the full bt output. I'll also try the suggested method and get back with the results.

Hi,

I'm trying to set up a log parser rule that would trigger an event if an administrator logs on to a monitored computer, however this rule causes the NetXMS server to crash with segmentation fault.

NetXMS Server versions that I've tried: 4.5.3, 4.5.4

The parser which causes the crash (made it with the GUI then switched to the XML view):
<parser name="Default parser">
   <macros/>
   <rules>
      <rule name="Admin logon">
         <match repeatInterval="0" reset="false">Emelt szintű jogkivonat:\s+Igen(?:.|\n)+Fióknév:\s+(\w+)</match>
         <event>VV_ADMIN_LOGON</event>
         <id>4624</id>
         <agentAction action=""></agentAction>
      </rule>
   </rules>
</parser>Windows event 4624 is created when a user logs in and with this rule I'd like to check if they're an administrator and what is their name. (The monitored desktops run Windows 10 with Hungarian language.)

How could I solve this?

TLDR: Use $ErrorActionPreference = "Stop" so the agent knows one of the script's command failed.

Found the root cause, but I forget to post it here. Despite several issues and discussions on winget-cli's github suggesting it can be run in system context it turns out that it is in fact impossible. So when i tried to execute it with the agent it returned instantly with a non zero exit code, but the ps script returned normally due to the lack of $ErrorActionPreference = "Stop" which would have caused the agent to recognise the script had failed.

For now I'll use chocolatey with a custom caching proxy that rewrites packages - so even external resources can be cached locally by nginx - until MS figures out how to create a usable package manager.

P.S.
Thank you for the tip about auto termination, I'll keep that in mind. Also sorry for the late reply.

I'd like to automate the installation of applications on Windows 10 machines with winget and two scripts.
I have the following script on the host in c:\wg.ps1
$p=Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe"
echo "Winget path is: '$p'"
& "$p\winget" $args(This script fixes MS logic to not make winget available from the system context.) It works fine when invoked from an elevated cmd like this:
powershell -Command c:\wg install -e -h --accept-package-agreements --accept-source-agreements --log c:\install-log.txt --scope machine --id Notepad++.Notepad++
I also have the following nx script to install a few programs:
pkgIds = %(
"VeyonSolutions.Veyon --custom /NoMaster",
"Git.Git",
'Microsoft.VisualStudioCode --custom "--add \"Microsoft.VisualStudio.Workload.ManagedDesktop;includeRecommended\" --add \"Microsoft.VisualStudio.Workload.NetWeb;includeRecommended\""',
"GIMP.GIMP",
"Inkscape.Inkscape",
"OpenJS.NodeJS",
"ApacheFriends.Xampp.8.2",
"Oracle.VirtualBox",
"RARLab.WinRAR",
"mcmilk.7zip-zstd",
"Notepad++.Notepad++",
"Python.Python.3.11",
"AivarAnnamaa.Thonny",
"Ghisler.TotalCommander",
"Adobe.Acrobat.Reader.64-bit",
"Postman.Postman"
);

println("Installing winget packages");
for (pkg : pkgIds) {
    print("Installing " . pkg . ": ");
    cmd = "-Command c:\wg install --accept-package-agreements --accept-source-agreements --log c:\install-log.txt -h -e --scope machine --id " . pkg;
    res = $node->executeAgentCommand("ps", cmd);
    println(res ? "OK" : "FAILED");
}
println("End of winget installation");and the ps action is defined like this in the agent config:
Action = ps:powershell $1When I run the script it scrolls through all the packages in about 2 sec and prints OK for all of them when they clearly didn't succeed.
By now I spent 3-4 days with this issue and I just can't figure out where is the problem and I'm out of ideas what to try.
I verified that the wg.ps1 works by executing it from cmd, I verified that the nx script works by replacing the wg script with one that prints the args to a txt file.