On Sun, 16 Mar 2014 15:22:47 +0100, Henrik Størner <henrik at hswn.dk> wrote:
Den 16-03-2014 13:42, Christian skrev:
Hi.
I would like to monitor UDP ports as TCP ports, with the client module, and a display in the "ports" column. I don't understand why this module is limited to TCP connections, and I would like to extend it to active UDP connections.
Why does the client module run a "netstat -ant" command (file "xymonclient-linux.sh")? Is there a reason not to add UDP connections as well?
UDP doesn't have "connections" as such, so you will only be able to list
the ports where there is a local process listening for incoming datagrams.
That might make sense in some cases, but you can usually do this just be
looking for the right process to be running.
What would be the best solution? Clone the section and run a "netstat -anu"? Patch the existing client and run "netstat -antu"? Another solution?
I tried with the Linux client, and you can change the existing client code to run "netstat -antu" instead of just "netstat -ant" - this won't cause any problems.
I am not sure if the server-side of the client will be able to pick up those UDP ports, because they haven't got anything in the "State" column. You'll have to try that.
Regards, Henrik
Hi,
I tried to "patch" the client and run "netstat -antu". Everything works very well, even though there is no STATE of course (because of UDP). I can check both TCP and UDP connections. Well, you're right, my checks are to see if a "server" socket is opened. Both for TCP and UDP connections.
But the main usage I have, for both TCP and UDP, is to check the negative: I have an exhaustive list of ports that should be opened, and I check if no other port is opened. For example, I have one line telling: --- cut here --- PORT LOCAL=%100.100.100.100[.:].* EXLOCAL=%.:$ STATE=LISTEN MAX=0 "TEXT=public tcp bad listeners" --- cut here --- And I am able to do the same thing with UDP server connections.
To grep a UDP "server" socket, I use: --- cut here --- PORT LOCAL=100.100.100.100:1194 EXSTATE=%([:graph:]) TEXT=openvpn --- cut here --- With that regex, I capture all lines with no "STATE" (thus UDP connections).
So my question is really that I would like to use the functionality of the client "ports" probe. And I wonder if the philosophy of the "ports" probe is only to check stateful connections (aka TCP) and thus I have to clone it and create a "ports2" to check UDP, or if this probe could be patched to check also UDP connections.
Technically it's OK, it works fine. But what modification am I "allowed" to do? Propose a patch to the mainstream to add UDP, or clone the test?
Thanks.
-- Christian