<div dir="ltr"><div>Paul</div><div><br></div><div dir="ltr">On Thu, 9 Jan 2020 at 08:04, Root, Paul T via Xymon <<a href="mailto:xymon@xymon.com">xymon@xymon.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>

<div lang="EN-US">

<div class="gmail-m_2825474682692835975WordSection1">

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">Hi,<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><span>               

</span>I’ve got an application that has a specific port open 11001, that multiple connections, most looped back on itself.

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><span>               

</span>However, we have another server (that is another groups machine, and isn’t monitored by Xymon), that connects to this port.</span></font></p></div></div></blockquote><div><br></div><div>An interesting use case.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_2825474682692835975WordSection1"><p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">

<u></u><u></u></span></font></p>

<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri">                </span><span style="font-size:11pt;font-family:Calibri">Reading the analysis.cfg man page, it looks like criteria is either local or remote, not both.</span></p></div></div></blockquote><div><br></div><div>I'm not sure I read it the same way. The format is "PORT criteria [MIN=mincount] ...etc" and what you're wanting to do is specify "criteria". The example in the man page for usage of "TEXT=" shows:</div><div><br></div><div><span style="color:rgb(0,0,0);font-family:"Times New Roman";font-size:medium">        PORT LOCAL=%[.:]22$ STATE=LISTEN "TEXT=SSH listener"</span><br style="color:rgb(0,0,0);font-family:"Times New Roman";font-size:medium"></div><br>So this is giving two criteria: LOCAL and STATE. This implies that the format is really "PORT criteria [...criteria] [MIN=mincount] ...etc" and thus you can chain multiple criteria. In your use case I would expect you to be able to use something like:</div><div class="gmail_quote"><br></div><div class="gmail_quote">  PORT LOCAL=%[.:]10001 REMOTE=172.28.104.66:* STATE=ESTABLISHED</div><div class="gmail_quote"><br></div><div class="gmail_quote">Not sure if the wildcard is valid for REMOTE port number; perhaps use a regex here as well:</div><div class="gmail_quote"><br></div><div class="gmail_quote"><div class="gmail_quote">  PORT LOCAL=%[.:]10001 REMOTE=%172\.28\.104\.66:.* STATE=ESTABLISHED</div><div class="gmail_quote"></div></div><div class="gmail_quote"><br></div><div class="gmail_quote">The analysis.cfg file distributed with the source code specifies this format:</div><div class="gmail_quote"><br></div><div class="gmail_quote"><pre class="gmail-hl" style="color:rgb(0,0,0);font-size:10pt;font-family:"Courier New",monospace"><span class="gmail-hl gmail-lin" id="gmail-l_252" style="color:rgb(85,85,85)">  </span>  PORT [LOCAL=addr] [EXLOCAL=addr] [REMOTE=addr] [EXREMOTE=addr] [STATE=state] [EXSTATE=state] [MIN=mincount] [MAX=maxcount] [COLOR=color] [TRACK=id] [TEXT=displaytext]

</pre>So I can see no problem specifying a local port <i>and </i>a remote IP address as you seem to require.</div><div class="gmail_quote"><br class="gmail-Apple-interchange-newline"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_2825474682692835975WordSection1"><p class="MsoNormal"><br></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><span>               

</span>Is there a way to monitor this situation?<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"># netstat -ant |grep 11001<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>     

</span><span>  </span>0<span>     

</span>0 <a href="http://0.0.0.0:11001" target="_blank">0.0.0.0:11001</a><span>               </span>0.0.0.0:*<span>                  

</span>LISTEN<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://192.168.30.15:37852" target="_blank">192.168.30.15:37852</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:37852" target="_blank">192.168.30.15:37852</a><span>      

</span><a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:37864" target="_blank">192.168.30.15:37864</a><span>      

</span><a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:37856" target="_blank">192.168.30.15:37856</a><span>      

</span><a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><b><font size="2" face="Calibri"><span style="font-size:11pt;font-weight:bold">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://172.28.104.66:39904" target="_blank">172.28.104.66:39904</a><span>           </span>ESTABLISHED<u></u><u></u></span></font></b></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>      

</span><span> </span>0<span>     

</span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>       </span><a href="http://192.168.30.15:37862" target="_blank">192.168.30.15:37862</a><span>      

</span>ESTABLISHED <u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>      

</span>81<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://204.155.140.230:53680" target="_blank">204.155.140.230:53680</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><b><font size="2" face="Calibri"><span style="font-size:11pt;font-weight:bold">tcp<span>     

</span>486<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://172.28.104.66:39910" target="_blank">172.28.104.66:39910</a><span>           </span>ESTABLISHED<u></u><u></u></span></font></b></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://204.155.140.230:53682" target="_blank">204.155.140.230:53682</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://204.155.140.230:53679" target="_blank">204.155.140.230:53679</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:37862" target="_blank">192.168.30.15:37862</a><span>      

</span><a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>      

</span>34<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://192.168.30.15:37864" target="_blank">192.168.30.15:37864</a><span>       </span>ESTABLISHED

<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">tcp<span>       

</span>0<span>      </span>0 <a href="http://192.168.30.15:11001" target="_blank">192.168.30.15:11001</a><span>      

</span><a href="http://192.168.30.15:37856" target="_blank">192.168.30.15:37856</a><span>       </span>ESTABLISHED<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">Paul Root<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">Lead Operations Engineer<span>   

</span>- IT Managed Services<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">390 Commerce Dr<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">Woodbury, Mn 55125<u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt">651-312-5207<span> 

</span><a href="mailto:paul.root@centurylink.com" target="_blank">paul.root@centurylink.com</a><u></u><u></u></span></font></p>

<p class="MsoNormal"><font size="2" face="Calibri"><span style="font-size:11pt"><u></u> <u></u></span></font></p>

</div>

<center>This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately

 notify the sender by reply e-mail and destroy all copies of the communication and any attachments.</center>

</div>

<br><br>

</blockquote></div></div>