[Xymon] Monitoring network traffic

Axel Beckert abe at deuxchevaux.org
Thu Apr 4 11:45:43 CEST 2024 

Hi Rolf,

Schrittenlocher, Rolf schrieb am Thu, Apr 04, 2024 at 08:29:54AM +0000:
> I just saw that "trends" shows network traffic. So the data is
> already collected and available on the server.

Yes, that data comes from the generic data collection (like process
list, load, uptime, etc.) each client sends.

There's just no alerting on traffic thresholds possible. That's one of
the metrics for which my plugin can warn or alert (with measurements
and comparisons done on the client side, though).

> So someone can tell me how I can access the data either with a
> client script or on server side?

Sorry, not out of my mind. I mostly know how to parse hosts.cfg and
extract parameters and flags from there.

The man page xymon(1) shows quite some ways to extract data from the
server, except that I was not able to extract anything useful related
to trends, netstat or ifstat.

An example of how to work with server data might be our ircbot plugin
at
https://salsa.debian.org/debian/hobbit-plugins/-/blob/master/src/usr/lib/xymon/server/ext/ircbot

But it also just uses "xymoncmd xymon xymondboard" and "xymoncmd xymon
query" to fetch data from the server and that one doesn't seem to work
with data or trends.

The only way I currently see is to use the "xymoncmd xymon clientlog
$hostname" command which fetches the latest raw client message
including e.g. the "ifconfig" output. It also has a "netstat" section
which e.g. looks like this:

---8<---
…
[netstat]
Ip:
    Forwarding: 1
    867497 total packets received
    0 forwarded
    0 incoming packets discarded
    853230 incoming packets delivered
    835141 requests sent out
    225 outgoing packets dropped
Icmp:
    21635 ICMP messages received
    2 input ICMP message failed
    ICMP input histogram:
        destination unreachable: 650
        echo requests: 20985
    92359 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 651
        echo requests: 70723
        echo replies: 20985
IcmpMsg:
        InType3: 650
        InType8: 20985
        OutType0: 20985
        OutType3: 651
        OutType8: 70723
Tcp:
    23811 active connection openings
    2102 passive connection openings
    4 failed connection attempts
    1911 connection resets received
    21 connections established
    1007911 segments received
    1268414 segments sent out
    176 segments retransmitted
    0 bad segments received
    853 resets sent
Udp:
    53387 packets received
    649 packets to unknown port received
    0 packet receive errors
    53372 packets sent
    0 receive buffer errors
    0 send buffer errors
    IgnoredMulti: 5414
UdpLite:
TcpExt:
    1 resets received for embryonic SYN_RECV sockets
    12258 TCP sockets finished time wait in fast timer
    17779 delayed acks sent
    16 delayed acks further delayed because of locked socket
    Quick ack mode was activated 96 times
    71063 packet headers predicted
    142582 acknowledgments not containing data payload received
    546613 predicted acknowledgments
    TCPSackRecovery: 43
    Detected reordering 2106 times using SACK
    Detected reordering 36 times using time stamp
    2 congestion windows fully recovered without slow start
    35 congestion windows partially recovered using Hoe heuristic
    TCPDSACKUndo: 4
    1 congestion windows recovered without slow start after partial ack
    TCPLostRetransmit: 69
    67 fast retransmits
    1 retransmits in slow start
    TCPTimeouts: 87
    TCPLossProbes: 26
    TCPLossProbeRecovery: 4
    TCPBacklogCoalesce: 2432
    TCPDSACKOldSent: 96
    TCPDSACKRecv: 53
    120 connections reset due to unexpected data
    13 connections reset due to early user close
    7 connections aborted due to timeout
    TCPDSACKIgnoredNoUndo: 43
    TCPSackShifted: 194
    TCPSackMerged: 34
    TCPSackShiftFallback: 4424
    TCPRcvCoalesce: 66342
    TCPOFOQueue: 352
    TCPChallengeACK: 1
    TCPAutoCorking: 28376
    TCPFromZeroWindowAdv: 32
    TCPToZeroWindowAdv: 32
    TCPWantZeroWindowAdv: 323
    TCPSynRetrans: 21
    TCPOrigDataSent: 1019410
    TCPHystartTrainDetect: 656
    TCPHystartTrainCwnd: 50284
    TCPACKSkippedSynRecv: 11
    TCPWinProbe: 1
    TCPKeepAlive: 26
    TCPDelivered: 1042042
    TCPAckCompressed: 109
    TcpTimeoutRehash: 80
    TcpDuplicateDataRehash: 15
    TCPDSACKRecvSegs: 63
IpExt:
    InMcastPkts: 1579
    OutMcastPkts: 4
    InBcastPkts: 5414
    InOctets: 217038821
    OutOctets: 653115273
    InMcastOctets: 50528
    OutMcastOctets: 160
    InBcastOctets: 1360064
    InNoECTPkts: 909738
MPTcpExt:
Sctp:
    0 Current Associations
    0 Active Associations
    0 Passive Associations
    0 Number of Aborteds 
    0 Number of Graceful Terminations
    0 Number of Out of Blue packets
    0 Number of Packets with invalid Checksum
    0 Number of control chunks sent
    0 Number of ordered chunks sent
    0 Number of Unordered chunks sent
    0 Number of control chunks received
    0 Number of ordered chunks received
    0 Number of Unordered chunks received
    0 Number of messages fragmented
    0 Number of messages reassembled 
    0 Number of SCTP packets sent
    0 Number of SCTP packets received
[…]
…
--->8---

But you would need to parse the data interesting for you out of this
yourself. Hope this helps nevertheless.

                Regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org  \ /  Gegen HTML in E-Mails und Usenet
Mail+Jabber: abe at noone.org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/

More information about the Xymon mailing list