Hiya
I have some FreeBSD systems that run IPv6, and the numbers that Xymon are graphing are not quite right. I think I've pinned down the cause as being the ifstat matching regexp, not being able to handle either multiple bound IP addresses, or IPv6 addresses. My system has output from "netstat -i -b -n" something like this:
Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll em0 1500 <Link#1> aa:bb:cc:dd:ee:ff 855109239 246 119882177806 4445784528 0 1678631985244 0 em0 1500 fe80:1::666:6 fe80:1::666:66ff: 5652 - 403008 8487 - 565928 - em0 1500 192.168.1.0 192.168.1.66 3669836 - 327402522 4441615751 - 1612495913591 - em0 1500 6006:6000:0:6 6006:6000:0:6006: 186828 - 13051632 33119395 - 3319372758 - <snipped> lo0 16384 <Link#3> 2420387 0 296603593 2420667 0 296585785 0 lo0 16384 ::1/128 ::1 193448 - 17014491 217323 - 22687570 - lo0 16384 fe80:6::1/64 fe80:6::1 0 - 0 0 - 0 - lo0 16384 127.0.0.0/8 127.0.0.1 2227042 - 279599853 2226396 - 279550576 - lo1 16384 <Link#4> 398523 0 55461313 398523 0 55461150 0 lo1 16384 192.168.2.0 192.168.2.66 317552009 - 63772241684 383671 - 50695917 - lo1 16384 6006:6000:600 6006:6000:600::66 29688469 - 10867392950 4 - 2982 - <snipped>
The Xymon client explicitly excludes the "link" lines, and all of the "lo" lines. Makes sense, except that it doesn't work for me.
It seems that the Xymon server-side parsing is only picking up the line with the IPv4 address (192.168.1.66) and ignores all the others for the interface. Also, I can't see where Xymon handles multiple lines for the same interface, and I don't think it does.
And finally, this server has loopback interfaces lo1, lo2 and so on, with alternative IP addresses for this server. Most of the traffic that arrives at this server is addressed to the loopback interfaces. So even if Xymon could parse these lines, multiple of them, the client script excludes all of the loopback interfaces.
What's the best way to solve this? The lo[1-n] NICs could be added back in. But I don't know that this is very useful. The intent of the [ifstat] data is to record and display bytes that come in and out of physical NICs that communicate with the outside world, but my extra loopback interfaces' traffic isn't being counted.
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium). However, I think the "link" lines also show things like ARP and other layer-2 traffic that might not be as useful.
Has anyone else looked into this, or done monitoring of FreeBSD interfaces? Is there a better command to run on FreeBSD for this? I'd really like to get this fixed up.
Cheers Jeremy
On 17 February 2014 18:48, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
On thinking about this, I think the correct way to handle this is to exclude all but the "link" interfaces, because we're looking at interface bytes, not IP bytes, UDP bytes ICMP bytes, etc, but all interface bytes. Another way of thinking about this is that I would expect the switch port bps numbers to be the same as my server's bps numbers.
So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link"
To this:
echo "[ifstat]" netstat -i -b -n | egrep "<Link"
And that the Xymon server parsing code PCRE string be adjusted to match that format, which has MAC addresses in place of IPv4/IPv6 host addresses (but sometimes empty) and "<Link#n>" in place of network addresses.
This might not be a good idea if people are already relying on the current way of handling FreeBSD data. If so, you'll get almost the same numbers (slightly more with ARP and other layer-2 stuff), and you'll also get loopback addresses added to your interface graphs. Personally I have no problem showing loopback addresses, they can often show insights into local processes that communicate amongst themselves.
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Cheers Jeremy
On 17 February 2014 23:24, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
On 17 February 2014 18:48, Jeremy Laidman <jlaidman at rebel-it.com.au>wrote:
For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium).
So I'm proposing that the FreeBSD client be adjusted from this:
echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link"
To this:
echo "[ifstat]" netstat -i -b -n | egrep "<Link"
Seem reasonable? Would anyone be adversely impacted by this suggested change?
Anyone? Nobody else using FreeBSD? I've implemented a work-around that works for me, by using the following line in xymonclient-freebsd.sh: netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do [ $A = "Name" ] || { C=0.0.0.0/0; D=0.0.0.0; }; printf "%-5s %5s %-13s %-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done The output now only includes interface lines with "<Link" that are not loopback devices (thus ignoring all the non-physical entries), and the "<Link#1>" and MAC address lines have been replaced with dummy values that parse correctly on the server. I now have useful interface graphs for my FreeBSD systems. This is an ugly hack, and I only want this in place until a proper solution can be implemented. So, I'm proposing that the xymonclient-freebsd.sh script be modified to use this line for [ifstat]: netstat -ibn | egrep "<Link|Name"|grep -v ^lo (This could leave the loopback addresses in place, and I don't think anyone would mind.) Then, the following (untested) patch to do_ifstat.c. What say ye all? Cheers Jeremy --- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100 +++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100 @@ -27,8 +27,10 @@ /* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */ /* lnc0 1500 172.16.10.0/24 172.16.10.151 26 - 1818 26 - 1802 - */ +/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */ +/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 - 1802 - */ static const char *ifstat_freebsd_exprs[] = { - "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-]+" + "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-]+" }; /* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */
The idea is good. I'm looking forward to having better numbers against the interfaces. Thanks, Brian Scott From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Jeremy Laidman Sent: Thursday, 20 February 2014 1:46 PM To: xymon at xymon.com Subject: Re: [Xymon] FreeBSD [ifstat] processing On 17 February 2014 23:24, Jeremy Laidman <jlaidman at rebel-it.com.au<mailto:jlaidman at rebel-it.com.au>> wrote: On 17 February 2014 18:48, Jeremy Laidman <jlaidman at rebel-it.com.au<mailto:jlaidman at rebel-it.com.au>> wrote: For this reason, it seems to make sense that the "link" lines are probably the best for this, as I would think that they would show packets contained only in physical frames (ethernet or some other medium). So I'm proposing that the FreeBSD client be adjusted from this: echo "[ifstat]" netstat -i -b -n | egrep -v "^lo|<Link" To this: echo "[ifstat]" netstat -i -b -n | egrep "<Link" Seem reasonable? Would anyone be adversely impacted by this suggested change? Anyone? Nobody else using FreeBSD? I've implemented a work-around that works for me, by using the following line in xymonclient-freebsd.sh: netstat -ibn|egrep "<Link|Name"| grep -v ^lo | while read A B C D E F G; do [ $A = "Name" ] || { C=0.0.0.0/0<http://0.0.0.0/0>; D=0.0.0.0; }; printf "%-5s %5s %-13s %-17s %12s %6s %14s %14s %6s %14s %6s\n" $A $B $C $D $E $F $G; done The output now only includes interface lines with "<Link" that are not loopback devices (thus ignoring all the non-physical entries), and the "<Link#1>" and MAC address lines have been replaced with dummy values that parse correctly on the server. I now have useful interface graphs for my FreeBSD systems. This is an ugly hack, and I only want this in place until a proper solution can be implemented. So, I'm proposing that the xymonclient-freebsd.sh script be modified to use this line for [ifstat]: netstat -ibn | egrep "<Link|Name"|grep -v ^lo (This could leave the loopback addresses in place, and I don't think anyone would mind.) Then, the following (untested) patch to do_ifstat.c. What say ye all? Cheers Jeremy --- do_ifstat.c.orig 2014-02-20 13:35:33.000000000 +1100 +++ do_ifstat.c 2014-02-20 13:42:32.000000000 +1100 @@ -27,8 +27,10 @@ /* Name MTU Network IP Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */ /* lnc0 1500 172.16.10.0/24<http://172.16.10.0/24> 172.16.10.151 26 - 1818 26 - 1802 - */ +/* Name MTU Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll */ +/* em0 1500 <Link#1> 00:11:22:33:44:55 26 - 1818 26 - 1802 - */ static const char *ifstat_freebsd_exprs[] = { - "^([a-z0-9]+)\\s+\\d+\\s+[0-9.\\/]+\\s+[0-9.]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-<file:///\\s+\d+\s+%5b0-9.\%5d+\s+%5b0-9.%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+" + "^([a-z0-9]+)\\s+\\d+\\s+<Link#\\d+>\\s+[:0-9]+\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+\\d+\\s+[0-9-]+\\s+(\\d+)\\s+[0-9-<file:///\\s+\d+\s+%3cLink%23\d+%3e\s+%5b:0-9%5d+\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+\d+\s+%5b0-9-%5d+\s+(\d+)\s+%5b0-9->]+" }; /* Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll */ ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************
participants (2)
-
brian.scott4@det.nsw.edu.au
-
jlaidman@rebel-it.com.au