Paul
On Thu, 9 Jan 2020 at 08:04, Root, Paul T via Xymon <xymon at xymon.com> wrote:
Hi,
I?ve got an application that has a specific port open
11001, that multiple connections, most looped back on itself.
However, we have another server (that is another groups
machine, and isn?t monitored by Xymon), that connects to this port.
An interesting use case.
Reading the analysis.cfg man page, it looks like criteria
is either local or remote, not both.
I'm not sure I read it the same way. The format is "PORT criteria
[MIN=mincount] ...etc" and what you're wanting to do is specify "criteria".
The example in the man page for usage of "TEXT=" shows:
PORT LOCAL=%[.:]22$ STATE=LISTEN "TEXT=SSH listener"
So this is giving two criteria: LOCAL and STATE. This implies that the
format is really "PORT criteria [...criteria] [MIN=mincount] ...etc" and
thus you can chain multiple criteria. In your use case I would expect you
to be able to use something like:
PORT LOCAL=%[.:]10001 REMOTE=172.28.104.66:* STATE=ESTABLISHED
Not sure if the wildcard is valid for REMOTE port number; perhaps use a
regex here as well:
PORT LOCAL=%[.:]10001 REMOTE=%172\.28\.104\.66:.* STATE=ESTABLISHED
The analysis.cfg file distributed with the source code specifies this
format:
PORT [LOCAL=addr] [EXLOCAL=addr] [REMOTE=addr] [EXREMOTE=addr]
[STATE=state] [EXSTATE=state] [MIN=mincount] [MAX=maxcount]
[COLOR=color] [TRACK=id] [TEXT=displaytext]
So I can see no problem specifying a local port *and *a remote IP address
as you seem to require.
Is there a way to monitor this situation?
# netstat -ant |grep 11001
tcp 0 0 0.0.0.0:11001 0.0.0.0:*
LISTEN
tcp 0 0 192.168.30.15:11001 192.168.30.15:37852 ESTABLISHED
tcp 0 0 192.168.30.15:37852 192.168.30.15:11001 ESTABLISHED
tcp 0 0 192.168.30.15:37864 192.168.30.15:11001 ESTABLISHED
tcp 0 0 192.168.30.15:37856 192.168.30.15:11001 ESTABLISHED
*tcp 0 0 192.168.30.15:11001
<http://192.168.30.15:11001>; 172.28.104.66:39904
<http://172.28.104.66:39904>; ESTABLISHED*
tcp 0 0 192.168.30.15:11001 192.168.30.15:37862 ESTABLISHED
tcp 81 0 192.168.30.15:11001 204.155.140.230:53680 ESTABLISHED
*tcp 486 0 192.168.30.15:11001
<http://192.168.30.15:11001>; 172.28.104.66:39910
<http://172.28.104.66:39910>; ESTABLISHED*
tcp 0 0 192.168.30.15:11001 204.155.140.230:53682 ESTABLISHED
tcp 0 0 192.168.30.15:11001 204.155.140.230:53679 ESTABLISHED
tcp 0 0 192.168.30.15:37862 192.168.30.15:11001 ESTABLISHED
tcp 34 0 192.168.30.15:11001 192.168.30.15:37864 ESTABLISHED
tcp 0 0 192.168.30.15:11001 192.168.30.15:37856
ESTABLISHED
Paul Root
Lead Operations Engineer - IT Managed Services
XXX Commerce Dr
Woodbury, Mn 55125
XXX-XXX-XXXX user-76fdb6883669@xymon.invalid
This communication is the property of CenturyLink and may contain
confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please immediately notify the sender
by reply e-mail and destroy all copies of the communication and any
attachments.