Server management

Configuration file

File netxmsd.conf is a configuration file for NetXMS server. It contains information necessary for establishing database connection, and some optional server parameters. Default location for this file is /etc/netxmsd.conf on UNIX systems and InstalationPathetcnetxmsd.conf on Windows.

The file can contain one or more parameters in Parameter = Value form, each parameter should be on its own line. Comments can be inserted after “#” sign.

Detailed list of parameters can be found there: Server configuration file (netxmsd.conf).

Configuration file example:

# Sample server configuration file

DBDriver = mysql.ddr
DBServer = localhost
DBName = netxms_db
DBLogin = netxms
DBPassword = password
LogFile = {syslog}

Server configuration for Agent to Server connection / Tunnel connection

NetXMS provides option to establish connection from agent to server. This requires additional configuration on server and on agent sides. This chapter describes server side configuration. Agent side configuration can be found in Agent to server connection. Agent to server connection is a TLS tunnel carrying virtual server to agent connections.

Server configuration can be separated into two parts: initial configuration (certificate generation and configuration) and node binding.

New in version 2.2.3: Tunnel automatic action options

Server provide option to configure automatic options on new unbound tunnel connection. Once new unbound tunnel connection comes to server - idle timeout counter starts for this connection. If nothing done while AgentTunnels.UnboundTunnelTimeout time, automatic action selected in AgentTunnels.UnboundTunnelTimeoutAction will be executed.

There are 4 types of actions, that can be done automatically:
  1. Reset tunnel - close tunnel. It will be automatically reopened again by agent. This process will update information on server in case of change on agent.
  2. Generate event - generates event SYS_UNBOUND_TUNNEL, that later can be used for administrator notification or any other automatic action (see Event processing).
  3. Bind tunnel to existing node - will try to find correct node and bind tunnel to it. Node matching rules will be described further.
  4. Bind tunnel to existing node or create new node - will try to find correct node and bind tunnel to it. If node is not found new node will be created under container mentioned in AgentTunnels.NewNodesContainer server configuration parameter. Node matching rules will be described further.
Node is matched for binding if:
  1. Zone UIN given by agent (is configured in agent configuration under ZoneUIN) match to node zone id
  2. IP given by agent match to node’s IP address
  3. Hostname or FQDN match with node name

Initial configuration

Certificate should be issued and added to the server configuration. This certificate will be used to issue public certificates for agents. Certificate usage should allow certificate signing. Certificates should be in PEM format. Server key should be added to the certificate file or should be provided as a separate configuration parameter.

Certificate can be obtained in two ways:
  1. By sending CSR request to your CA
  2. Create self signed certificate

Possible server file configuration:

Parameter Description Required
ServerCACertificate Your certificate authority certificate or self generated CA certificate. If certificate chain for server certificate is longer all upper level certificates should be added to configuration file by adding multiple ServerCACertificate entries. Yes
ServerCertificate Certificate issued by certificate authority. Yes
ServerCertificatePassword Issued certificate password Can be omitted for non password certificates
ServerCertificateKey Issued certificate key Can be omitted if key is included in server certificate file.

Possible server variable configuration:

Parameter Description Default
AgentTunnels.UnboundTunnelTimeoutAction Action that will be executed after idle timeout. Actions are described here: Server configuration for Agent to Server connection / Tunnel connection Reset tunnel
AgentTunnels.UnboundTunnelTimeout Tunnel idle timeout in seconds, that will be waited till automatic action execution. 3600
AgentTunnels.NewNodesContainer Container name where newly created nodes will accrue. You can use -> character pair to create subtree ( like Office->Tunnel). If no container is set nodes will appear under Entire Network  

Self signed certificate sample

This manual describes only simplest option: self signed certificate creation without password. It does not contain any information about file access right assignment or certificate password configuration.

  1. Create private root key:

    openssl genrsa -out rootCA.key 2048

  2. Create self signed root certificate:

    openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt

  3. Create server key

    openssl genrsa -out server.key 2048

  4. Create openssl.conf file. Content of file (dn section should be changed accordingly):

    distinguished_name = dn
    req_extensions = v3_ca
    prompt = no
    countryName = LV
    stateOrProvinceName = Riga
    localityName = Riga
    organizationName =
    commonName = Monitoring Server
    basicConstraints = CA:TRUE
  5. Create server certificate

    openssl req -new -key server.key -out server.csr -config openssl.conf

  6. Sign server certificate with root certificate

    openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000 -extfile openssl.conf -extensions v3_ca

Add newly created certificates to server configuration (netxmsd.conf file).

ServerCACertificate = /opt/netxms/key/rootCA.crt
ServerCertificate = /opt/netxms/key/server.crt
ServerCertificateKey = /opt/netxms/key/server.key

Node binding

Once server certificates are configured and agent is correctly configured (ServerConnection parameter set in agentd.conf) requests for agent to server connection will be shown in Agent Tunnel Manager view.


Agent Tunnel Manager

User should manually accept them by binding to existing node Bind… or by creating new one Create node and bind…. Once node will be bound - it’s state in Agent Tunnel Manager view will be changed to Bound.


Agent Tunnel Manager

Configuration variables

These variables are stored in database and can be changed using Server Configuration Editor view accessing it Configuration‣Server Configuration or with help of nxdbmgr`(example: :code:`nxdbmgr set <name> <value>).


Server Configuration

Detailed description of each configuration can be found there: Server configuration parameters. Please note that changes to most of the settings will take effect only after server restart.

Synchronization between servers

NetXMS does not provide horizontal scalability for server. But there is option to exchange with events between servers. Information about configuration can be found there: Forward event. Event forward does not work with zones.

netxmsd commandline options

Command Description
-e Run database check on startup
-c <file> Set non-default configuration file Default is {search}
-d Run as daemon/service
-D <level> Set debug level (valid levels are 0..9)
-h Display help and exit
-p <file> Specify pid file.
-q Disable interactive console
-v Display version and exit

Server debug console

Server debug console can be opened in Java console. It can be found in Tools -> Server Console.

It can be used to check debug messages or to execute one of server commands like “ldap sync”.


Server commands can be executed also through XMPP. To execute server command through XMPP should be fulfill next requirements:

  1. Server connection with XMPP should be configured in server configuration variables: XMPPLogin, XMPPPassword, XMPPPort, XMPPServer, EnableXMPPConnector.
  2. XMPP user that will send commands should be connected with NetXMS user by pointing it’s XMPP name in XMPP ID filed of General tab of NetXMS user properties.
  3. NetXMS user that will execute this commands should also have Execute commands via XMPP access right.

Execution is done sending server command like a message to the user defined in XMPPLogin server configuration variable.

Server commands

Command Description
debug [<level>|off] Set debug level (valid range is 0..9)
down Shutdown NetXMS server
exec <script> [<params>] Executes NXSL script from script library
exit Exit from remote session
kill <session> Kill client session
get <variable> Get value of server configuration variable
help Display this help
ldapsync Synchronize ldap users with local user database
poll <type> <node> Initiate node poll
raise <exception> Raise exception
set <variable> <value> Set value of server configuration variable
show components <node> Show physical components of given node
show dbcp Show active sessions in database connection pool
show fdb <node> Show forwarding database for node
show flags Show internal server flags
show index <index> Show internal index
show modules Show loaded server modules
show objects Dump network objects to screen
show pollers Show poller threads state information
show queues Show internal queues statistics
show routing-table <node> Show cached routing table for node
show sessions Show active client sessions
show stats Show server statistics
show topology <node> Collect and show link layer topology for node
show users Show users
show vlans <node> Show cached VLAN information for node
show watchdog Display watchdog information
trace <node1> <node2> Show network path trace between two nodes

Configuring self-monitoring

Database connection pool

ICMP proxy

To used ICMP proxy Ping subagent should be loaded for ICMP proxy node.

This proxy is used to check node availability when Zones are used.