<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Gavin,<br>
<br>
The state is different: Windows says "LISTENING" while Unix says
"LISTEN".<br>
<br>
I tend to use state=%LISTEN as a universal match.<br>
<br>
David.<br>
</div>
<blockquote
cite="mid:A92A2E2C2017CC4B94675D82C37077E1D07ACB@UQEXMDA6.soe.uq.edu.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:EN-AU;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi, has anyone got “ports” working with
“LOCAL” criteria with client data from a powershell or bbwin
client? It does not seem to work for me, but it works fine for
unix clients:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">analysis.cfg line for windows host:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">HOST=windows.host<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:36.0pt">PORT
"LOCAL=%([.:]80)$" state=LISTEN TEXT=http<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:36.0pt">PORT
"LOCAL=%([.:]443)$" state=LISTEN TEXT=https<o:p></o:p></p>
<p class="MsoNormal"> PORT STATE=LISTENING MIN=0
TRACK=Listen TEXT=Listen<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Display output:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<pre><img id="Picture_x0020_5" src="cid:part1.04050501.06050706@ausport.gov.au" alt="red" height="16" width="16"> http (found 0, req. 1 or more)<o:p></o:p></pre>
<pre><img id="Picture_x0020_4" src="cid:part1.04050501.06050706@ausport.gov.au" alt="red" height="16" width="16"> https (found 0, req. 1 or more)<o:p></o:p></pre>
<pre><img id="Picture_x0020_3" src="cid:part3.09080802.09050201@ausport.gov.au" alt="green" height="16" width="16"> Listen (found 43, req. none)<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Active Connections<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> Proto Local Address Foreign Address State<o:p></o:p></pre>
<pre> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING<o:p></o:p></pre>
<pre> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING<o:p></o:p></pre>
<pre> TCP 0.0.0.0:443 0.0.0.0:0 LISTENING<o:p></o:p></pre>
<pre> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING<o:p></o:p></pre>
<pre>…<o:p></o:p></pre>
<pre> TCP [::]:80 [::]:0 LISTENING<o:p></o:p></pre>
<pre> TCP [::]:135 [::]:0 LISTENING<o:p></o:p></pre>
<pre> TCP [::]:443 [::]:0 LISTENING<o:p></o:p></pre>
<pre> UDP 0.0.0.0:123 *:* <o:p></o:p></pre>
<pre> UDP 0.0.0.0:500 *:* <o:p></o:p></pre>
<pre> UDP 0.0.0.0:4500 *:* <o:p></o:p></pre>
<pre> UDP 0.0.0.0:5355 *:* <o:p></o:p></pre>
<pre> UDP 0.0.0.0:11211 *:* <o:p></o:p></pre>
<pre>…<o:p></o:p></pre>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">analysis.cfg lines for unix host<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">HOST=unixhost.blah<o:p></o:p></p>
<p class="MsoNormal"> PORT "LOCAL=%([.:]80)$" state=LISTEN TEXT=http<o:p></o:p></p>
<p class="MsoNormal"> PORT "LOCAL=%([.:]22)$" state=LISTEN TEXT=ssh<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Display output:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU"><img id="Picture_x0020_2" src="cid:part3.09080802.09050201@ausport.gov.au" alt="green" height="16" width="16"></span><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">
http (found 3, req. 1 or more)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU"><img id="Picture_x0020_1" src="cid:part3.09080802.09050201@ausport.gov.au" alt="green" height="16" width="16"></span><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">
ssh (found 2, req. 1 or more)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 127.0.0.1.80 127.0.0.1.54675 TIME_WAIT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 *.1984 *.* LISTEN<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 *.22 *.* LISTEN<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 *.* *.* CLOSED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 *.80 *.* LISTEN<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp4 0 0 10.0.1.1.80 *.* LISTEN<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:EN-AU">tcp6 0 0 *.22 *.* LISTEN<o:p></o:p></span></p>
<p class="MsoNormal">…..<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">A cursory glance at “xymond/xymond_client.c” found a “localcol” being defined as 4:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1989: int localcol = 4, remotecol = 5, statecol = 6, portcolor = COL_GREEN;<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am not sure how it is handling the different number of columns from windows “netstat –an” which does not have the Recv-Q Send-Q columns present?<o:p></o:p></p>
<p class="MsoNormal">Any help/advice appreciated!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers<o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">Gavin Stone-Tolcher, IT Support Officer, Network Operations and Incident Response</span></b><b><span style="font-size:10.0pt;color:red;mso-fareast-language:EN-AU"><o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">Information Technology Services<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">The University of Queensland<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">Level 4, Prentice Building, St Lucia 4072<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">T: +61 7 334 66645, M: +61 401 140 838<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">E:
</span><span style="font-size:10.0pt;color:red;mso-fareast-language:EN-AU"><a moz-do-not-send="true" href="mailto:g.stone-tolcher@its.uq.edu.au"><span style="color:blue">g.stone-tolcher@its.uq.edu.au</span></a>
</span><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">W:
<a moz-do-not-send="true" href="http://www.its.uq.edu.au"><span style="color:blue">www.its.uq.edu.au</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">ITS: Service. Team. Accountability. Results.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">IMPORTANT:</span></b><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU"> This email and any attachments are intended solely for the addressee(s),
contain copyright material and are confidential. We do not waive any legal privilege or rights in respect of copyright or confidentiality. Except as intended addressees are otherwise permitted, you do not have permission to use, disclose, reproduce or communicate
any part of this email or its attachments. Statements, opinions and information not related to the official business of The University of Queensland are neither given nor endorsed by us. By using this email (including accessing any attachments or links) you
agree we are not liable for any loss or damage of any kind arising in connection with any electronic defect, virus or other malicious code we did not intentionally include.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">Please consider the environment before printing this email.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-AU">CRICOS Code 00025B<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
Xymon mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xymon@xymon.com">Xymon@xymon.com</a>
<a class="moz-txt-link-freetext" href="http://lists.xymon.com/mailman/listinfo/xymon">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
David Baldwin - Senior Systems Administrator (Datacentres + Networks)
Information and Communication Technology Services
Australian Sports Commission <a class="moz-txt-link-freetext" href="http://ausport.gov.au">http://ausport.gov.au</a>
Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616
<a class="moz-txt-link-abbreviated" href="mailto:david.baldwin@ausport.gov.au">david.baldwin@ausport.gov.au</a> 1 Leverrier Street Bruce ACT 2617
Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
</pre><br>
<hr>
Keep up to date with what's happening in Australian sport visit <a href="http://www.ausport.gov.au">www.ausport.gov.au</a>
<br><br>
<font size="-2" face="arial">This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.</font>
<hr>
</body></html>