NetXMS Support Forum

Quote from: Victor Kirhenshtein on May 08, 2014, 04:51:02 PM
Hi!

WMI (stands for Windows Management Instrumentation) is not Windows Performance Counters - it's two different things. First you should understand what exactly you want to use. From the name \PhysicalDisk({instance})\Disk Reads/sec I suppose you are trying to use Windows Performance Counters. In this case, instance discovery will not work because DCI origin is not agent. It could be a feature request, but currently it's not possible.

Best regards,
Victor

I believe that NetXMS agent uses, local WMI to localhost to get Performance Counters, however maybe I am wrong and thank you for correcting me.

Ok, yes, I am interested in Performance Counters - {instance} feature then, any clues about this ?

Thank you

Quote from: Victor Kirhenshtein on May 08, 2014, 04:47:16 PM
No, it's not due to apostrophe character and SQL injection is not possible here. You can see that SQL statement is a prepared statement with placeholders - it is not constructed dynamically from external data. Also, error message clearly states "Violation of PRIMARY KEY constraint 'PK__alarm_ev__E6249E6BFEDA1E4D'. Cannot insert duplicate key in object 'dbo.alarm_events'. The duplicate key value is (1704, 64513)" - actual problem is that system for some reason tries to insert duplicate record into table. It is definitely a bug, but not a security threat.

Best regards,
Victor

Thank you for fast and correct response.
Now I understand this is NOT SQL injection / security hole.

Sometimes I also have: "String or binary data would be truncated", but there is lot of duplicate items.

Something maybe about wrong collecting windows event logs on a agent/client maybe or event processing rules :/

I do have latest available stable version.

Hi,
I have configured monitoring Windows Event Logs, I do log message description (%m).

However, my NetXMS server started throwing events SYS_DB_QUERY_FAILED [52]
Example of  Event Message:


Database query failed (Query: INSERT INTO alarm_events (alarm_id,event_id,event_code,event_name,severity,source_object_id,event_timestamp,message) VALUES (?,?,?,?,?,?,?,?); Error: [Microsoft][SQL Server Native Client 10.0][SQL Server]Violation of PRIMARY KEY constraint 'PK__alarm_ev__E6249E6BFEDA1E4D'. Cannot insert duplicate key in object 'dbo.alarm_events'. The duplicate key value is (1704, 64513).)
AlarmText: Database query failed (Query: INSERT INTO alarm_events (alarm_id,event_id,event_code,event_name,severity,source_object_id,event_timestamp,message) VALUES (?,?,?,?,?,?,?,?); Error: [Microsoft][SQL Server Native Client 10.0][SQL Server]Violation of PRIMARY KEY constraint 'PK__alarm_ev__E6249E6BFEDA1E4D'. Cannot insert duplicate key in object 'dbo.alarm_events'. The duplicate key value is (1704, 64513).) Custom message:
UserTag:


I believe that is due to my initial error message which has ' sign. So this is SQL injection to NetXMS alarm_events table.

So this is a huge bug and big security risk for all NetXMS users.
I belive this should be fixed ASAP.

Also, please correct me if I am wrong...

Quote from: yshiro on May 08, 2014, 11:14:16 AM
Hi, you can disable it on "Configuration\Event processing Policy" just look for "Generate alarm when incorrect network mask detected on interface" and disable this policy.

Hi, thank you for a tip, however as I said, I have already disabled in Event processing policy. The issue is that NetXMS Agents are still generating this Events, and if you look real-time Event monitor, there are lot of them, so I am trying to disable this feature / event log generation for this.

Thank you

Hi,
sometimes we have routers that have configured public ip with /32, this is for a reason (VRRP for example), and in that case, NetXMS reports new Event - SYS_INCORRECT_NETMASK - "Invalid network mask 255.255.255.255 on interface eth1" should be ....". This is wrong in our case and I want to turn this check off completely.

I have disabled Event processing policy to stop creating alerts.

However, is there a way to disable such NetXMS-integrated event to stop showing in Event Monitor at all ?

Thank you

Hi,
i have configured simple windows event logging using NetXMS agent nad XML file:


<parser>
<file>*Application</file>
  <rules>
    <rule>
      <level>1</level>
      <match>(.*)</match>
      <event params="1">100002</event>
    </rule>
</parser>


In my Event in Event Template, with message: %1

After I do have some Alarms generation in Event Processing Policy with message %m , etc.

Question is, how can I get more data from Windows Event Log - I am missing "Source" and "Event ID" from Event Log.
Which parameter it is (I have tried %2 and %3 in my Event template but does not work), so how to pull this info into the NetXMS server also?

Thank you

Hi,
when I do create a new network service on a node, that is service type: HTTP or HTTPS, for intance:
Request: HOST_HEADER:http://www.example.com
Response: ^HTTP/1\.[01] 200.*Example.*

Sometimes it works, sometimes it does not.

Is there a way to find-out output which NetXMS Agent has gathered ? So I can troubleshoot in more detail why it does not work ?

Also, when I do create a DCI, is it possible to measure response time (in miliseconds) for a response ?

Thank you

Hi,
I figured out that I can use DCI for monitoring filesystems with NetXMS agent for instance: FileSystem.UsedPerc({instance})
There is {instance} parameter and this will create for each filesystem it founds, its own DCI on node, and this is fine.

I am trying to achieve the same effect but with different Origin - WMI - Windows Performance Counters.
For instance:
\PhysicalDisk(C:)\Disk Reads/sec
\PhysicalDisk(D:)\Disk Reads/sec

i have tried to put \PhysicalDisk({instance})\Disk Reads/sec but it does not work.

Is this NetXMS limitation, that it does not support {instance} / reading WMI as a table, or I am doing something wrong ?
I need this feature for multiple stuff (disk space, disk io, network interfaces etc.) some stuff I can do with NetXMS agent Origin, but there is more stuff in WMI that I need which are missing in Agent.

Please advise.

Thank you

Hi,
I do have some Templates with DCIs that I wish to monitor on some nodes that has NetXMS agent installed.
I have simple script that will automatically apply templates to nodes who has NetXMS Agent installed, my current script inside Template - Automatic Apply Rules is:

sub main() {
return $node->isAgent;
}

This script works and solves the problem.

However, I can not find proper documentation for $node object and its attributes / methods.
I need to write different script for my different template which will check if $node - platform name, contains string "windows" then to automatically apply different template.

Please help me with simple if expression, contains (or RegExp) and how to get platform name from $node object ?

Thank you

Hi,
I have configured Template with DCI: NetXMS Agent, to monitor FileSystem.UsedPerc({instance})

This will create on each node monitoring of Used disk space on file system for every single drive it founds.

However I need to write some script / somewhere to ignore some filesystems, for example, on Windows this is (if instance name contains A: or B: ) because I do not want to monitor floppy disks.

Any suggestions, where to write this script / rule and what is syntax ?

Thank you

Hi,
I have configured NetXMS server Event Processing Policy, to send me email alerts.

However, when node (which is network switch), for goes down, i got lot of events which generates alarms and also send lot of email alerts for each network interface on this switch.
So i get total of emails: 48 ports + each DCI + 1 for node down alert.

How to create a dependency or something to get this email alerts smaller, if node is down then not to alert me for interface status and DCI at all.

Please be aware that I do not want to disable interface monitoring (for instance if network switch is working and just one interface goes down, i still want to have email).

I suppose this should be solved on Event Processing Policy, but I do not have idea in which direction should I write those rules, any suggestions ?

Thank you

Quote from: Victor Kirhenshtein on May 05, 2014, 04:34:28 PM
Yes, main reason for moving name resolution to configuration poll was concern that there will be too much DNS requests. I'll see how I could make this configurable.

Best regards,
Victor

Great you are my saviour !
I have created feature request here: https://www.radensolutions.com/chiliproject/issues/566

Quote from: andrey--k on May 05, 2014, 04:18:13 PM
I think move name resolve to status poll can cause large load on traffic if many nodes exists...
Isn't it?

I understand, but then it should be an option / flag on each node.
"Do the resolution every time on pool" true / false

So I understand that I should write manually scheduled script to do DNS lookup and update SQL database of NetXMS ?
Or Victor can plan this in near NetXMS release version

Quote from: Victor Kirhenshtein on May 05, 2014, 03:56:01 PM
Hi!

That means that flag NF_HAS_WINPDH (Node supports Windows PDH parameters) set and cleared periodically. Node considered to support PDH if it has NetXMS agent and agent responds correctly to PDH requests (PDH.Objects list and others). You can check server debug log (running with debug level 5 or higher) for error messages started with WinPerfObject::getWinPerfObjectsFromNode prefix.

Best regards,
Victor

Great, thank you for correcting me !

I Windows Event Log , from NetXMS Agent I have:

H_PdhCounterValue: PDH Error 00000102 in call to PdhOpenQuery (The wait operation timed out.)


Please explain what to check futher ?
I understand that it has something with disk / RAID ?

Server is operating normally.

I found something in NetXMS source, nxclapi.h


/**
* Node flags
*/
#define NF_SYSTEM_FLAGS           0x003FFF7F
#define NF_USER_FLAGS             0xFFC00080

#define NF_IS_SNMP                0x00000001
#define NF_IS_NATIVE_AGENT        0x00000002
#define NF_IS_BRIDGE              0x00000004
#define NF_IS_ROUTER              0x00000008
#define NF_IS_LOCAL_MGMT          0x00000010
#define NF_IS_PRINTER             0x00000020
#define NF_IS_OSPF                0x00000040
#define NF_REMOTE_AGENT           0x00000080
#define NF_IS_CPSNMP              0x00000100  /* CheckPoint SNMP agent on port 260 */
#define NF_IS_CDP                 0x00000200
#define NF_IS_NDP                 0x00000400  /* Supports Nortel (Synoptics/Bay Networks) topology discovery */
#define NF_IS_SONMP               0x00000400  /* SONMP is an old name for NDP */
#define NF_IS_LLDP                0x00000800 /* Supports Link Layer Discovery Protocol */
#define NF_IS_VRRP                0x00001000  /* VRRP support */
#define NF_HAS_VLANS              0x00002000  /* VLAN information available */
#define NF_IS_8021X               0x00004000  /* 802.1x support enabled on node */
#define NF_IS_STP                 0x00008000  /* Spanning Tree (IEEE 802.1d) enabled on node */
#define NF_HAS_ENTITY_MIB         0x00010000  /* Supports ENTITY-MIB */
#define NF_HAS_IFXTABLE           0x00020000  /* Supports ifXTable */
#define NF_HAS_AGENT_IFXCOUNTERS  0x00040000  /* Agent supports 64-bit interface counters */
#define NF_HAS_WINPDH             0x00080000  /* Node supports Windows PDH parameters */
#define NF_IS_WIFI_CONTROLLER     0x00100000  /* Node is wireless network controller */
#define NF_IS_SMCLP               0x00200000  /* Node supports SMCLP protocol */
#define NF_DISABLE_DISCOVERY_POLL 0x00400000
#define NF_DISABLE_TOPOLOGY_POLL  0x00800000
#define NF_DISABLE_SNMP           0x01000000
#define NF_DISABLE_NXCP           0x02000000
#define NF_DISABLE_ICMP           0x04000000
#define NF_FORCE_ENCRYPTION       0x08000000
#define NF_DISABLE_STATUS_POLL    0x10000000
#define NF_DISABLE_CONF_POLL      0x20000000
#define NF_DISABLE_ROUTE_POLL     0x40000000
#define NF_DISABLE_DATA_COLLECT   0x80000000


and it seems in my case, that regular Pool configuration sometimes pick-ups that ICMP should not be monitored for this Windows Server node.

Can somebody confirm me that I am on correct track to solve the issue ?

Thank you