News:

We really need your input in this questionnaire

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - NillaMilla

Pages1
#1
General Support / Re: Netxms Agent 2.1-M2&M3 service unexpectedly stops when sending traps to server
April 10, 2017, 05:50:26 PM
Hello Victor,

I completed some more testing this morning on Version 2.0.8 and 2.1-M1 through 2.1-M3, 32 and 64 bit agents. I was unable to get a dump file from any of the failed results.  I have inserted some text containing the current agent config, parser code, and last few statements of log prior to crash, with debug set at level 9.  This exact same setup works flawlessly on Version 2.0.8 agents.

Is there any possibility that the server side may cause this issue?

Thanks,

-Dan

Code Select
************** agent config ***********************

#

# NetXMS system agent configuration file

#

#Master Config


MasterServers = x.x.x.x
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
LogFile = C:\NetXMS\NetXMS_FileManager\log.txt
FileStore = C:\NetXMS\NetXMS_FileManager

SubAgent = filemgr.nsm
SubAgent = logwatch.nsm
SubAgent = winperf.nsm

DebugLevel = 9

#disable agent actions

EnableActions = yes

CreateCrashDumps = yes
DumpDirectory = C:\

#require authentication

RequireAuthentication = yes

#require encryption

RequireEncryption = yes

#Shared secret for authentication

SharedSecret = xxxxxxxxx

#File Manager Definitions

*filemgr.nsm

[filemgr]

RootFolder = C:\NetXMS\NetXMS_FileManager

#Log File Parser Definitions

*LOGWATCH

Parser = C:\NetXMS\NetXMS_FileManager\SecurityParser.xml


***********************SecurityParser.xml****************************

<parser>
  <file>*Security</file>
  <rules>
    <rule>
      <level>16</level>
      <match>(.*)</match>
      <event params="1">100018</event>
    </rule>
  </rules>
</parser>


********************Last few statements in log prior to service shutting down***************************

[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] SendTrap(): event_code=100018, event_name=(null), num_args=6, arg[0]="The computer attempted to validate the credentials for an account.

****NetXMS agent service shutdowns when the above trap message is sent and the message is never recieved by the server.  This issue is repeatable on my WinServer 2012
and Win 7 machines on all agent versions 2.1-M1 through M3 on 32 and 64 bit installs.  Notably the 64 bit agents will not
successfully send any traps like the above to server without crashing the service, where the 32 bit agents
will sometimes successfully pass the trap to the server and produce an event.  The same configuration works flawlessy with a 2.0.8 agent.******
#2
General Support / Netxms Agent 2.1-M2&M3 service unexpectedly stops when sending traps to server
April 07, 2017, 10:40:30 PM
Hello,

Any assistance would be greatly appreciated.  I have been running versions 2.0.6 and 2.0.8 for a bit now and have enjoyed having the functionality of using the NetXMS agents on all of my windows machines to parse these security logs. I have decided to experiment with the 2.1-M2 and M3 version for their added functionality of the new <match> options (such as repeat count and intervals) in the parser files .  With versions 2.0.6 or 2.0.8 x64 agents installed on Windows 7 and Server 2012 OSE's, the agents had no problem filtering a flood of security events (dozen or so events) within a very short duration of time (seconds) with a match all rule in place (.*).  With the exact same agent config and securityparser.xml file in place for an x64 2.1-M2 or M3 agent on Windows 7 or server 2012, the agent server will unexpectedly shutdown every time there is a flood of events that meet the filtering rule. 

Any help or information would be greatly appreciated.  Is this a known issue?  It is very repeatable when trying to parse a large number of events within a short period of time. 

Thanks,

-Dan
#3
General Support / Re: NetXMS Agent Actions - allow only agent restarts in the agent config
April 07, 2017, 09:22:59 PM
This seems like a good compromise, I will have to test this.

Thanks!
#4
General Support / Re: Log monitoring <match> options
March 29, 2017, 03:30:31 PM
Disregard this post. I have realized that these match functions aren't available I the version I'm using (v2.0.8).

-Dan
#5
General Support / Log monitoring <match> options
March 28, 2017, 03:38:48 PM
Hello,

I am using a windows security log parser file on my netxms agents. I am trying to trigger an event when the word "administrator" is found in the security log 3 times within 2 minutes, with the counts and interval resetting when reaching a count of 3.  The below parsing file does not seem to work, it triggers an event for every new instance of the word "administrator" in the security log.  I am using version 2.0.8

<parser>
  <!-- This parser file is designed to parse the windows security log -->
  <file>*Security</file>
  <rules>
    <!-- New Rule - Rule is for catching the use of administrator local account -->
    <rule>
      <level>16</level>
      <match repeatCount="3" repeatInterval="120">(.*)administrator(.*)</match>
      <event params="2">100115</event>
    </rule>
    <!-- End Rule                                                          -->
  </rules>
</parser>\

Any advice would be greatly appreciated!

-Dan
#6
Feature Requests / Agent to Server Encryption -SHA1
March 03, 2017, 06:21:38 PM
Hello,

Are there any plans to go to a SHA256 encryption as an option for the server to agent communication?  Recent information released from the Google Security Blog has indicated the discovery of some vulnerabilities to the SHA1.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Thanks,

-Dan
#7
General Support / NetXMS Agent Actions - allow only agent restarts in the agent config
March 03, 2017, 06:11:50 PM
Hello,

Is there a fine grained way to control the actions that an agent will allow?  I understand that there is an agent = enable or agent = disable configuration for the agent service, but I would like to enable specific actions and disable others.  I would like to allow only agent restarts and disallow the restart system and shutdown system commands on the agent.  I have disabled the restart system and shutdown system agent commands in the object tools section of the server, but am hoping there is a fine grained control of this function at the agent. 

Thanks,

-Dan   
#8
Announcements / Re: NetXMS 2.1-M2 released
February 15, 2017, 06:02:35 PM
Hello,

Is V2.1-M1 considered stable at this time?  If so, is the download available for V2.1-M1?

I cant seem to find it on the page anywhere.

Thanks,

-Dan
Pages1