The following works for me on redhat as 4, Hobbit server 4.2 with
allinone patch, pcre version 6.7.
HOST=hobbit1
PORT REMOTE=%::ffff:10.10.196.120:.*
PORT REMOTE=%10.10.128.130:.*
You can run tests in hobbit like this:
# ../bin/bbcmd ../bin/hobbitd_client --test
2007-05-21 11:02:10 Using default environment file
/opt/hobbit/server/etc/hobbitserver.cfg
Hostname (.=end, ?=dump, !=reload) []: hobbit1
Hosttype []: linux
Test (cpu, mem, disk, proc, log, port): port
Need to know netstat columns for 'Local address', 'Remote address' and
'State'
Enter columns [4 5 6]: 5
To read 'netstat' data from a file, enter '@FILENAME' at the prompt
netstat line: tcp 0 1408 ::ffff:10.10.128.130:22
::ffff:10.10.196.120:2575 ESTABLISHED
netstat line:
&green remote=%::ffff:10.10.196.120:.* : (found 1, req. 1 or more)
&red remote=%10.10.128.230:.* : (found 0, req. 1 or more)
Hostname (.=end, ?=dump, !=reload) [hobbit1]: .
John
Jeff Newman wrote:
Stll didn't work.
Henrik: I've just counted 60 different variations I have tried ( ()'s
"'s etc.. in various places) and still the only thing that works is
PORT REMOTE=192.168.22.3:1234
I cannot get the regex to work. What would be the absolute
authoritative way to do this? Is there some sort of log I can look at?
BTW server is 4.2, os is redhat as 4
Thanks,
Jeff
On 5/17/07, Galen Johnson <user-d2ff723b6cb6@xymon.invalid> wrote:
Jeff Newman wrote:
Actually that is what I want (every port on that IP) - It's a second
nic on that box that only does one thing (just on a couple different
random ports)
I just tried both:
PORT "REMOTE=%192.168.22.3:.*"
and
PORT REMOTE=%192.168.22.3:.*
(without the double quotes)
and neither worked.
Again, explicitly stating PORT REMOTE=192.168.22.3:1234 does work, so
I know it at least partially works :-)
-jeff
On 5/17/07, Galen Johnson <user-d2ff723b6cb6@xymon.invalid> wrote:
Jeff Newman wrote:
All,
Quick question. I have tried every permutation I can think of but
basically:
Every PORT example I can find has something similar to:
PORT LOCAL=%[.:]22$ (etc...)
or
PORT LOCAL=%[.:](80|443)
No example I have seen has it where you KNOW the IP and you DONT
know
the port, such as:
192.168.22.3:???????????
I need the port string to match an IP with an unknown port number.
If I do:
PORT REMOTE=192.168.22.3:1234 (saying that netstat has a 1234
established)
it works fine, but (again pretending on the port #'s) if a
netstat had
3 established connections to ports 1234,1111,23521 I only get the
1234. I want all of them.
Ive tried permutations for 2 hours now, and can't figure it out.
Thanks,
Jeff
Have you tried "REMOTE=%192.168.22.3:.*"? Now, that will most likely
get you every port on that IP...which is probably not what you
want...it's usually easier to write it for the ports you want...or
"EXREMOTE=%192.168.22.3:.*"...
=G=
Just tried it using pcretest and it works...there are some threads on
the list that suggest wrapping the regex in quotes:
REMOTE="%192.168.22.3:.*"
Dunno what else to try...
=G=