[Xymon] Monitoring network traffic
Axel Beckert
abe at deuxchevaux.org
Thu Apr 4 10:17:37 CEST 2024
Hi Rolf,
Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 07:45:58AM +0000:
> Our challenge at moment is how to monitor traffic quantity in/out in
> order to detect suspicious activities on Solaris 10. Is there are
> way to do this with xymon?
Definitely. ;-)
For our own use (in a university, too :-) and published via Debian's
hobbit-plugins package, I've written a plugin simply called "net"
which can check many network interface characteristics including
monitoring network traffic (calculating bytes/second average from the
rx/tx difference of 10 seconds), but so far it's just for Linux and
uses common Linux commandline tools and
/proc/ links:
https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/client/ext/net
(It also uses the Hobbit.pm Perl module from the same package:
https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/share/perl5/Hobbit.pm)
It though shouldn't be too hard to adapt it to some Solaris
commandline tools and their output. I'm just not sure how to convert
the /proc/ stuff. Maybe there's a Linux compat mode like in FreeBSD?
(Haven't touched any Solaris for like 20 years or so, back when I was
a student.)
Regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org \ / Gegen HTML in E-Mails und Usenet
Mail+Jabber: abe at noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
More information about the Xymon
mailing list