Useful for:
- monitoring number of connections to specific TCP port
- checking if service is listening on specific port
- statistics of TCP connections table
- checking load on specific service as number of connections
- detecting TCP connection state based attacks and abnormalities
Requirements:
- agent on *nix system with net-snmp tools
- bash,grep,cat,snmpnetstat
Links:
http://net-snmp.sourceforge.net/docs/man/snmpnetstat.html
snmp_stat.sh attached
How-to:
1.
configure agent on node that has snmp connection to nodes you want to monitor:
ExternalParameter = TCP.Connections(*):/opt/netxms/scripts/snmp_stat.sh $1 $2 $3 $4
2.
add nodes you want to monitor to trusted nodes on that node
3.
parameters:
# $1 = hostname, monitored node ip
# $2 = community, monitored node snmp community string
# $3 = TCP state {ESTABLISHED|LISTEN|TIMEWAIT|TIMECLOSE|FINWAIT1|FINWAIT2|SYNSENT|SYNRECV}
# $4 = TCP port for detailed {ESTABLISHED|LISTEN}
4.
configure DCI's on node you want to monitor and specify node from 1.
as proxy node when creating DCI
5. examples DCI's:
# all established connections
TCP.Connections(192.168.1.1,public,ESTABLISHED)
# all established connections to TCP port 80
TCP.Connections(192.168.1.1,public,ESTABLISHED,80)
# will return 1 if service is listening on TCP port 25
TCP.Connections(192.168.1.1,public,LISTEN,25)
Feel free to use. Suggestions, spelling :) and bug fixes welcome.
Ales