Hi Rolf,
Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 07:45:58AM +0000:
Our challenge at moment is how to monitor traffic quantity in/out in
order to detect suspicious activities on Solaris 10. Is there are
way to do this with xymon?
Definitely. ;-)
For our own use (in a university, too :-) and published via Debian's
hobbit-plugins package, I've written a plugin simply called "net"
which can check many network interface characteristics including
monitoring network traffic (calculating bytes/second average from the
rx/tx difference of 10 seconds), but so far it's just for Linux and
uses common Linux commandline tools and
/proc/ links:
https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/client/ext/net
(It also uses the Hobbit.pm Perl module from the same package:
https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/share/perl5/Hobbit.pm)
It though shouldn't be too hard to adapt it to some Solaris
commandline tools and their output. I'm just not sure how to convert
the /proc/ stuff. Maybe there's a Linux compat mode like in FreeBSD?
(Haven't touched any Solaris for like 20 years or so, back when I was
a student.)
Regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: user-bc188e45dae4@xymon.invalid \ / Gegen HTML in E-Mails und Usenet
Mail+Jabber: user-0064bde8d49d@xymon.invalid X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/