On Sun, 16 Mar 2014 15:22:47 +0100, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:
Den 16-03-2014 13:42, Christian skrev:
Hi.
I would like to monitor UDP ports as TCP ports, with the client module,
and a display in the "ports" column. I don't understand why this module
is
limited to TCP connections, and I would like to extend it to active UDP
connections.
Why does the client module run a "netstat -ant" command (file
"xymonclient-linux.sh")? Is there a reason not to add UDP connections
as
well?
UDP doesn't have "connections" as such, so you will only be able to list
the ports where there is a local process listening for incoming
datagrams.
That might make sense in some cases, but you can usually do this just be
looking for the right process to be running.
What would be the best solution? Clone the section and run a "netstat
-anu"? Patch the existing client and run "netstat -antu"? Another
solution?
I tried with the Linux client, and you can change the existing client
code to run "netstat -antu" instead of just "netstat -ant" - this won't
cause any problems.
I am not sure if the server-side of the client will be able to pick up
those UDP ports, because they haven't got anything in the "State"
column. You'll have to try that.
Regards,
Henrik
Hi,
I tried to "patch" the client and run "netstat -antu". Everything works
very well, even though there is no STATE of course (because of UDP). I can
check both TCP and UDP connections. Well, you're right, my checks are to
see if a "server" socket is opened. Both for TCP and UDP connections.
But the main usage I have, for both TCP and UDP, is to check the negative:
I have an exhaustive list of ports that should be opened, and I check if no
other port is opened. For example, I have one line telling:
--- cut here ---
PORT LOCAL=%100.100.100.100[.:].* EXLOCAL=%[.:](22|25|53|80|443|993|1984)$
STATE=LISTEN MAX=0 "TEXT=public tcp bad listeners"
--- cut here ---
And I am able to do the same thing with UDP server connections.
To grep a UDP "server" socket, I use:
--- cut here ---
PORT LOCAL=100.100.100.100:1194 EXSTATE=%([:graph:]) TEXT=openvpn
--- cut here ---
With that regex, I capture all lines with no "STATE" (thus UDP
connections).
So my question is really that I would like to use the functionality of the
client "ports" probe. And I wonder if the philosophy of the "ports" probe
is only to check stateful connections (aka TCP) and thus I have to clone it
and create a "ports2" to check UDP, or if this probe could be patched to
check also UDP connections.
Technically it's OK, it works fine. But what modification am I "allowed"
to do? Propose a patch to the mainstream to add UDP, or clone the test?
Thanks.
--
Christian