Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Millenium7

#1
Is there a way to get Weathermap working with NetXMS?
https://www.network-weathermap.com/


I have not (yet) found anything better than the old Weathermap tool for visualizing network utilization. I would prefer to consolidate and run this directly with NetXMS if possible - but am also open to other map visualization tools I may not have heard of
The biggest thing for me that I absolutely need is the ability to display multiple links between nodes/routers which Weathermap can do by simply bending the links. Is is vital to see throughput on multiple transit paths, a single link between nodes is just not useful
I.e.
#2
Occasionally I have a need to troubleshoot devices with very rapid pings/polls (at least once a second, ideally every 100ms) and need to be able to see every dropped packet. I want to override the default behavior on that DCI so if it doesn't receive a response within a set period of time, it doesn't just ignore it and try again on the next poll. It will still log the result (simple transform script to show -1 or some other value would be fine) so it easily stands out on a line graph and in the history

Is this possible to do?
#3
I want to create a DCI on nodes that have leased fiber lines. We pay for a particular speed i.e. 500/500mbit but the line is actually burstable much higher to i.e. 10gbit/10gbit. We do not pay for bursting, however we do get billed significantly extra if we exceed the provisioned speed for more than 5% of the billing cycle

I can see there is an example NetXMS script for 95th percentile packet loss, but this isn't directly applicable
I'm already polling interface speeds every 5 minutes, how can I create another DCI that can calculate the average speed so far the current month, and then use thresholds to alert at 50%, 85%, 95% etc

#4
This might seem obvious.... add more memory. Thing is i've bumped the VM from 4GB (which was fine a few months ago) up to 8GB without any much more to the network and its still running out of memory after a few days. So i'm unsure if there's a memory leak, or a patch has made netXMS consume a whole lot more memory all of a sudden, or what.....

This is on a hosted instance so memory upgrades are not cheap
How do I go about troubleshooting and finding out why NetXMS is consuming so much memory?
Otherwise are there any obvious things to look for in my main config or polling templates to adjust to bring the memory usage down?
#5
General Support / SysLog Parser not working after update
November 08, 2022, 07:57:19 AM
Not sure if this is solely because of an update, but I went from 4.0.x to current latest (4.2.395) and shortly after I noticed I was not getting SysLog messages via SLACK

This was working perfectly before and i've not changed anything in the parser
I can definitely see SysLog messages in NetXMS by right clicking on node and choosing Logs->SysLog so they are still being received just fine, but parser doesn't seem to be doing anything

In SysLog Parser I have 'Always process all rules' ticked (always have)

As an example, the very first rule is...

system,error,critical login failure for user (.*) from (.*) via (.*)And to generate an event

This matches perfectly with an actual SysLog message - and has been working for years
i.e.
Quotesystem,error,critical login failure for user [email protected] from 1.2.3.4 via winbox

That event does not appear to be created though
If I go to View->Event Log it's not there

Has something changed? bug?
#6
Can an another platform use data from NetXMS by reading values from NetXMS via SNMP? Is this possible? Or only via API?
#7
Is there a way for NetXMS to try multiple credentials rather than just the single one stored in properties->communications->SSH?
It's not feasible to enter credentials for every device manually, nor to manually change them periodically
Most will use common LDAP username/password but many are individual. I'd like to create a list of all known credentials and it will try until it finds a match then stores it

Is there a way to have a list of credentials and have NetXMS try each of them sequentially until it can successfully login? The same as SNMP credentials are enumerated until one is found, then store it
(not enumerate the entire list every time a command is run, because it will generate a ton of invalid login attempt error messages)

And if the password changes down the track and stored credentials are no longer valid, how can I have NetXMS notify me when I try and run scripts against a bunch of nodes that some of them failed because of incorrect details?
#8
I'm trying to use SSH to push commands to devices through netXMS
I'm using $node->executeSSHCommand to push commands, but how do I use multiple lines of text? I know on MikroTik I can separate commands with a semi-colon, i.e.

$node->executeSSHCommand(":log warning test;:log warning test2;:log warning test3");

This isn't viable for very long commands especially those with scripts in them that might be 50 lines or more. I can't compress them into a single line
So how do I do something like....

$node->executeSSHCommand("
:log warning test
:log warning test2
:log warning test3
");


Or even inside a variable

MyBigScript = {
:log warning test
:log warning test2
:log warning test3
};
$node->executeSSHCommand(MyBigScript);


This syntax is not valid in NetXMS. So how do I do it? I need SSH scripts to be human readable and editable. Impossible with very long single liners
#9
We have many different vendors equipment in our network that have different OID's for the same value
I.e. radio frequency on cambium ePMP radio's is a different OID to Ubiquiti AirFiber for example
I have created templates for all the radio's, and they all pull the data for each vendor/model

However I want to have a common DCI for all of them, so that when I run scripts or summary tables I can use a common 'Center Frequency' DCI and not have to create 1 for all the different DCI's
If this makes any sense?
How do I go about that? I'm guessing I have to create another DCI with type Script and then have a script run and find which DCI's exist on that node and use it? But I don't know the correct way to do this without causing potential script errors
#10
Often we install equipment with many default values including SNMP string of 'public' and at a later time we go and update them. Problem is if NetXMS has discovered the device during this install phase it will be assigned 'public' as the SNMP string, it will never discover it again. So of course after we change it a bit later on, NetXMS will continually fail to retrieve anything from that device

Is there a way via script or other built-in method that after a node has failed to poll any data after multiple retries (or a whole day) it will re-try all the credentials listed under Network Credentials?

#11
At the moment it's not possible to select more than 1 node and do most things with the right click menu
I.e. I can't select 5 nodes and choose Poll->Configuration
Instead I have to do it 1 by 1 which is very tedious
It would be nice if these options were allowed

And being able to set common options for multiple selected nodes at the same time would also be great. I.e. selecting 17 different nodes nodes, right click->properties go to polling menu
- 'Disable usage of NetXMS agent'
- 'Disable usage of EtherNet/IP'
- Prevent automatic SNMP changes
- Comment "Test Lab Equipment"
- Custom Attributes -> add -> AttributeXYZ
- etc

Doing this manually 1 at a time is very slow and painful
#12
Is there an easy intuitive method for seeing/filtering all devices within a local subnet of a router?
#13
In an effort to reduce administrative overhead, i'm curious if its possible to automatically bind nodes to a folder from a seed router?
Most of our sites consist of a single distribution router that have various equipment connected to it. Switches, radios, UPS, clients etc

Everything at that site gets an IP address from that distribution router and thus all routing to reach it goes through that distribution router as well
Is it possible to automatically bind all discovered devices connected at Layer2 via that seed router? That way we can create 1 folder per physical site and all new equipment that gets added would automatically get added into that folder

Hopefully we could then expand that functionality further so all of those devices use that seed router as a dependent so if the router is unreachable we don't get spammed with Down alerts/notifications (since all equipment would be unreachable anyway)
#14
I've just updated from an earlier version (unsure of exact version but database says it went from 35.17 to 36.17)
Loaded the new netxms .war file
Upon loading the web interface it immediately pops up "The server session timed out"
Refreshing the page or click 'restart' it again immediately pops up, I havn't even logged in yet or entered any credentials. And I can't enter them as this pop-up is in the way

Tried rebooting the entire server, same problem
#15
At the moment i'm using the Syslog Parser to notify us via slack of certain syslog messages, such as OSPF neighbor state changes (if there's a better way i'm all ears)
The process is Syslog Parser -> Event template -> Event processing policy -> Slack message

The Syslog Parser looks like this
*OSPF State change* %1 from %2 to %3 -> Generate Event

The event template consists of this
*OSPF State change* %1 from %2 to %3

Event processing is
Condition: Event
Action: Server Action - SLACK

SLACK alert is
curl -d 'payload={"attachments": [{"color": "#8c8c8c","text": "%n - %m %M"}]}' -X PUT [URL HIDDEN]


Net result is a Syslog message originated on the router starts off like this
Quoteroute,ospf,info OSPFv2 neighbor 2.2.2.2: state change from Full to Down
and then in Slack it appears like this
RouterA | 1.1.1.1 - OSPF State change 2.2.2.2 from Full to Down

I have a script that runs and changes the hostname of all NetXMS hosts to their Syslog name and their IP address, so the first part of 'RouterA | 1.1.1.1' is very easy to read and show which device originated the SysLog message
The second part of '2.2.2.2' is not so easy because nobody knows off the top of their head which router 2.2.2.2 is
So I want to do some text replacement. Is it possible anywhere along this chain of events to take the text of %1 (which is 2.2.2.2 in this example) and then do a lookup, find the hostname of 2.2.2.2 and replace it with i.e. 'RouterB | 2.2.2.2' so that its far more human readable?

I'm thinking it might be possible to change the event processing policy to instead run a script, and then the script executes the server action
However i'd need some help with that process as i'm not overly familiar with NetXMS scripting language and operations

Alternatively is there an online service such as zapier that is well suited for parsing text and changing it, so that I can keep NetXMS as it is but instead of sending directly to Slack it sends to the interpreter service, then that sends the finalized message to Slack? I'm just not aware of a service specifically built for this
#16
We've been using the SLACK notification driver for a while to send basic text, with the most advanced formatting to date being simple bold highling of certain text elements. This is done by just putting * around text i.e.
*this part is bold* this part is not

But I want to actually post with different colours, perhaps even with fancy attachments, but for now I just want to stick with colors

Is it possible with the included SLACK driver?
I've tried simply parsing this as text
{"attachments": [{"color": "#ad03fc","text": "Optional text that appears within the attachment"}]}
which pasting it in here shows is valid syntax https://api.slack.com/docs/messages/builder
but I just get the literal text in the SLACK channel. I don't know how the included driver actually works to perhaps further modify the syntax so it works

Any help?

Alternatively can NetXMS do a HTTP Put? because if so I know how to make that work, we already do fancy formatting with Solarwinds that way
#17
I want to create some additional alerting based on custom attributes
i.e. an example right now is I have a container, i've assigned a custom attribute to it "UpDownCheck" and set the value to true, and inheritable. So all nodes inside this container have that custom attribute
I want any nodes with that custom attribute to send a SLACK alert. So what i've done so far is this

Event Processing Policy -> New Event

Condition->Events = SYS_NODE_DOWN
Filtering Script = return GetCustomAttribute($node, "UpDownCheck");
Server Actions = SLACK Notification

I 'think' this is correct, any node that is 'down' and has that custom attribute should result in 'true' and the slack notification posted right?
But what I need is for this to re-trigger every 2 hours, so if the node is still down it again sends a new SLACK alert

As far as I can tell, in order to have it repeat the event I would have to create a DCI, then set a threshold, and in the threshold I can set the 'repeat event' timer to 7200 seconds
But theres a problem, I can't see any way in a DCI to actually check for 'node down'? I can use DCI Internal->Status but theres no status code for 'down'
0 = Normal
1 = Warning
2 = Minor
3 = Major
4 = Critical
5 = Unknown
6 = Unmanaged
7 = Disabled
8 = Testing
Node down is 'critical/4' but other events can also make it code 4 but the node is still up, so i'll get a false alert. I can't use that. I can't see anything to poll for nodes 'up/down' status

So whats the best method to go about this?
#18
This bug has been around for years, at least on every instance of NetXMS i've installed. Havn't been a huge concern but it still hasn't been fixed and this occurs with a fresh install so i'm sure its happening to more than just myself on this 1 setup

I use the web UI 99% of the time and use Chrome as main browser. When I open up a table to view the contents, then select a field it highlights the row (as expected) but the item I click on changes to show HTML formatting code around the actual value i.e.
<span style=...etc.etc....>1</span>

Example:

Not a big issue but its annoying
#19
Almost all DCI's I have added by templates and/or by instance discovery scripts
Some of these I want to disable alerts (or entirely disable monitoring, but just disabling alerts is better) because of getting false positives
One of these is Rx FCS errors on any ports going from a MikroTik to a Cambium PTP device, always generates a false FCS every 30/60/90 seconds so I want to stop it

I've tried 3 things here and none of them work

- Go to properties of DCI on node, thresholds tab, add > -999 and click edit on threshold event then just click ok so it says <none>. This should disable alert and it does, but it gets overridden overnight and this threshold disappears
- Right click on DCI on node and choose disable. Next day its enabled again
- Go to alarms page of node and sticky acknowledge the alarm. Doesn't seem to matter, I'm still getting SLACK alerts (sent by event processing policy for that event/alarm)

How do I fix this? I need to exclude some DCI's on an individual basis
Ideally I want a clean and simple method.
Method #1 is the best so far because I can see the ? symbol on the 'last values' page of a node so I know that I have manually disabled alerting on that DCI (not really, but the ? symbol will always be active because the first threshold is always reached, and just doesn't do anything). That way if I move a device later on to a different port I can see to re-enable it
Method #3 is not so good because it leaves the alarm symbol on the icon of the node while the alarm is still there
But none of the above work anyway so I need something different
#20
I noticed NetXMS will not parse syslog messages unless it can map the source IP address to a known node that is being monitored. Is there a way to change this behavior?
I have some scripts that send syslog error messages on customer routers and I want to get alerts for them. Currently not possible unless I add the node into NetXMS which I don't want to do

Also i've had some issues with this whereby the source address of a device is i.e. 1.2.3.4 but NetXMS is using 5.6.7.8 and it won't parse the syslog message as it thinks it doesn't belong to that node

I understand for syslog storing it has to know which node to put the messages under. But I mostly only care about realtime alerts so I don't care if the syslog messages gets immediately dropped afterwards, but I want the parser to work on them so I can push a notification to SLACK