[XML] SocketStats version 0.1

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Rolf Poser
Posts: 42
Joined: Wed Dec 10, 2003 7:19 am

[XML] SocketStats version 0.1

Post by Rolf Poser »

Hello there !

Quickly wrote another one to count the number of different sockets.

Here's the readme - still first version so not much documentation and perhaps some bugs? (hopefully not!)

==========================================

SocketStats v0.1 - Copyright Rolf Poser - GNU Public License

Released: 20 May 2004

SORRY - THIS WILL ONLY WORK EASILY ON UNIX
(perhaps you'll get this to work on cygwin/win32 if you're brave!)

Testtest said today that he wasn't too hapy with the basic tcp_connections
perl script - the shortcoming being of course that if you specify "http"
as a parameter in the command line it will include "https" in the line count..

Having enjoyed the way the graphs stacked in another project (squidstats)
I decided that this should be easy enough to get working in an evening.

So here it is - a count for some of the more popular socket types in use
(listen, established or other states). The more advanced cacti users will
be able to figure out how to add some additional socket types...

This is version 0.1 so no documentation, and very little info
for you here, but you should be able to figure most things out...

First, there is a script script/ to copy to <path_cacti>/scripts (and make
sure your cacti user can read/execute it. Make sure that the pointer
to bash is correct and that all of the other executables in the default
system path so that the script will work.

In addition, you will need to load up the XML graph template from the xml/
directory.

Best of luck !!

Rolf.

PS: I'm running this on FC1, so if this exactly what you are using, then
you should be OK with all of the path information.
Attachments
socketstats-0.1.zip
XML template and BASH script.
(6.33 KiB) Downloaded 2010 times
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Re: [XML] SocketStats version 0.1

Post by testtest »

Rolf Poser wrote:...
Quickly wrote another one to count the number of different sockets...
8) Oh man -----/-----@ 8)

... Quickly wrote another one ... :roll: ... Rolf, do have also some "brain parts under GNU" for me ?? :lol: - joking
Rolf, you gave me another "sleepless night" :) - just downloading it NOW - THX !!!!
SF.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Guest

Post by Guest »

Rolf, tried a few things on my box with unix_socketdetails.sh.

Had no luck so far:

Code: Select all

: command not foundtml/cacti/scripts/unix_socketdetails.sh: line 2:
: command not foundtml/cacti/scripts/unix_socketdetails.sh: line 4:
'home/htdocs/web1/html/cacti/scripts/unix_socketdetails.sh: line 15: syntax error near unexpected token `do
'home/htdocs/web1/html/cacti/scripts/unix_socketdetails.sh: line 15: `for socket in `echo $SOCKETLIST`; do
My sys with SuSE 9.0

bash --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.

sh --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.

ls -l /bin/bash
-rwxr-xr-x 1 root root 464680 Oct 2 2003 /bin/bash

ls -l /bin/sh
lrwxrwxrwx 1 root root 4 May 9 10:45 /bin/sh -> bash

Going now to bed - maybe too tired - already 04:45 in the morning here :wink:
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

:o also my 'cookies' seem to be tired - :roll: - was me - Stef.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Rolf Poser
Posts: 42
Joined: Wed Dec 10, 2003 7:19 am

Try this perl version

Post by Rolf Poser »

Stef:

You're probably in the same time zone as myself (I'm in South Africa - GMT+2), so I can see that your early morning posts are really early (or late - whichever way one wants to see it).

I've rewritten most of the script into perl - it should be more compatible with your system. Perl is in any case a bit more powerful and fast when it comes to text processing -- I was just too lazy to figure out how to write it in perl initially.

Let me know,
Rolf.

Code: Select all

#!/usr/bin/perl

# Perl version - should be more compatible across platforms:

my $socketlist = $ARGV[0];
chomp $socketlist;

if ($socketlist eq '') {
	$socketlist = "20 21 22 23 25 80 443 8080";
	@socketlistarray = split ( / /, $socketlist);
} else {
	@socketlistarray = @ARGV;
}

my $output = `netstat -an | grep -v unix | awk '{print \$4}' | awk -F: '{print \$2}'`;
my @outputarray = split ( /\n/, $output);

foreach my $sockettype (@socketlistarray){
	my $counter = 0;
	foreach my $opensocket (@outputarray){
		if ($opensocket == $sockettype){
			$counter++;
		}
	}
	print "unix_socket_",$sockettype,":",$counter," "
}
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Re: Try this perl version

Post by testtest »

Rolf Poser wrote:... much code ...
:D THX Rolf, so 'going out tonight' has just been "toasted" :lol: - my girlll was really :evil: , but she's now :) ing again, after a nice dinner, so is my stomach too.

So "cranking up" my LOL-lame-notebook and starting over this in about 1/2 an hour ...

Greets and THX - Stef. :)
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

:) :) :)

Post by testtest »

Hello back folks :D

Here's my brain dump:

So uploading unix_socketdetails.pl into <cacti_script_dir> and import template worked
without problem.

Afterwards adding the new imported template TOWARDS a Host Template --> in my case i added it to "ucd/net SNMP Host" -->
"Associated Graph Templates" --> "Add Graph Template: Unix - Socket Connection Details" --> save.

Then i had to change "Data Input Methods" --> "Data Input Methods [edit: Unix - Get Socket Details]" , because per default
the template gets its data from /bin/bash unix_socketdetails.sh (shell script-i had probs with).

Changed "Input String" into 'perl <path_cacti>/scripts/unix_socketdetails.pl 20 21 22 23 25 80 443 8080' -->
Then adding "New Graphs" --> "Create" --> (Select a graph type to create) --> choosing "Create: Unix - Socket Connection Details"
--> Then on top "Create graphs..." --> some pollings --> Working perfect :) :D :)

Image

Or see the "start of graphing" HERE - don't bother of the layout - set up in 1 min. - really :wink:

Greets Rolf !! you made once again "my day" !! Stef.
Last edited by testtest on Mon May 24, 2004 9:01 am, edited 2 times in total.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

:) So Rolf, looking closer to it, changes of the PORTS must be done in two steps ?! - Right ?

First, change in unix_socketdetails.pl the PORTS.
Second adding the PORTS in cacti_graph_template_unix_socket_connection_details.xml ?

But where to get these <hash_100002125f6e64f40a5ac16f6e50bb7fc28799>
things ? Want to learn more, a tip ? :oops:

For ex. the most used / open Ports are 20 21 22 25 80 110 443 465 995 as for FTP, SSH, SMTP, HTTP, POP3, HTTPS, SMTPS SSL/TLS, SPOP3

How to add, Rolf ? Greets and thanks :) - Stef
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
guest

Post by guest »

i guess this script only works for localhost right ? i get the same graphs for all hosts and they are the localhost graph :(
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

1. Rolf can you lokk this graph ?
Something is not working properly - mostly it's an configuration isse :) , i think.

The 'grey' graph for ftp 'remains' on 2 connects, and goes somewhat up, but there where no or not so much connects to ftp.
So maybe the counter gets not 'resetted' in the graph itself ?

@guest - i will look for it, maybe Rolf is faster with a reply :)

Graph:
Image
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

guest wrote:i guess this script only works for localhost right ? i get the same graphs for all hosts and they are the localhost graph :(
:) - @guest - so far i've seen in unix_socketdetails.pl the stats are called via "netstat -an", so it is a 'local' command for the host running at.
Rectify me, if wrong.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Guest

Post by Guest »

yes i saw the script was using netstat but i was hoping there a remote option to it that i didn't know ! :(

if it'd work on remote servers as well i'd be in heaven ^^
i think it might be possible with a bit of tweaking using > to a file, transfering it, and then echoing it on the local machine, but what a pain...

about your "ghost connections" problem i have about the same, my ssh port always has 1 user at least connected... but that's because netstat shows open sockets, so the server itself is "1 user"... but maybe i'm wrong?
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

Anonymous wrote:yes i saw the script was using netstat but i was hoping there a remote option to it that i didn't know ! :(

if it'd work on remote servers as well i'd be in heaven ^^
i think it might be possible with a bit of tweaking using > to a file, transfering it, and then echoing it on the local machine, but what a pain...

about your "ghost connections" problem i have about the same, my ssh port always has 1 user at least connected... but that's because netstat shows open sockets, so the server itself is "1 user"... but maybe i'm wrong?
:) yepp - looked and tested a lil bit around. It's currently as you described.

Rolf was so cute to code this stats 'from the hand' and it is just v0.1, so i was really GLAD to get 'just' that.
But showing it to friends, and also receiving some mails from ppl., saying WOW - especially this stats are very useful IMHO.
I would say, IMHO, improving and tweaking it, or better 'expand' its capabilities, is worth the work.

ACK, transferring it via a file i would not appreciate, there are too many 'concerns' ;) - but there are basically other possibilities to achieve this easily.
Easily in means of checking remote ports itself, but currently i have no clue, how to check the 'number' of 'users', or better 'services' at a remote service, like FTP, SSH etc.
And i would not do this, for ex. with making compromises towards security, of course.
Maybe Rolf knows something about this ?

Greets Stef. :)
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Rolf Poser
Posts: 42
Joined: Wed Dec 10, 2003 7:19 am

Sorry for delay..

Post by Rolf Poser »

Hi folks - sorry for the delay!

I've been on my back for a few days with flu.

In brief - here are some ideas for some questions given:

1. To add ports, you will unfortunately have to do a sizeable amount of configuration work. The script is generic and can accept a list of ports on the command line for which it should parse. (It has a default list, in case none are passed.) In order to add the ports you want, you will need to edit the data input method for the script and add the ports to the command line. You will need to add an output field for each new port i.e. unix_socket_<#> where <#> is the numerical port number for the port as specified on the command line. You will need to repeat this process for each socket in the data template, by creating a new data source for each one (using the name you assigned in the data input method). Finally, you will need to add the "stack" graph to the list in the graph template for each port. You will need to create the entries by following the examples for the other ports. (use the blue up and down arrows to place the new graph items in the right place).

I know this is not ideal :-? , and maybe I can find a smarter way to script this, or to generate this through some form of query - I'll need to check it out.

2. FTP-Data and ftp (for Stef) - I didn't see more than 1 socket open on your graph - it is probably just the "listening" socket for the server when no-one is connected. Most services leave at least one socket in a "listening" state so that new client connections can attach to them. I'll consider adding an option to a future version that only lists sockets that are not "listening". There are a couple of other statuses that may be useful to include (i.e. sockets that are being connected to, but not yet established -- if you see lots of these, then it could be a sign of a denial-of-service attack).

3. Remote netstat could be done in a number of ways - I'll see whether I can create a simple apache-based page that will do the trick, i.e. the web server page calls netstat and puts out the output to a web reply. One could probably do this using ssh or any other number of ways, but I like using the web since you can constrain it using other means other than user/passwd pairs. Anyway, any suggestions are welcome.

Regards,
Rolf.

PS: I managed to rig a long piece of ethernet into my bed from downstairs :wink: so that I can do this from underneath a blanket on my laptop -- time to get that 802.11g hub! 8)
testtest
Posts: 25
Joined: Mon May 17, 2004 7:19 am
Location: Europe

Post by testtest »

:D 1.st of all - Get well soon! !!!

Second: :oops: yepp, right with the ftp, also now it's clear with Port:20 :oops:
PS: I managed to rig a long piece of ethernet into my bed from downstairs so that I can do this from underneath a blanket on my laptop -- time to get that 802.11g hub!
:lol: have imagined this 'in pictures' - would look really interesting :) - 'the Hax0R in the bed' - nothing can stop him :) - get well !!! and a 802.11g of course :)

Greets Stef. :)
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests