[Xymon] analysis.cfg PORT LOCAL syntax not working for powershell client netstat output?

David Baldwin david.baldwin at ausport.gov.au
Fri Jul 17 03:02:25 CEST 2015


Gavin,

The state is different: Windows says "LISTENING" while Unix says "LISTEN".

I tend to use state=%LISTEN as a universal match.

David.
>
> Hi, has anyone got “ports” working with “LOCAL” criteria with client 
> data from a powershell or bbwin client? It does not seem to work for 
> me, but it works fine for unix clients:
>
> analysis.cfg line for windows host:
>
> HOST=windows.host
>
> PORT "LOCAL=%([.:]80)$" state=LISTEN TEXT=http
>
> PORT "LOCAL=%([.:]443)$" state=LISTEN TEXT=https
>
>                 PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen
>
> Display output:
>
> red  http (found 0, req. 1 or more)
> red  https (found 0, req. 1 or more)
> green  Listen (found 43, req. none)
> Active Connections
>    Proto  Local Address          Foreign Address        State
>    TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
>    TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
>    TCP    0.0.0.0:443            0.0.0.0:0              LISTENING
>    TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
>>    TCP    [::]:80                [::]:0                 LISTENING
>    TCP    [::]:135               [::]:0                 LISTENING
>    TCP    [::]:443               [::]:0                 LISTENING
>    UDP    0.0.0.0:123            *:*
>    UDP    0.0.0.0:500            *:*
>    UDP    0.0.0.0:4500           *:*
>    UDP    0.0.0.0:5355           *:*
>    UDP    0.0.0.0:11211          *:*
>>
> analysis.cfg lines for unix host
>
> HOST=unixhost.blah
>
>         PORT "LOCAL=%([.:]80)$" state=LISTEN TEXT=http
>
>         PORT "LOCAL=%([.:]22)$" state=LISTEN TEXT=ssh
>
> Display output:
>
> greenhttp (found 3, req. 1 or more)
>
> greenssh (found 2, req. 1 or more)
>
> tcp4       0      0 127.0.0.1.80           127.0.0.1.54675        
> TIME_WAIT
>
> tcp4       0      0 *.1984                 *.*                    LISTEN
>
> tcp4       0      0 *.22                   *.*                    LISTEN
>
> tcp4       0      0 *.*                    *.*                    CLOSED
>
> tcp4       0      0 *.80                   *.*                    LISTEN
>
> tcp4       0      0 10.0.1.1.80            *.*                    LISTEN
>
> tcp6       0      0 *.22                                          
> *.*                                           LISTEN
>
> …..
>
> A cursory glance at “xymond/xymond_client.c” found a “localcol” being 
> defined as 4:
>
> 1989:                   int localcol = 4, remotecol = 5, statecol = 6, 
> portcolor = COL_GREEN;
>
> I am not sure how it is handling the different number of columns from 
> windows “netstat –an” which does not have the Recv-Q Send-Q columns 
> present?
>
> Any help/advice appreciated!
>
> Cheers
>
> *Gavin Stone-Tolcher, IT Support Officer, Network Operations and 
> Incident Response***
>
> Information Technology Services
>
> The University of Queensland
>
> Level 4, Prentice Building, St Lucia 4072
>
> T: +61 7 334 66645, M: +61 401 140 838
>
> E: g.stone-tolcher at its.uq.edu.au 
> <mailto:g.stone-tolcher at its.uq.edu.au> W: www.its.uq.edu.au 
> <http://www.its.uq.edu.au>
>
> ITS: Service. Team. Accountability. Results.
>
> *IMPORTANT:*This email and any attachments are intended solely for the 
> addressee(s), contain copyright material and are confidential. We do 
> not waive any legal privilege or rights in respect of copyright or 
> confidentiality. Except as intended addressees are otherwise 
> permitted, you do not have permission to use, disclose, reproduce or 
> communicate any part of this email or its attachments. Statements, 
> opinions and information not related to the official business of The 
> University of Queensland are neither given nor endorsed by us. By 
> using this email (including accessing any attachments or links) you 
> agree we are not liable for any loss or damage of any kind arising in 
> connection with any electronic defect, virus or other malicious code 
> we did not intentionally include.
>
> Please consider the environment before printing this email.
>
> CRICOS Code 00025B
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
-- 
David Baldwin - Senior Systems Administrator (Datacentres + Networks)
Information and Communication Technology Services
Australian Sports Commission          http://ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au          1 Leverrier Street Bruce ACT 2617
Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE

-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/e87bcd01/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 277 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/e87bcd01/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 118 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150717/e87bcd01/attachment-0001.gif>


More information about the Xymon mailing list