[Xymon] Monitoring network traffic

Jeremy Laidman jeremy at laidman.org
Sun Apr 7 11:06:05 CEST 2024 

Check out the DS option in analysis.cfg. This can perform a threshold
operation on an RRD file value.

J

On Fri, 5 Apr 2024, 19:46 Jeremy Ruffer, <jeremy.ruffer at gmail.com> wrote:

> Hi Rolf,
>
> You could try using rrdfetch to get the data that Trends uses.
>
> HTH
>
> Jeremy
>
> ------ Original Message ------
> From: "Schrittenlocher, Rolf" <R.Schrittenlocher at ub.uni-frankfurt.de>
> To: "nor krie" <norkrie at gmail.com>; "Josh Luthman" <
> josh at imaginenetworksllc.com>
> Cc: "Xymon at xymon.com" <Xymon at xymon.com>
> Sent: 05/04/2024 05:32:01
> Subject: Re: [Xymon] Monitoring network traffic
>
> Hi,
>
> @Josh : Yes I saw it,  I hoped there's an easy way to reuse the data used
> for the trends presentation
>
> @Norbert : Thanks's a lot that helps a lot. I'll adapt it to our needs
>
>
> Kind regards
>
> Rolf
>
>
> Rolf Schrittenlocher
>
> Bibliotheksmanagementsystem IT | IT-Services (ITS)
>
>
>
> Universitätsbibliothek Johann Christian Senckenberg
>
> Goethe-Universität Frankfurt  |  Campus Bockenheim
>
> Zentralbibliothek  |  Freimannplatz 1
>
> 60325 Frankfurt am Main  |  GERMANY
>
> Telefon Sammelnummer +49 (0)69  798 28830
>
> Telefon persönlich +49 (0)69  798 28908
>
> E-Mail: lbs-it at ub.uni-frankfurt.de
>
> E-Mail (persönlich) r.schrittenlocher at ub.uni-frankfurt.de
>
> Website: https://www.ub.uni-frankfurt.de
>
>
>
> ------------------------------
> *Von:* nor krie <norkrie at gmail.com>
> *Gesendet:* Donnerstag, 4. April 2024 23:27
> *An:* Josh Luthman
> *Cc:* Schrittenlocher, Rolf; Xymon at xymon.com
> *Betreff:* Re: [Xymon] Monitoring network traffic
>
> Hi,
>
> I created a server side script for all the *nix servers where I extract
> the network info from the clientlog.
> The script identifies all server with a ssh column (this is clearly a *nix
> server) and then loops over all these targets to create a "nic" column with
> interface info.
> Nothing to configure especially, a new *nic server will be automatically
> identified and get the column with detailed info and some graphs.
>
> Some snippets to get the idea:
>
> # grab all client info
>
> get_all_info(){
>
>   $XYMONBIN localhost "clientlog $TARGET"
>
> }
>
> ALLINFO=`get_all_info`
>
>
> ##################################################
>
> # grab the nic details
>
> get_nic_info(){
>
>   echo "$ALLINFO" | \
>
>     $NAWK '/^\[ifconfig/,/^\[route/' | \
>
>     $GREP -v "^\["
>
> }
>
>
> ##################################################
>
> # grab the route
>
> get_route_info(){
>
>   echo "$ALLINFO" | \
>
>     $NAWK '/^\[route/,/^\[netstat/' | \
>
>     $GREP -v "^\["
>
> }
>
>
> ##################################################
>
> # grab the ports
>
> get_ports_info(){
>
>   ALLPORTS=`echo "$ALLINFO" | \
>
>     $NAWK '/^\[ports/,/^\[ifstat/' | \
>
>     $GREP -v "^\["`
>
>   PORTSTATUS=`echo "$ALLPORTS" | \
>
>     $NAWK '/^tcp/{print $NF}' | \
>
>     $SORT -u`
>
>   for stat in $PORTSTATUS
>
>   do
>
>     NUM=`echo "$ALLPORTS" | \
>
>          $NAWK 'BEGIN{i=0}
>
>                 /'$stat'/{i++};BEGIN{i=0}
>
>                 END{print i}'`
>
>     echo "tcp ports in status $stat: $NUM"
>
>   done
>
> }
>
>
> # create the output to send to xymon
>
>
>     echo "<h4>interface info</h4>"
>
>     get_nic_info
>
>
>
>     echo "<h4>route info</h4>"
>
>     get_route_info
>
>
>
>     echo "<h4>active tcp connections</h4>"
>
>     get_ports_info
>
>
>     showgraph ifstat_kB
>
>
> All these data are then send to the xymon server daemon and create a nic
> column.
>
> A complete run over 500 servers will take approx. 60 secs (but you can run
> more scripts in parallel if needed).
>
>
> HTH
>
>
> Norbert
>
> Am Do., 4. Apr. 2024 um 19:21 Uhr schrieb Josh Luthman <
> josh at imaginenetworksllc.com>:
>
>> The clientlog includes [netstat] which has a snapshot of activity in text
>>
>> The trends puts it in a pretty graph stored in rrd.
>>
>> On Thu, Apr 4, 2024 at 4:30 AM Schrittenlocher, Rolf <
>> R.Schrittenlocher at ub.uni-frankfurt.de> wrote:
>>
>>> Hi,
>>>
>>>
>>> thanks Axel. I just saw that "trends" shows network traffic. So the data
>>> is already collected and available on the server. xymon server is Linux,
>>> only the clients are Solaris. So someone can tell me how I can access the
>>> data either with a client script or on server side?
>>>
>>>
>>> kind regards
>>>
>>> Rolf
>>>
>>>
>>> Rolf Schrittenlocher
>>>
>>> Bibliotheksmanagementsystem IT | IT-Services (ITS)
>>>
>>>
>>>
>>> Universitätsbibliothek Johann Christian Senckenberg
>>>
>>> Goethe-Universität Frankfurt  |  Campus Bockenheim
>>>
>>> Zentralbibliothek  |  Freimannplatz 1
>>>
>>> 60325 Frankfurt am Main  |  GERMANY
>>>
>>> Telefon Sammelnummer +49 (0)69  798 28830
>>>
>>> Telefon persönlich +49 (0)69  798 28908
>>>
>>> E-Mail: lbs-it at ub.uni-frankfurt.de
>>>
>>> E-Mail (persönlich) r.schrittenlocher at ub.uni-frankfurt.de
>>>
>>> Website: https://www.ub.uni-frankfurt.de
>>>
>>>
>>>
>>> ------------------------------
>>> *Von:* Axel Beckert <abe at deuxchevaux.org>
>>> *Gesendet:* Donnerstag, 4. April 2024 10:17
>>> *An:* Schrittenlocher, Rolf
>>> *Cc:* Xymon at xymon.com
>>> *Betreff:* Re: [Xymon] Monitoring network traffic
>>>
>>> Hi Rolf,
>>>
>>> Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 07:45:58AM +0000:
>>> > Our challenge at moment is how to monitor traffic quantity in/out in
>>> > order to detect suspicious activities on Solaris 10. Is there are
>>> > way to do this with xymon?
>>>
>>> Definitely. ;-)
>>>
>>> For our own use (in a university, too :-) and published via Debian's
>>> hobbit-plugins package, I've written a plugin simply called "net"
>>> which can check many network interface characteristics including
>>> monitoring network traffic (calculating bytes/second average from the
>>> rx/tx difference of 10 seconds), but so far it's just for Linux and
>>> uses common Linux commandline tools and
>>> /proc/ links:
>>>
>>>
>>> https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/client/ext/net
>>>
>>> (It also uses the Hobbit.pm Perl module from the same package:
>>>
>>> https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/share/perl5/Hobbit.pm
>>> )
>>>
>>> It though shouldn't be too hard to adapt it to some Solaris
>>> commandline tools and their output. I'm just not sure how to convert
>>> the /proc/ stuff. Maybe there's a Linux compat mode like in FreeBSD?
>>> (Haven't touched any Solaris for like 20 years or so, back when I was
>>> a student.)
>>>
>>>                 Regards, Axel
>>> --
>>> PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign,
>>> http://arc.pasp.de/
>>> Mail: abe at deuxchevaux.org  \ /  Gegen HTML in E-Mails und Usenet
>>> Mail+Jabber: abe at noone.org  X
>>> https://axel.beckert.ch/   / \  I love long mails:
>>> https://email.is-not-s.ms/
>>> _______________________________________________
>>> Xymon mailing list
>>> Xymon at xymon.com
>>> http://lists.xymon.com/mailman/listinfo/xymon
>>>
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20240407/ebfdf6ec/attachment.htm>

More information about the Xymon mailing list