NetXMS Support Forum

In an effort to reduce administrative overhead, i'm curious if its possible to automatically bind nodes to a folder from a seed router?
Most of our sites consist of a single distribution router that have various equipment connected to it. Switches, radios, UPS, clients etc

Everything at that site gets an IP address from that distribution router and thus all routing to reach it goes through that distribution router as well
Is it possible to automatically bind all discovered devices connected at Layer2 via that seed router? That way we can create 1 folder per physical site and all new equipment that gets added would automatically get added into that folder

Hopefully we could then expand that functionality further so all of those devices use that seed router as a dependent so if the router is unreachable we don't get spammed with Down alerts/notifications (since all equipment would be unreachable anyway)

edit: Nevermind, post removed

I thought your syntax was incorrect, but I was using it wrong. I was trying to first test with 'Execute Server Script' and parsing a variable to it then using $1 instead of $event->parameters[1] and that worked in that context, but not in Event message

Your syntax is correct and it works fine

Thank You!

I've just updated from an earlier version (unsure of exact version but database says it went from 35.17 to 36.17)
Loaded the new netxms .war file
Upon loading the web interface it immediately pops up "The server session timed out"
Refreshing the page or click 'restart' it again immediately pops up, I havn't even logged in yet or entered any credentials. And I can't enter them as this pop-up is in the way

Tried rebooting the entire server, same problem

At the moment i'm using the Syslog Parser to notify us via slack of certain syslog messages, such as OSPF neighbor state changes (if there's a better way i'm all ears)
The process is Syslog Parser -> Event template -> Event processing policy -> Slack message

The Syslog Parser looks like this
*OSPF State change* %1 from %2 to %3 -> Generate Event

The event template consists of this
*OSPF State change* %1 from %2 to %3

Event processing is
Condition: Event
Action: Server Action - SLACK

SLACK alert is
curl -d 'payload={"attachments": [{"color": "#8c8c8c","text": "%n - %m %M"}]}' -X PUT [URL HIDDEN]


Net result is a Syslog message originated on the router starts off like this

Quoteroute,ospf,info OSPFv2 neighbor 2.2.2.2: state change from Full to Down

and then in Slack it appears like this
RouterA | 1.1.1.1 - OSPF State change 2.2.2.2 from Full to Down

I have a script that runs and changes the hostname of all NetXMS hosts to their Syslog name and their IP address, so the first part of 'RouterA | 1.1.1.1' is very easy to read and show which device originated the SysLog message
The second part of '2.2.2.2' is not so easy because nobody knows off the top of their head which router 2.2.2.2 is
So I want to do some text replacement. Is it possible anywhere along this chain of events to take the text of %1 (which is 2.2.2.2 in this example) and then do a lookup, find the hostname of 2.2.2.2 and replace it with i.e. 'RouterB | 2.2.2.2' so that its far more human readable?

I'm thinking it might be possible to change the event processing policy to instead run a script, and then the script executes the server action
However i'd need some help with that process as i'm not overly familiar with NetXMS scripting language and operations

Alternatively is there an online service such as zapier that is well suited for parsing text and changing it, so that I can keep NetXMS as it is but instead of sending directly to Slack it sends to the interpreter service, then that sends the finalized message to Slack? I'm just not aware of a service specifically built for this

I know nothing about curl or executing commands from NetXMS. So is this the correct syntax to put into the 'command' box?

curl -d "{"attachments": [{"color": "#ad03fc","text": "Example message from node %n message is %m %M"}]}" -X PUT http://{SLACK URL}

Was close. This is the correct syntax

curl -d 'payload={"attachments": [{"color": "#36a64f","text": "Text example from node %n message is %m %M"}]}' -X PUT https://{SLACK WEBHOOK URL}

Ok so the SLACK driver is not going to be able to support fancy formatting beyond anything that can be expressed in regular text, i.e. bolding

However can NetXMS do a HTTP PUT? As that would allow me to post whatever I want. As mentioned before this is how we get fancy formatting from Solarwinds NCM as it pushes to slack via a HTTP PUT operation

We've been using the SLACK notification driver for a while to send basic text, with the most advanced formatting to date being simple bold highling of certain text elements. This is done by just putting * around text i.e.
*this part is bold* this part is not

But I want to actually post with different colours, perhaps even with fancy attachments, but for now I just want to stick with colors

Is it possible with the included SLACK driver?
I've tried simply parsing this as text
{"attachments": [{"color": "#ad03fc","text": "Optional text that appears within the attachment"}]}
which pasting it in here shows is valid syntax https://api.slack.com/docs/messages/builder
but I just get the literal text in the SLACK channel. I don't know how the included driver actually works to perhaps further modify the syntax so it works

Any help?

Alternatively can NetXMS do a HTTP Put? because if so I know how to make that work, we already do fancy formatting with Solarwinds that way

Bump

Any update to this? Specifically for 'node down' as I still can't find a way to do that outside of the built in 'node-down' event

I've managed to get alerts based on custom attributes working for other things such as SNR or Ethernet speed
I.e. in the case of ethernet speed, I want alerts on any core/distribution equipment in our network running at 100mbit as 99% of the time that will indicate a wire has gone bad. However that other 1% are ones I don't care about, edge networks with no more than i.e. 20mbit/s of bandwidth. Or something we inherited from a company acquisition. So it doesn't matter, and I want to suppress the alerts

So I just create my DCI's as I would. I set up thresholds like so...

DCI - Ethernet Speed (reported in megabits/sec)
Thresholds
1) script
if ($1 < GetCustomAttribute($node, "Target_EthSpeed")) return true
activation event: slack alert (with relevant details)
repeat every 86400 seconds
2) script
if ($1 >= GetCustomAttribute($node, "Target_EthSpeed")) return true;
activation event: sys_threshold_rearmed
repeat every 86400 seconds
3) last polled value
<1000
activation event: send slack alert (with relevant details)
repeat every 86400 seconds

If the custom attribute of 'Target_EthSpeed' exists, the first 2 are checked, and one of them will always trigger. The second one means it will never check the third one. So I can add Target_EthSpeed of 100 to a node
If the custom attribute doesn't exist, it ignores those first 2 conditions entirely and will use the third, in which case if its less than 1000mbit/s it will still trigger an alert

If there is a cleaner and more appropriate method i'm all ears. Either way I still need 'node down' alerts setup. As far as I can tell there is no DCI for 'node down' only 'node status' which isn't appropriate as the status code is shared with other events

I want to create some additional alerting based on custom attributes
i.e. an example right now is I have a container, i've assigned a custom attribute to it "UpDownCheck" and set the value to true, and inheritable. So all nodes inside this container have that custom attribute
I want any nodes with that custom attribute to send a SLACK alert. So what i've done so far is this

Event Processing Policy -> New Event

Condition->Events = SYS_NODE_DOWN
Filtering Script = return GetCustomAttribute($node, "UpDownCheck");
Server Actions = SLACK Notification

I 'think' this is correct, any node that is 'down' and has that custom attribute should result in 'true' and the slack notification posted right?
But what I need is for this to re-trigger every 2 hours, so if the node is still down it again sends a new SLACK alert

As far as I can tell, in order to have it repeat the event I would have to create a DCI, then set a threshold, and in the threshold I can set the 'repeat event' timer to 7200 seconds
But theres a problem, I can't see any way in a DCI to actually check for 'node down'? I can use DCI Internal->Status but theres no status code for 'down'
0 = Normal
1 = Warning
2 = Minor
3 = Major
4 = Critical
5 = Unknown
6 = Unmanaged
7 = Disabled
8 = Testing
Node down is 'critical/4' but other events can also make it code 4 but the node is still up, so i'll get a false alert. I can't use that. I can't see anything to poll for nodes 'up/down' status

So whats the best method to go about this?

This bug has been around for years, at least on every instance of NetXMS i've installed. Havn't been a huge concern but it still hasn't been fixed and this occurs with a fresh install so i'm sure its happening to more than just myself on this 1 setup

I use the web UI 99% of the time and use Chrome as main browser. When I open up a table to view the contents, then select a field it highlights the row (as expected) but the item I click on changes to show HTML formatting code around the actual value i.e.
<span style=...etc.etc....>1</span>

Example:

Not a big issue but its annoying

Quote from: tomaskir on December 19, 2019, 12:22:15 PM

Quote from: Millenium7 on December 19, 2019, 07:39:54 AM
I'd like to see this implemented but its also kind of out of the scope of NetXMS IMO.
Unimus is incredibly expensive, we looked at it and its just silly
Solarwinds NCM is a far more polished and functional package and is significantly cheaper than Unimus especially as you start to get more than just a handful of devices (its once-off licence cost). We ended up going with that as there's no other system at the moment thats more cost effective for our needs

Are you sure you didn't miss-read the pricing on Unimus?
(it is yearly, not monthly payments)

Unimus is cheaper than Solarwinds NCM by far.
The feature-set of Unimus is just about the same as Solarwinds, while being much more modern, and MUCH easier to use.

Unimus is a lot cheaper if you only need to automate a handful of devices, but Solarwinds gets much cheaper as you get beyond about 250-500. I can see you've added more functionality since we were looking at Unimus but its still crazy expensive over time. Unimus pricing at this time is $4,500/year for 1000 devices. We got a Solarwinds NCM1000 licence for something like $8000 (I don't remember exactly) but its a once off lifetime licence, we have the software forever. We lose software support after it expires (which were very helpful but we don't need it now) or we can renew it at a drastically reduced price (far less than unimus pricing for a year)


I did have some issues with Solarwinds at first, like their template for MikroTik isn't quite right and should be updated to use /export terse not /export etc, and I had some garbage output I had to workaround but its now at a really good state. I did try both packages quite thoroughly. A big one for me is mass config pushing, I think this wasn't in Unimus at the time, or if it was it wasn't as capable and polished as Solarwinds
though again I had to do some workarounds, anything where the prompt doesn't return to normal i.e. running a script with { and the prompt return .. would hang for an extremely long time so I have to add ${DisablePromptDetection} which tells solarwinds to just keep pushing commands and not worry about potential error output etc, then ${EnablePromptDetection} afterwards
All just learning pains with any software. But the Solarwinds community is quite active and has been extremely helpful

Compliance reporting is massively more polished in Solarwinds. With a much easier to use interface with drop-downs for adding AND/OR and grouping statements so I can i.e. do a search in config 'if it contains A, but also contains B, then report an issue, unless it also contains either C or D then its fine'. Grouping devices with custom parameters like 'isDistributionRouter' so a different set of compliance applies to those etc

Unimus is a good software package, but IMO its priced far above a level that its currently at. If it was $1/device we'd have jumped on it and worked around some of the features missing, or a had a different pricing structure (lifetime licence) or partial licences i.e. 250 backup licences + 500x config push only devices for cheaper. As we needed the ability to occasionally push config out to hundreds of devices, but didn't want to pay for them all year long when we don't need the ability to back them up

I'd like to see this implemented but its also kind of out of the scope of NetXMS IMO.
Unimus is incredibly expensive, we looked at it and its just silly
Solarwinds NCM is a far more polished and functional package and is significantly cheaper than Unimus especially as you start to get more than just a handful of devices (its once-off licence cost). We ended up going with that as there's no other system at the moment thats more cost effective for our needs

Almost all DCI's I have added by templates and/or by instance discovery scripts
Some of these I want to disable alerts (or entirely disable monitoring, but just disabling alerts is better) because of getting false positives
One of these is Rx FCS errors on any ports going from a MikroTik to a Cambium PTP device, always generates a false FCS every 30/60/90 seconds so I want to stop it

I've tried 3 things here and none of them work

- Go to properties of DCI on node, thresholds tab, add > -999 and click edit on threshold event then just click ok so it says <none>. This should disable alert and it does, but it gets overridden overnight and this threshold disappears
- Right click on DCI on node and choose disable. Next day its enabled again
- Go to alarms page of node and sticky acknowledge the alarm. Doesn't seem to matter, I'm still getting SLACK alerts (sent by event processing policy for that event/alarm)

How do I fix this? I need to exclude some DCI's on an individual basis
Ideally I want a clean and simple method.
Method #1 is the best so far because I can see the ? symbol on the 'last values' page of a node so I know that I have manually disabled alerting on that DCI (not really, but the ? symbol will always be active because the first threshold is always reached, and just doesn't do anything). That way if I move a device later on to a different port I can see to re-enable it
Method #3 is not so good because it leaves the alarm symbol on the icon of the node while the alarm is still there
But none of the above work anyway so I need something different

Just saw this after I posted. I think its related to this
https://www.netxms.org/forum/general-support/syslog-parsing-for-unknown-nodes-possible/

I have noticed NetXMS does not store logs for syslog messages that it does not have the correct source address mapped to a node
i.e. any nodes not actually added to NetXMS
I don't know if it needs to be a primary IP address, or it can be any IP address listed on a node

I noticed NetXMS will not parse syslog messages unless it can map the source IP address to a known node that is being monitored. Is there a way to change this behavior?
I have some scripts that send syslog error messages on customer routers and I want to get alerts for them. Currently not possible unless I add the node into NetXMS which I don't want to do

Also i've had some issues with this whereby the source address of a device is i.e. 1.2.3.4 but NetXMS is using 5.6.7.8 and it won't parse the syslog message as it thinks it doesn't belong to that node

I understand for syslog storing it has to know which node to put the messages under. But I mostly only care about realtime alerts so I don't care if the syslog messages gets immediately dropped afterwards, but I want the parser to work on them so I can push a notification to SLACK