On 3/18/19 11:11 AM, John Horne wrote:
On Mon, 2019-03-18 at 10:30 -0700, Japheth Cleaver wrote:
This is not just a Debian thing -- it looks like it results from output changes in recent versions of netstat/net-tools (recent Fedora is affected too).
I think the easiest fix will be to move to PCRE parsing to catch the differing versions, which is how we're handling the BSDs and some of the esoteric unicies. (Although there's a legacy RHEL3 Linux OS type from back in the day, this is one of the things we'll want to catch centrally moving forward.)
I was going to take a look at the problem tomorrow. From my very quick look at the code I thought it already had support for PCRE, and so hopefully it would just require changing the code from a fixed string to a regex to cater for the current and new net-tools versions.
John.
I think it's a bigger issue with the netstat command not getting as much information any longer.
Digging back for old logs, what was generating outbound and retransmits is shown here:
[date] Mon Jun 18 09:14:39 PDT 2018 ... [netstat] Ip: 35434 total packets received 6 with invalid addresses 0 forwarded 0 incoming packets discarded 31540 incoming packets delivered 31014 requests sent out 300 outgoing packets dropped 30 dropped because of missing route Icmp:
And the output received currently:
[date] Mon Mar 18 01:23:29 PDT 2019 ... [netstat] Ip: Forwarding: 2 20425327 total packets received 25 with invalid addresses 0 forwarded 0 incoming packets discarded 20335050 incoming packets delivered 6916589 requests sent out Icmp:
Clearly, the new tools are NOT collecting the data we need to parse, so work on changing anything other than the tools directly, or finding another tool to use, would be pointless.
david