[Xymon] analysis.cfg PORT LOCAL syntax not working for powershell client netstat output?

Gavin Stone-Tolcher g.stone-tolcher at its.uq.edu.au
Fri Jul 17 02:28:47 CEST 2015


Hi, has anyone got "ports" working with "LOCAL" criteria with client data from a powershell or bbwin client? It does not seem to work for me, but it works fine for unix clients:

analysis.cfg line for windows host:

HOST=windows.host
PORT "LOCAL=%([.:]80)$" state=LISTEN TEXT=http
PORT "LOCAL=%([.:]443)$" state=LISTEN TEXT=https
                PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen

Display output:


[red] http (found 0, req. 1 or more)

[red] https (found 0, req. 1 or more)

[green] Listen (found 43, req. none)





Active Connections



  Proto  Local Address          Foreign Address        State

  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING

  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

...

  TCP    [::]:80                [::]:0                 LISTENING

  TCP    [::]:135               [::]:0                 LISTENING

  TCP    [::]:443               [::]:0                 LISTENING

  UDP    0.0.0.0:123            *:*

  UDP    0.0.0.0:500            *:*

  UDP    0.0.0.0:4500           *:*

  UDP    0.0.0.0:5355           *:*

  UDP    0.0.0.0:11211          *:*

...

analysis.cfg lines for unix host

HOST=unixhost.blah
        PORT "LOCAL=%([.:]80)$" state=LISTEN TEXT=http
        PORT "LOCAL=%([.:]22)$" state=LISTEN TEXT=ssh


Display output:

[green] http (found 3, req. 1 or more)
[green] ssh (found 2, req. 1 or more)

tcp4       0      0 127.0.0.1.80           127.0.0.1.54675        TIME_WAIT
tcp4       0      0 *.1984                 *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
tcp4       0      0 *.*                    *.*                    CLOSED
tcp4       0      0 *.80                   *.*                    LISTEN
tcp4       0      0 10.0.1.1.80            *.*                    LISTEN
tcp6       0      0 *.22                                          *.*                                           LISTEN
.....


A cursory glance at "xymond/xymond_client.c" found a "localcol" being defined as 4:

1989:                   int localcol = 4, remotecol = 5, statecol = 6, portcolor = COL_GREEN;

I am not sure how it is handling the different number of columns from windows "netstat -an" which does not have the Recv-Q Send-Q columns present?
Any help/advice appreciated!


Cheers
Gavin Stone-Tolcher, IT Support Officer, Network Operations and Incident Response
Information Technology Services
The University of Queensland
Level 4, Prentice Building, St Lucia 4072
T: +61 7 334 66645, M: +61 401 140 838
E: g.stone-tolcher at its.uq.edu.au<mailto:g.stone-tolcher at its.uq.edu.au> W: www.its.uq.edu.au<http://www.its.uq.edu.au>

ITS: Service. Team. Accountability. Results.

IMPORTANT: This email and any attachments are intended solely for the addressee(s), contain copyright material and are confidential. We do not waive any legal privilege or rights in respect of copyright or confidentiality. Except as intended addressees are otherwise permitted, you do not have permission to use, disclose, reproduce or communicate any part of this email or its attachments. Statements, opinions and information not related to the official business of The University of Queensland are neither given nor endorsed by us. By using this email (including accessing any attachments or links) you agree we are not liable for any loss or damage of any kind arising in connection with any electronic defect, virus or other malicious code we did not intentionally include.

Please consider the environment before printing this email.

CRICOS Code 00025B

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/89bf6d4e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 118 bytes
Desc: image001.gif
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/89bf6d4e/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 277 bytes
Desc: image002.gif
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/89bf6d4e/attachment-0001.gif>


More information about the Xymon mailing list