[Xymon] Monitoring network traffic

Jeremy Ruffer jeremy.ruffer at gmail.com
Fri Apr 5 10:45:35 CEST 2024 

Hi Rolf,

You could try using rrdfetch to get the data that Trends uses.

HTH

Jeremy

------ Original Message ------
From: "Schrittenlocher, Rolf" <R.Schrittenlocher at ub.uni-frankfurt.de>
To: "nor krie" <norkrie at gmail.com>; "Josh Luthman" 
<josh at imaginenetworksllc.com>
Cc: "Xymon at xymon.com" <Xymon at xymon.com>
Sent: 05/04/2024 05:32:01
Subject: Re: [Xymon] Monitoring network traffic

>Hi,
>
>@Josh : Yes I saw it,  I hoped there's an easy way to reuse the data 
>used for the trends presentation
>
>@Norbert : Thanks's a lot that helps a lot. I'll adapt it to our needs
>
>
>
>Kind regards
>
>Rolf
>
>
>
>Rolf Schrittenlocher
>
>Bibliotheksmanagementsystem IT | IT-Services (ITS)
>
>
>
>Universitätsbibliothek Johann Christian Senckenberg
>
>Goethe-Universität Frankfurt  |  Campus Bockenheim
>
>Zentralbibliothek  |  Freimannplatz 1
>
>60325 Frankfurt am Main  |  GERMANY
>
>Telefon Sammelnummer +49 (0)69  798 28830
>
>Telefon persönlich +49 (0)69  798 28908
>
>E-Mail: lbs-it at ub.uni-frankfurt.de
>
>E-Mail (persönlich) r.schrittenlocher at ub.uni-frankfurt.de
>
>Website: https://www.ub.uni-frankfurt.de
>
>
>
>
>--------------------------------------------------------------------------------
>Von: nor krie <norkrie at gmail.com>
>Gesendet: Donnerstag, 4. April 2024 23:27
>An: Josh Luthman
>Cc: Schrittenlocher, Rolf; Xymon at xymon.com
>Betreff: Re: [Xymon] Monitoring network traffic
>
>Hi,
>
>I created a server side script for all the *nix servers where I extract 
>the network info from the clientlog.
>The script identifies all server with a ssh column (this is clearly a 
>*nix server) and then loops over all these targets to create a "nic" 
>column with interface info.
>Nothing to configure especially, a new *nic server will be 
>automatically identified and get the column with detailed info and some 
>graphs.
>
>Some snippets to get the idea:
>
># grab all client info
>
>get_all_info(){
>
>   $XYMONBIN localhost "clientlog $TARGET"
>
>}
>
>ALLINFO=`get_all_info`
>
>
>
>##################################################
>
># grab the nic details
>
>get_nic_info(){
>
>   echo "$ALLINFO" | \
>
>     $NAWK '/^\[ifconfig/,/^\[route/' | \
>
>     $GREP -v "^\["
>
>}
>
>
>
>##################################################
>
># grab the route
>
>get_route_info(){
>
>   echo "$ALLINFO" | \
>
>     $NAWK '/^\[route/,/^\[netstat/' | \
>
>     $GREP -v "^\["
>
>}
>
>
>
>##################################################
>
># grab the ports
>
>get_ports_info(){
>
>   ALLPORTS=`echo "$ALLINFO" | \
>
>     $NAWK '/^\[ports/,/^\[ifstat/' | \
>
>     $GREP -v "^\["`
>
>   PORTSTATUS=`echo "$ALLPORTS" | \
>
>     $NAWK '/^tcp/{print $NF}' | \
>
>     $SORT -u`
>
>   for stat in $PORTSTATUS
>
>   do
>
>     NUM=`echo "$ALLPORTS" | \
>
>          $NAWK 'BEGIN{i=0}
>
>                 /'$stat'/{i++};BEGIN{i=0}
>
>                 END{print i}'`
>
>     echo "tcp ports in status $stat: $NUM"
>
>   done
>
>
>}
>
>
>
># create the output to send to xymon
>
>
>
>     echo "<h4>interface info</h4>"
>
>     get_nic_info
>
>
>
>     echo "<h4>route info</h4>"
>
>     get_route_info
>
>
>
>     echo "<h4>active tcp connections</h4>"
>
>     get_ports_info
>
>
>
>     showgraph ifstat_kB
>
>
>
>All these data are then send to the xymon server daemon and create a 
>nic column.
>
>A complete run over 500 servers will take approx. 60 secs (but you can 
>run more scripts in parallel if needed).
>
>
>
>HTH
>
>
>
>Norbert
>
>
>Am Do., 4. Apr. 2024 um 19:21 Uhr schrieb Josh Luthman 
><josh at imaginenetworksllc.com>:
>>The clientlog includes [netstat] which has a snapshot of activity in 
>>text
>>
>>The trends puts it in a pretty graph stored in rrd.
>>
>>On Thu, Apr 4, 2024 at 4:30 AM Schrittenlocher, Rolf 
>><R.Schrittenlocher at ub.uni-frankfurt.de> wrote:
>>>Hi,
>>>
>>>
>>>
>>>thanks Axel. I just saw that "trends" shows network traffic. So the 
>>>data is already collected and available on the server. xymon server 
>>>is Linux, only the clients are Solaris. So someone can tell me how I 
>>>can access the data either with a client script or on server side?
>>>
>>>
>>>
>>>kind regards
>>>
>>>Rolf
>>>
>>>
>>>
>>>Rolf Schrittenlocher
>>>
>>>Bibliotheksmanagementsystem IT | IT-Services (ITS)
>>>
>>>
>>>
>>>Universitätsbibliothek Johann Christian Senckenberg
>>>
>>>Goethe-Universität Frankfurt  |  Campus Bockenheim
>>>
>>>Zentralbibliothek  |  Freimannplatz 1
>>>
>>>60325 Frankfurt am Main  |  GERMANY
>>>
>>>Telefon Sammelnummer +49 (0)69  798 28830
>>>
>>>Telefon persönlich +49 (0)69  798 28908
>>>
>>>E-Mail: lbs-it at ub.uni-frankfurt.de
>>>
>>>E-Mail (persönlich) r.schrittenlocher at ub.uni-frankfurt.de
>>>
>>>Website: https://www.ub.uni-frankfurt.de
>>>
>>>
>>>
>>>
>>>--------------------------------------------------------------------------------
>>>Von: Axel Beckert <abe at deuxchevaux.org>
>>>Gesendet: Donnerstag, 4. April 2024 10:17
>>>An: Schrittenlocher, Rolf
>>>Cc:Xymon at xymon.com
>>>Betreff: Re: [Xymon] Monitoring network traffic
>>>
>>>Hi Rolf,
>>>
>>>Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 07:45:58AM 
>>>+0000:
>>> > Our challenge at moment is how to monitor traffic quantity in/out 
>>>in
>>> > order to detect suspicious activities on Solaris 10. Is there are
>>> > way to do this with xymon?
>>>
>>>Definitely. ;-)
>>>
>>>For our own use (in a university, too :-) and published via Debian's
>>>hobbit-plugins package, I've written a plugin simply called "net"
>>>which can check many network interface characteristics including
>>>monitoring network traffic (calculating bytes/second average from the
>>>rx/tx difference of 10 seconds), but so far it's just for Linux and
>>>uses common Linux commandline tools and
>>>/proc/ links:
>>>
>>>https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/client/ext/net
>>>
>>>(It also uses the Hobbit.pm Perl module from the same package:
>>>https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/share/perl5/Hobbit.pm)
>>>
>>>It though shouldn't be too hard to adapt it to some Solaris
>>>commandline tools and their output. I'm just not sure how to convert
>>>the /proc/ stuff. Maybe there's a Linux compat mode like in FreeBSD?
>>>(Haven't touched any Solaris for like 20 years or so, back when I was
>>>a student.)
>>>
>>>                 Regards, Axel
>>>--
>>>PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, 
>>>http://arc.pasp.de/ <http://arc.pasp.de/>
>>>Mail: abe at deuxchevaux.org  \ /  Gegen HTML in E-Mails und Usenet
>>>Mail+Jabber: abe at noone.org  X
>>>https://axel.beckert.ch/   / \  I love long mails: 
>>>https://email.is-not-s.ms/
>>>_______________________________________________
>>>Xymon mailing list
>>>Xymon at xymon.com
>>>http://lists.xymon.com/mailman/listinfo/xymon
>>_______________________________________________
>>Xymon mailing list
>>Xymon at xymon.com
>>http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20240405/6137e342/attachment.htm>

More information about the Xymon mailing list