FreeBSD [ifstat] processing
list Jeremy Laidman
Hiya I have some FreeBSD systems that run IPv6, and the numbers that Xymon are graphing are not quite right. I think I've pinned down the cause as being the ifstat matching regexp, not being able to handle either multiple bound IP addresses, or IPv6 addresses. My system has output from "netstat -i -b -n" something like this: Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll em0 1500 <Link#1> aa:bb:cc:dd:ee:ff 855109239 246 119882177806 4445784528 0 1678631985244 0 em0 1500 fe80:1::666:6 fe80:1::666:66ff: 5652 - 403008 8487 - 565928 - em0 1500 192.168.1.0 192.168.1.66 3669836 - 327402522 4441615751 - 1612495913591 - em0 1500 6006:6000:0:6 6006:6000:0:6006: 186828 - 13051632 33119395 - 3319372758 - <snipped> lo0 16384 <Link#3> 2420387 0 296603593 2420667 0 296585785 0 lo0 16384 ::1/128 ::1 193448 - 17014491 217323 - 22687570 - lo0 16384 fe80:6::1/64 fe80:6::1 0 - 0 0 - 0 - lo0 16384 127.0.0.0/8 127.0.0.1 2227042 - 279599853 2226396 - 279550576 - lo1 16384 <Link#4> 398523 0 55461313 398523 0 55461150 0 lo1 16384 192.168.2.0 192.168.2.66 317552009 - 63772241684 383671 - 50695917 - lo1 16384 6006:6000:600 6006:6000:600::66 29688469 - 10867392950 4 - 2982 - <snipped> The Xymon client explicitly excludes the "link" lines, and all of the "lo" lines. Makes sense, except that it doesn't work for me. It seems that the Xymon server-side parsing is only picking up the line with the IPv4 address (192.168.1.66) and ignores all the others for the interface. Also, I can't see where Xymon handles multiple lines for the same interface, and I don't think it does. And finally, this server has loopback interfaces lo1, lo2 and so on, with alternative IP addresses for this server. Most of the traffic that arrives at this server is addressed to the loopback interfaces. So even if Xymon could parse these lines, multiple of them, the client script excludes all of the loopback interfaces. What's the best way to solve this? The lo[1-n] NICs could be added back in. But I don't know that this is very useful. The intent of the [ifstat] data is to record and display bytes that come in and out of physical NICs that communicate with the outside world, but my extra loopback interfaces' traffic isn't being counted. For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium). However, I think the "link" lines also show things like ARP and other layer-2 traffic that might not be as useful. Has anyone else looked into this, or done monitoring of FreeBSD interfaces? Is there a better command to run on FreeBSD for this? I'd really like to get this fixed up. Cheers Jeremy
list Jeremy Laidman
▸
On 17 February 2014 18:48, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
On thinking about this, I think the correct way to handle this is to exclude all but the "link" interfaces, because we're looking at interface bytes, not IP bytes, UDP bytes ICMP bytes, etc, but all interface bytes. Another way of thinking about this is that I would expect the switch port bps numbers to be the same as my server's bps numbers. So I'm proposing that the FreeBSD client be adjusted from this: echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link" To this: echo "[ifstat]" netstat -i -b -n | egrep "<Link" And that the Xymon server parsing code PCRE string be adjusted to match that format, which has MAC addresses in place of IPv4/IPv6 host addresses (but sometimes empty) and "<Link#n>" in place of network addresses. This might not be a good idea if people are already relying on the current way of handling FreeBSD data. If so, you'll get almost the same numbers (slightly more with ARP and other layer-2 stuff), and you'll also get loopback addresses added to your interface graphs. Personally I have no problem showing loopback addresses, they can often show insights into local processes that communicate amongst themselves. Seem reasonable? Would anyone be adversely impacted by this suggested change? Cheers Jeremy
list Jeremy Laidman
▸
On 17 February 2014 23:24, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
On 17 February 2014 18:48, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>wrote:For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link" To this: echo "[ifstat]" netstat -i -b -n | egrep "<Link"
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Anyone? Nobody else using FreeBSD?
I've implemented a work-around that works for me, by using the following
line in xymonclient-freebsd.sh:
netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do
[ $A = "Name" ] || { C=0.0.0.0/0; D=0.0.0.0; }; printf "%-5s %5s %-13s
%-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done
The output now only includes interface lines with "<Link" that are not
loopback devices (thus ignoring all the non-physical entries), and the
"<Link#1>" and MAC address lines have been replaced with dummy values that
parse correctly on the server. I now have useful interface graphs for my
FreeBSD systems.
This is an ugly hack, and I only want this in place until a proper solution
can be implemented.
So, I'm proposing that the xymonclient-freebsd.sh script be modified to use
this line for [ifstat]:
netstat -ibn | egrep "<Link|Name"|grep -v ^lo
(This could leave the loopback addresses in place, and I don't think anyone
would mind.)
Then, the following (untested) patch to do_ifstat.c.
What say ye all?
Cheers
Jeremy
--- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100
+++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100
@@ -27,8 +27,10 @@
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs
Obytes Coll */
/* lnc0 1500 172.16.10.0/24 172.16.10.151 26 - 1818 26 -
1802 - */
+/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs
Obytes Coll */
+/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 -
1802 - */
static const char *ifstat_freebsd_exprs[] = {
• "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-]+"
• "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-]+"
};
/* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes
Opkts Oerrs Obytes Coll */
list Brian Scott
The idea is good. I'm looking forward to having better numbers against the interfaces. Thanks, Brian Scott
▸
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Jeremy Laidman
Sent: Thursday, 20 February 2014 1:46 PM
To: xymon at xymon.com
Subject: Re: [Xymon] FreeBSD [ifstat] processing
On 17 February 2014 23:24, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:
On 17 February 2014 18:48, Jeremy Laidman <user-71895fb2e44c@xymon.invalid<mailto:user-71895fb2e44c@xymon.invalid>> wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]"
netstat -i -b -n | egrep -v "^lo|<Link"
To this:
echo "[ifstat]"
netstat -i -b -n | egrep "<Link"
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Anyone? Nobody else using FreeBSD?
I've implemented a work-around that works for me, by using the following line in xymonclient-freebsd.sh:
netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do [ $A = "Name" ] || { C=0.0.0.0/0<http://0.0.0.0/0>;; D=0.0.0.0; }; printf "%-5s %5s %-13s %-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done
▸
The output now only includes interface lines with "<Link" that are not loopback devices (thus ignoring all the non-physical entries), and the "<Link#1>" and MAC address lines have been replaced with dummy values that parse correctly on the server. I now have useful interface graphs for my FreeBSD systems.
This is an ugly hack, and I only want this in place until a proper solution can be implemented.
So, I'm proposing that the xymonclient-freebsd.sh script be modified to use this line for [ifstat]:
netstat -ibn | egrep "<Link|Name"|grep -v ^lo
(This could leave the loopback addresses in place, and I don't think anyone would mind.)
Then, the following (untested) patch to do_ifstat.c.
What say ye all?
Cheers
Jeremy
--- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100
+++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100
@@ -27,8 +27,10 @@
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll *//* lnc0 1500 172.16.10.0/24<http://172.16.10.0/24>; 172.16.10.151 26 - 1818 26 - 1802 - */
▸
+/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
+/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
- "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-<file:///\\s+\d+\s+%5b0-9.\%5d+\s+%5b0-9.%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
+ "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-<file:///\\s+\d+\s+%3cLink%23\d+%3e\s+%5b:0-9%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
▸
};
/* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
list Nicolas Lienard
Hello Having same issue with my FreeBSD 10.2 devices, i tried this patch on server side but it was not matching successfully all the interfaces due to bad regular expression matching on the mac addresses part. # netstat -ibn | egrep "<Link|Name" | grep -v ^lo Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll em0 1500 <Link#1> 00:22:4d:ad:fe:35 893691871 0 0 1135451821124 497735825 0 107868664606 0 pflog 33160 <Link#5> 0 0 0 0 697354 0 69531302 0 tap0 1500 <Link#3> 00:bd:c4:41:4e:00 448130087 0 0 584819922588 250814356 0 43739464436 0 bridg 1500 <Link#4> 02:f7:58:d9:cb:00 0 0 0 0 0 0 0 0 vlan1 1496 <Link#9> 00:bd:c4:41:4e:00 58827595 0 0 61939630719 46134046 3255 29559453921 0 vlan2 1300 <Link#10> 00:bd:c4:41:4e:00 450450 0 0 34627817 456686 110 36271656 0 tap30 1500 <Link#7> 00:bd:24:27:3a:1e 109129 0 0 7518832 171580 0 231138481 0 bridg 1500 <Link#8> 02:f7:58:d9:cb:1e 0 0 0 0 0 0 0 0 vlan3 1496 <Link#12> 00:bd:24:27:3a:1e 143 0 0 10409 73 0 3893 0 It was matching only pflog0 interface with the regexp where the mac address part is in bold : "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+ <smb://s+//d+//s+<Link#//d+>//s+>[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+" }; Here a functional one (in bold the replacement) rrd/do_ifstat.c [line 31]
▸
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
/* lnc0 1500 172.16.10.0/24 172.16.10.151 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
"^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+ <smb://s+//d+//s+<Link#//d+>//s+>[a-z0123456789.:]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+"
};
The part on client is working fine.
Thanks and long life to Xymon !
regards,
Nico
▸
From: Xymon [mailto:xymon-bounces at xymon.com < On Behalf Of Jeremy Laidman
Sent: Thursday, 20 February 2014 1:46 PM
To: xymon at xymon.com <
Subject: Re: [Xymon] FreeBSD [ifstat] processing
On 17 February 2014 23:24, Jeremy Laidman <user-71895fb2e44c@xymon.invalid <<mailto:user-71895fb2e44c@xymon.invalid < wrote:
On 17 February 2014 18:48, Jeremy Laidman <user-71895fb2e44c@xymon.invalid <<mailto:user-71895fb2e44c@xymon.invalid < wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]"
netstat -i -b -n | egrep -v "^lo|<Link"
To this:
echo "[ifstat]"
netstat -i -b -n | egrep "<Link"
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Anyone? Nobody else using FreeBSD?
I've implemented a work-around that works for me, by using the following line in xymonclient-freebsd.sh:
netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do [ $A = "Name" ] || { C=0.0.0.0/0<http://0.0.0.0/0 <http://0.0.0.0/0>>;; D=0.0.0.0; }; printf "%-5s %5s %-13s %-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done
▸
The output now only includes interface lines with "<Link" that are not loopback devices (thus ignoring all the non-physical entries), and the "<Link#1>" and MAC address lines have been replaced with dummy values that parse correctly on the server. I now have useful interface graphs for my FreeBSD systems.
This is an ugly hack, and I only want this in place until a proper solution can be implemented.
So, I'm proposing that the xymonclient-freebsd.sh script be modified to use this line for [ifstat]:
netstat -ibn | egrep "<Link|Name"|grep -v ^lo
(This could leave the loopback addresses in place, and I don't think anyone would mind.)
Then, the following (untested) patch to do_ifstat.c.
What say ye all?
Cheers
Jeremy
--- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100
+++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100
@@ -27,8 +27,10 @@
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll *//* lnc0 1500 172.16.10.0/24<http://172.16.10.0/24 <http://172.16.10.0/24>>; 172.16.10.151 26 - 1818 26 - 1802 - */
▸
+/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
+/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
- "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+ <smb://s+//d+//s+[0-9.///]+//s+[0-9.]+//s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+>[0-9-<file:///\\s+\d+\s+%5b0-9.\%5d+\s+%5b0-9.%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+ <file:///s+/d+/s+%5b0-9./%5d+/s+%5b0-9.%5d+/s+/d+/s+%5b0-9-%5d+/s+(/d+>)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
+ "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+ <smb://s+//d+//s+<Link#//d+>//s+[:0-9]+//s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+>[0-9-<file:///\\s+\d+\s+%3cLink%23\d+%3e\s+%5b:0-9%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+ <file:///s+/d+/s+%3cLink%23/d+%3e/s+%5b:0-9%5d+/s+/d+/s+%5b0-9-%5d+/s+(/d+>)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
▸
};
/* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
list Nicolas Lienard
Sorry my mail was sent to early. There were also a missing column on the initial regexp. here the good one: --- do_ifstat.c 2015-10-01 16:42:42.000000000 +0200 +++ /root/do_ifstat.c.fix.freebsd.ifstat 2015-12-15 09:16:38.584712442 +0100 @@ -28,7 +28,7 @@
▸
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
/* lnc0 1500 172.16.10.0/24 172.16.10.151 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
- "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+[0-9.///]+//s+[0-9.]+//s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+"
+ "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[a-f0123456789.:]+\\s+\\d+\\s+[0-9-]+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+<Link#//d+>//s+[a-f0123456789.:]+//s+//d+//s+[0-9-]+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+"
▸
};
/* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */
Now ifstat graphs are OK on my FreeBSD boxes.
regards
Nico
▸
Le 14 déc. 2015 à 18:24, Nico <user-4f1d872b9031@xymon.invalid <mailto:user-4f1d872b9031@xymon.invalid>> a écrit :
Hello
Having same issue with my FreeBSD 10.2 devices, i tried this patch on server side but it was not matching successfully all the interfaces due to bad regular expression matching on the mac addresses part.
# netstat -ibn | egrep "<Link|Name" | grep -v ^lo
Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll
em0 1500 <Link#1> 00:22:4d:ad:fe:35 893691871 0 0 1135451821124 497735825 0 107868664606 0
pflog 33160 <Link#5> 0 0 0 0 697354 0 69531302 0
tap0 1500 <Link#3> 00:bd:c4:41:4e:00 448130087 0 0 584819922588 250814356 0 43739464436 0
bridg 1500 <Link#4> 02:f7:58:d9:cb:00 0 0 0 0 0 0 0 0
vlan1 1496 <Link#9> 00:bd:c4:41:4e:00 58827595 0 0 61939630719 46134046 3255 29559453921 0
vlan2 1300 <Link#10> 00:bd:c4:41:4e:00 450450 0 0 34627817 456686 110 36271656 0
tap30 1500 <Link#7> 00:bd:24:27:3a:1e 109129 0 0 7518832 171580 0 231138481 0
bridg 1500 <Link#8> 02:f7:58:d9:cb:1e 0 0 0 0 0 0 0 0
vlan3 1496 <Link#12> 00:bd:24:27:3a:1e 143 0 0 10409 73 0 3893 0
It was matching only pflog0 interface with the regexp where the mac address part is in bold :
"^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+ <smb://s+//d+//s+<Link#//d+>//s+>[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+"
};
Here a functional one (in bold the replacement)
rrd/do_ifstat.c [line 31]
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
/* lnc0 1500 172.16.10.0/24 172.16.10.151 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
"^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+ <smb://s+//d+//s+<Link#//d+>//s+>[a-z0123456789.:]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9- <smb://s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+[0-9->]+"
};
The part on client is working fine.
Thanks and long life to Xymon !
regards,
Nico
From: Xymon [mailto:xymon-bounces at xymon.com < On Behalf Of Jeremy Laidman
Sent: Thursday, 20 February 2014 1:46 PM
To: xymon at xymon.com <
Subject: Re: [Xymon] FreeBSD [ifstat] processing
On 17 February 2014 23:24, Jeremy Laidman <user-71895fb2e44c@xymon.invalid <<mailto:user-71895fb2e44c@xymon.invalid < wrote:
On 17 February 2014 18:48, Jeremy Laidman <user-71895fb2e44c@xymon.invalid <<mailto:user-71895fb2e44c@xymon.invalid < wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]"
netstat -i -b -n | egrep -v "^lo|<Link"
To this:
echo "[ifstat]"
netstat -i -b -n | egrep "<Link"
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Anyone? Nobody else using FreeBSD?
I've implemented a work-around that works for me, by using the following line in xymonclient-freebsd.sh:
netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do [ $A = "Name" ] || { C=0.0.0.0/0<http://0.0.0.0/0 <http://0.0.0.0/0>>;; D=0.0.0.0; }; printf "%-5s %5s %-13s %-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done
The output now only includes interface lines with "<Link" that are not loopback devices (thus ignoring all the non-physical entries), and the "<Link#1>" and MAC address lines have been replaced with dummy values that parse correctly on the server. I now have useful interface graphs for my FreeBSD systems.
This is an ugly hack, and I only want this in place until a proper solution can be implemented.
So, I'm proposing that the xymonclient-freebsd.sh script be modified to use this line for [ifstat]:
netstat -ibn | egrep "<Link|Name"|grep -v ^lo
(This could leave the loopback addresses in place, and I don't think anyone would mind.)
Then, the following (untested) patch to do_ifstat.c.
What say ye all?
Cheers
Jeremy
--- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100
+++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100
@@ -27,8 +27,10 @@
/* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
/* lnc0 1500 172.16.10.0/24<http://172.16.10.0/24 <http://172.16.10.0/24>>; 172.16.10.151 26 - 1818 26 - 1802 - */
+/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */
+/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 - 1802 - */
static const char *ifstat_freebsd_exprs[] = {
- "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+ <smb://s+//d+//s+[0-9.///]+//s+[0-9.]+//s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+>[0-9-<file:///\\s+\d+\s+%5b0-9.\%5d+\s+%5b0-9.%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+ <file:///s+/d+/s+%5b0-9./%5d+/s+%5b0-9.%5d+/s+/d+/s+%5b0-9-%5d+/s+(/d+>)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
+ "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+ <smb://s+//d+//s+<Link#//d+>//s+[:0-9]+//s+//d+//s+[0-9-]+//s+(//d+)//s+//d+//s+[0-9-]+//s+(//d+)//s+>[0-9-<file:///\\s+\d+\s+%3cLink%23\d+%3e\s+%5b:0-9%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+ <file:///s+/d+/s+%3cLink%23/d+%3e/s+%5b:0-9%5d+/s+/d+/s+%5b0-9-%5d+/s+(/d+>)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+"
};
/* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
list Mark Felder
▸
On Tue, Dec 15, 2015, at 02:19, Nico wrote:
Sorry my mail was sent to early. There were also a missing column on the initial regexp.
I've altered it slightly more to make sure it reports all valid interfaces and works on 9/10/CURRENT. I emailed a copy to JC and the developers list but have not seen any emails come through from there, so I'm not sure what's going on. See attached -- Mark Felder user-db141d317836@xymon.invalid
Attachments (1)
list Mark Felder
▸
On Mon, Dec 14, 2015, at 11:24, Nico wrote:
So I'm proposing that the FreeBSD client be adjusted from this: echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link" To this: echo "[ifstat]" netstat -i -b -n | egrep "<Link" Seem reasonable? Would anyone be adversely impacted by this suggested change?
I just discovered a bug here, too. We need the -W flag for netstat to not truncate interface names. before:
▸
# netstat -ibn | egrep "<Link|Name" | grep -v ^lo
Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll
re0 1500 <Link#1> 00:0d:b9:34:19:5c 128999557 0 0
179670093890 69675563 0 15695977843 0
re1 1500 <Link#2> 00:0d:b9:34:19:5d 70513275 0 0
16032274028 128924310 0 177694695608 0
re2* 1500 <Link#3> 00:0d:b9:34:19:5e 0 0 0 0 0 0 0 0
bridg 1500 <Link#6> 02:77:b6:ed:58:00 70254277 0 0
16036199705 129805702 210 179003594406 0
gif0 1280 <Link#7> gif0 5346546 0 0
5718534418 4031610 6 2016239779 0
tun0 1500 <Link#8> tun0 910 0 0 120939 969 0 654231 0
tun1* 1500 <Link#9> tun1 0 0 0 0 0 0 0 0
vlan5 1500 <Link#10> 00:0d:b9:34:19:5d 476021 0 0 68166196 593906 0 598099212 0
after:
# netstat -ibnW | egrep "<Link|Name" | grep -v ^lo
Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll
re0 1500 <Link#1> 00:0d:b9:34:19:5c 128999730 0 0 179670121877 69675731 0 15696092809 0
re1 1500 <Link#2> 00:0d:b9:34:19:5d 70513451 0 0 16032379270 128924498 0 177694722117 0
re2* 1500 <Link#3> 00:0d:b9:34:19:5e 0 0 0 0 0 0 0 0
bridge0 1500 <Link#6> 02:77:b6:ed:58:00 70254415 0 0 16036300636 129805863 210 179003607634 0
gif0 1280 <Link#7> gif0 5346580 0 0 5718537650 4031628 6 2016242843 0
tun0 1500 <Link#8> tun0 910 0 0 120939 969 0 654231 0
tun1* 1500 <Link#9> tun1 0 0 0 0 0 0 0 0
vlan5 1500 <Link#10> 00:0d:b9:34:19:5d 476054 0 0 68170092 593933 0 598112493 0
If we don't have the -W flag long interface names may be confused by
Xymon. eg, bridge0 bridge1 bridge2 will all be seen as "bridg" like this
rrd file indicates: data/gw.feld.me/ifstat.bridg.rrd
--
Mark Felder
user-db141d317836@xymon.invalid
list Nicolas Lienard
Hi Mark, You made my day! I was experiencing some weird issue on some boxes (vtnetX) and other were good (em0 which is short). Thanks for spotting this issue and especially with the quick fix. Regards Nicolas Lienard
▸
Le 15 déc. 2015 à 19:28, Mark Felder <user-db141d317836@xymon.invalid> a écrit : On Mon, Dec 14, 2015, at 11:24, Nico wrote:So I'm proposing that the FreeBSD client be adjusted from this: echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link" To this: echo "[ifstat]" netstat -i -b -n | egrep "<Link" Seem reasonable? Would anyone be adversely impacted by this suggested change?I just discovered a bug here, too. We need the -W flag for netstat to not truncate interface names. before: # netstat -ibn | egrep "<Link|Name" | grep -v ^lo Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll re0 1500 <Link#1> 00:0d:b9:34:19:5c 128999557 0 0 179670093890 69675563 0 15695977843 0 re1 1500 <Link#2> 00:0d:b9:34:19:5d 70513275 0 0 16032274028 128924310 0 177694695608 0 re2* 1500 <Link#3> 00:0d:b9:34:19:5e 0 0 0 0 0 0 0 0 bridg 1500 <Link#6> 02:77:b6:ed:58:00 70254277 0 0 16036199705 129805702 210 179003594406 0 gif0 1280 <Link#7> gif0 5346546 0 0 5718534418 4031610 6 2016239779 0 tun0 1500 <Link#8> tun0 910 0 0 120939 969 0 654231 0 tun1* 1500 <Link#9> tun1 0 0 0 0 0 0 0 0 vlan5 1500 <Link#10> 00:0d:b9:34:19:5d 476021 0 0 68166196 593906 0 598099212 0 after: # netstat -ibnW | egrep "<Link|Name" | grep -v ^lo Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll re0 1500 <Link#1> 00:0d:b9:34:19:5c 128999730 0 0 179670121877 69675731 0 15696092809 0 re1 1500 <Link#2> 00:0d:b9:34:19:5d 70513451 0 0 16032379270 128924498 0 177694722117 0 re2* 1500 <Link#3> 00:0d:b9:34:19:5e 0 0 0 0 0 0 0 0 bridge0 1500 <Link#6> 02:77:b6:ed:58:00 70254415 0 0 16036300636 129805863 210 179003607634 0 gif0 1280 <Link#7> gif0 5346580 0 0 5718537650 4031628 6 2016242843 0 tun0 1500 <Link#8> tun0 910 0 0 120939 969 0 654231 0 tun1* 1500 <Link#9> tun1 0 0 0 0 0 0 0 0 vlan5 1500 <Link#10> 00:0d:b9:34:19:5d 476054 0 0 68170092 593933 0 598112493 0 If we don't have the -W flag long interface names may be confused by Xymon. eg, bridge0 bridge1 bridge2 will all be seen as "bridg" like this rrd file indicates: data/gw.feld.me/ifstat.bridg.rrd -- Mark Felder user-db141d317836@xymon.invalid