Monitoring network traffic

list Josh Luthman
Thu, 4 Apr 2024 11:19:43 -0400
Message-Id: <CAN9qwJ_aqamXcZHjpk=G32Ew=user-b9292929effa@xymon.invalid>

The clientlog includes [netstat] which has a snapshot of activity in text

The trends puts it in a pretty graph stored in rrd.

On Thu, Apr 4, 2024 at 4:30?AM Schrittenlocher, Rolf <
user-c8b69be9a15a@xymon.invalid> wrote:

Hi,


thanks Axel. I just saw that "trends" shows network traffic. So the data
is already collected and available on the server. xymon server is Linux,
only the clients are Solaris. So someone can tell me how I can access the
data either with a client script or on server side?


kind regards

Rolf


Rolf Schrittenlocher

Bibliotheksmanagementsystem IT | IT-Services (ITS)


Universit?tsbibliothek Johann Christian Senckenberg

Goethe-Universit?t Frankfurt  |  Campus Bockenheim

Zentralbibliothek  |  Freimannplatz 1

60325 Frankfurt am Main  |  GERMANY

Telefon Sammelnummer +49 (0)69  798 28830

Telefon pers?nlich +49 (0)69  798 28908

E-Mail: user-64314bfd1eb5@xymon.invalid

E-Mail (pers?nlich) user-c8b69be9a15a@xymon.invalid

Website: https://www.ub.uni-frankfurt.de


*Von:* Axel Beckert <user-bc188e45dae4@xymon.invalid>
*Gesendet:* Donnerstag, 4. April 2024 10:17
*An:* Schrittenlocher, Rolf
*Cc:* Xymon at xymon.com
*Betreff:* Re: [Xymon] Monitoring network traffic

Hi Rolf,

Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 07:45:58AM +0000:

Our challenge at moment is how to monitor traffic quantity in/out in
order to detect suspicious activities on Solaris 10. Is there are
way to do this with xymon?

Definitely. ;-)

For our own use (in a university, too :-) and published via Debian's
hobbit-plugins package, I've written a plugin simply called "net"
which can check many network interface characteristics including
monitoring network traffic (calculating bytes/second average from the
rx/tx difference of 10 seconds), but so far it's just for Linux and
uses common Linux commandline tools and
/proc/ links:


https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/client/ext/net

(It also uses the Hobbit.pm Perl module from the same package:

https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/share/perl5/Hobbit.pm
)

It though shouldn't be too hard to adapt it to some Solaris
commandline tools and their output. I'm just not sure how to convert
the /proc/ stuff. Maybe there's a Linux compat mode like in FreeBSD?
(Haven't touched any Solaris for like 20 years or so, back when I was
a student.)

                Regards, Axel
--
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign,
http://arc.pasp.de/
Mail: user-bc188e45dae4@xymon.invalid  \ /  Gegen HTML in E-Mails und Usenet
Mail+Jabber: user-0064bde8d49d@xymon.invalid  X
https://axel.beckert.ch/   / \  I love long mails:
https://email.is-not-s.ms/