[hobbit] argh! Ports
John Glowacki
johng at idttechnology.com
Mon May 21 17:33:03 CEST 2007
The following works for me on redhat as 4, Hobbit server 4.2 with
allinone patch, pcre version 6.7.
HOST=hobbit1
PORT REMOTE=%::ffff:10.10.196.120:.*
PORT REMOTE=%10.10.128.130:.*
You can run tests in hobbit like this:
# ../bin/bbcmd ../bin/hobbitd_client --test
2007-05-21 11:02:10 Using default environment file
/opt/hobbit/server/etc/hobbitserver.cfg
Hostname (.=end, ?=dump, !=reload) []: hobbit1
Hosttype []: linux
Test (cpu, mem, disk, proc, log, port): port
Need to know netstat columns for 'Local address', 'Remote address' and
'State'
Enter columns [4 5 6]: 5
To read 'netstat' data from a file, enter '@FILENAME' at the prompt
netstat line: tcp 0 1408 ::ffff:10.10.128.130:22
::ffff:10.10.196.120:2575 ESTABLISHED
netstat line:
&green remote=%::ffff:10.10.196.120:.* : (found 1, req. 1 or more)
&red remote=%10.10.128.230:.* : (found 0, req. 1 or more)
Hostname (.=end, ?=dump, !=reload) [hobbit1]: .
John
Jeff Newman wrote:
> Stll didn't work.
>
> Henrik: I've just counted 60 different variations I have tried ( ()'s
> "'s etc.. in various places) and still the only thing that works is
>
> PORT REMOTE=192.168.22.3:1234
>
> I cannot get the regex to work. What would be the absolute
> authoritative way to do this? Is there some sort of log I can look at?
> BTW server is 4.2, os is redhat as 4
>
> Thanks,
> Jeff
>
>
> On 5/17/07, Galen Johnson <gjohnson at trantor.org> wrote:
>> Jeff Newman wrote:
>> > Actually that is what I want (every port on that IP) - It's a second
>> > nic on that box that only does one thing (just on a couple different
>> > random ports)
>> >
>> > I just tried both:
>> > PORT "REMOTE=%192.168.22.3:.*"
>> > and
>> > PORT REMOTE=%192.168.22.3:.*
>> >
>> > (without the double quotes)
>> > and neither worked.
>> >
>> > Again, explicitly stating PORT REMOTE=192.168.22.3:1234 does work, so
>> > I know it at least partially works :-)
>> >
>> > -jeff
>> >
>> >
>> > On 5/17/07, Galen Johnson <gjohnson at trantor.org> wrote:
>> >> Jeff Newman wrote:
>> >> > All,
>> >> >
>> >> > Quick question. I have tried every permutation I can think of but
>> >> > basically:
>> >> >
>> >> > Every PORT example I can find has something similar to:
>> >> >
>> >> > PORT LOCAL=%[.:]22$ (etc...)
>> >> > or
>> >> > PORT LOCAL=%[.:](80|443)
>> >> >
>> >> > No example I have seen has it where you KNOW the IP and you DONT
>> know
>> >> > the port, such as:
>> >> >
>> >> > 192.168.22.3:???????????
>> >> >
>> >> > I need the port string to match an IP with an unknown port number.
>> >> >
>> >> > If I do:
>> >> > PORT REMOTE=192.168.22.3:1234 (saying that netstat has a 1234
>> >> > established)
>> >> > it works fine, but (again pretending on the port #'s) if a
>> netstat had
>> >> > 3 established connections to ports 1234,1111,23521 I only get the
>> >> > 1234. I want all of them.
>> >> >
>> >> > Ive tried permutations for 2 hours now, and can't figure it out.
>> >> >
>> >> > Thanks,
>> >> > Jeff
>> >> >
>> >> > To unsubscribe from the hobbit list, send an e-mail to
>> >> > hobbit-unsubscribe at hswn.dk
>> >> >
>> >> >
>> >> Have you tried "REMOTE=%192.168.22.3:.*"? Now, that will most likely
>> >> get you every port on that IP...which is probably not what you
>> >> want...it's usually easier to write it for the ports you want...or
>> >> "EXREMOTE=%192.168.22.3:.*"...
>> >>
>> >> =G=
>> >>
>> >>
>> >> To unsubscribe from the hobbit list, send an e-mail to
>> >> hobbit-unsubscribe at hswn.dk
>> >>
>> >>
>> >>
>> >
>> > To unsubscribe from the hobbit list, send an e-mail to
>> > hobbit-unsubscribe at hswn.dk
>> >
>> >
>> Just tried it using pcretest and it works...there are some threads on
>> the list that suggest wrapping the regex in quotes:
>> REMOTE="%192.168.22.3:.*"
>>
>> Dunno what else to try...
>>
>> =G=
>>
>>
>> To unsubscribe from the hobbit list, send an e-mail to
>> hobbit-unsubscribe at hswn.dk
>>
>>
>>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
More information about the Xymon
mailing list