[Xymon] Monitoring if a remote IP is connected to particular local port
Jeremy Laidman
jeremy at laidman.org
Thu Jan 9 12:01:16 CET 2020
Paul
On Thu, 9 Jan 2020 at 08:04, Root, Paul T via Xymon <xymon at xymon.com> wrote:
>
> Hi,
>
> I’ve got an application that has a specific port open
> 11001, that multiple connections, most looped back on itself.
>
>
>
> However, we have another server (that is another groups
> machine, and isn’t monitored by Xymon), that connects to this port.
>
An interesting use case.
> Reading the analysis.cfg man page, it looks like criteria
> is either local or remote, not both.
>
I'm not sure I read it the same way. The format is "PORT criteria
[MIN=mincount] ...etc" and what you're wanting to do is specify "criteria".
The example in the man page for usage of "TEXT=" shows:
PORT LOCAL=%[.:]22$ STATE=LISTEN "TEXT=SSH listener"
So this is giving two criteria: LOCAL and STATE. This implies that the
format is really "PORT criteria [...criteria] [MIN=mincount] ...etc" and
thus you can chain multiple criteria. In your use case I would expect you
to be able to use something like:
PORT LOCAL=%[.:]10001 REMOTE=172.28.104.66:* STATE=ESTABLISHED
Not sure if the wildcard is valid for REMOTE port number; perhaps use a
regex here as well:
PORT LOCAL=%[.:]10001 REMOTE=%172\.28\.104\.66:.* STATE=ESTABLISHED
The analysis.cfg file distributed with the source code specifies this
format:
PORT [LOCAL=addr] [EXLOCAL=addr] [REMOTE=addr] [EXREMOTE=addr]
[STATE=state] [EXSTATE=state] [MIN=mincount] [MAX=maxcount]
[COLOR=color] [TRACK=id] [TEXT=displaytext]
So I can see no problem specifying a local port *and *a remote IP address
as you seem to require.
>
>
>
> Is there a way to monitor this situation?
>
>
>
> # netstat -ant |grep 11001
>
> tcp 0 0 0.0.0.0:11001 0.0.0.0:*
> LISTEN
>
> tcp 0 0 192.168.30.15:11001 192.168.30.15:37852 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:37852 192.168.30.15:11001 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:37864 192.168.30.15:11001 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:37856 192.168.30.15:11001 ESTABLISHED
>
>
> *tcp 0 0 192.168.30.15:11001
> <http://192.168.30.15:11001> 172.28.104.66:39904
> <http://172.28.104.66:39904> ESTABLISHED*
>
> tcp 0 0 192.168.30.15:11001 192.168.30.15:37862 ESTABLISHED
>
>
> tcp 81 0 192.168.30.15:11001 204.155.140.230:53680 ESTABLISHED
>
>
> *tcp 486 0 192.168.30.15:11001
> <http://192.168.30.15:11001> 172.28.104.66:39910
> <http://172.28.104.66:39910> ESTABLISHED*
>
> tcp 0 0 192.168.30.15:11001 204.155.140.230:53682 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:11001 204.155.140.230:53679 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:37862 192.168.30.15:11001 ESTABLISHED
>
>
> tcp 34 0 192.168.30.15:11001 192.168.30.15:37864 ESTABLISHED
>
>
> tcp 0 0 192.168.30.15:11001 192.168.30.15:37856
> ESTABLISHED
>
>
>
>
>
> Paul Root
>
> Lead Operations Engineer - IT Managed Services
>
> 390 Commerce Dr
>
> Woodbury, Mn 55125
>
> 651-312-5207 paul.root at centurylink.com
>
>
> This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by reply e-mail and destroy all copies of the communication and any
> attachments.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200109/7de1400a/attachment.htm>
More information about the Xymon
mailing list