[XML] SocketStats version 0.1

Rolf Poser · Post by **Rolf Poser** » Mon May 24, 2004 2:38 pm

Here we go!

This works on my system, although I've had to make some configuration changes to apache.

First the web page which I created as:

/var/www/html/web-netstat/index.shtml

(where /var/www/html/ is my normal web documentroot)

Note that it is "shtml", which means that the server will check it for server-side includes.

Code: Select all

<HTML>
        <HEAD>
                <TITLE>Remote netstat output</TITLE>
                <META http-equiv="refresh" content="60;">
        </HEAD>
        <BODY>
                <PRE>
                        <!--#exec cmd="netstat -an" -->
                </PRE>
        </BODY>
</HTML>

Here is the change I made to my webserver configuration (httpd.conf):

Code: Select all

<Location /web-netstat>
        Options +Includes
        Order deny,allow
        Deny from all
        Allow from .foobar.com
</Location>

Where foobar.com is my local trusted domain.

WARNING: Using server-side includes may open up your web-site to allow uninvited guests access to your command-line. You need to ensure that you limit access to hosts or domains that you trust. If you want to be absolutely safe, then rather use SSL with a user/passwd combination in addition to this. I don't know of any flaws in apache that would currently allow this, but overrun hacks have been found before....

Now, all you'll need to do is to use something like lynx to get and parse the page into plain text and to pipe it into the rest of the command line in the perl script (i.e. replacing the "netstat -an" part).

Let me know if this works !

Regards,
Rolf.

testtest · Post by **testtest** » Mon May 24, 2004 10:49 pm

Rolf Poser wrote:


WARNING:
Using server-side includes may open up your web-site to allow uninvited guests access to your command-line. You need to ensure that you limit access to hosts or domains that you trust. If you want to be absolutely safe, then rather use SSL with a user/passwd combination in addition to this. I don't know of any flaws in apache that would currently allow this, but overrun hacks have been found before....

Now, all you'll need to do is to use something like lynx to get and parse the page into plain text and to pipe it into the rest of the command line in the perl script (i.e. replacing the "netstat -an" part).

that's really haX0r code

, why not ?
But as Rolf wrote, please ppl. don't fool around with this kind of "inclusions", read and understand what Rolf explained, and take care for securing access to that ...

By the way Rolf,

- i try to test this, because i have a somewhat 'secure box'

- but after a 'cup of sleep now' --> 05:50am

Have had to write some docus for my 'real life work'

- so crawling into bed now, for 'resetting' my eyes + brain

So get well and SYA Stef.

testtest · Post by **testtest** » Tue May 25, 2004 10:44 am

Hello Rolf,

as expected it runs the way you described. I have just put it into a .shtml file, 'cause i've included this in my apache2.

The parsed .shtml output is what can be expected

, of course :

Code: Select all

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      
tcp        0      0 217.10.50.12:21       217.124.94.20:2515    ESTABLISHED 
tcp        0      0 :::80                   :::*                    LISTEN      
tcp        0      0 :::22                   :::*                    LISTEN      
tcp        0      0 :::443                  :::*                    LISTEN      
tcp        0      0 217.10.50.12:80       217.155.44.01:1909     TIME_WAIT   
tcp        0      0 217.10.50.12:80       217.155.44.01:1908     TIME_WAIT   
tcp        0   1054 217.10.50.12:80       217.155.44.01:1915     ESTABLISHED 
tcp        0   3735 217.10.50.12:80       217.155.44.01:1914     ESTABLISHED 
tcp        0      0 217.10.50.12:22       217.124.94.20:2624    ESTABLISHED 
tcp        0      0 217.10.50.12:80       217.124.94.20:2626    TIME_WAIT   
tcp        0      0 217.10.50.12:22       217.124.94.20:2595    ESTABLISHED 
tcp        0      0 217.10.50.12:80       217.124.94.20:2635    ESTABLISHED 
udp        0      0 127.0.0.1:161           0.0.0.0:*                           
udp     5440      0 0.0.0.0:68              0.0.0.0:*                           
udp        0      0 217.10.50.12:123      0.0.0.0:*                           
udp        0      0 127.0.0.1:123           0.0.0.0:*                           
udp        0      0 0.0.0.0:123             0.0.0.0:*                           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     2525   /var/lib/mysql/mysql.sock
unix  2      [ ]         DGRAM                    1291   /var/lib/named/dev/log
....

I'm trying to make a little bit more with it, posting again later

Greets Stef.

testtest · Post by **testtest** » Tue May 25, 2004 11:56 am

This should work now

:

There are some hints about your individual security settings for accessing your remote .shtml.

You have to assure that your 'poller' IP, the host you are connecting from - towards the host to be queried, is allowed to do so.
Include your IP into the host .htaccess for ex., ' Allow from ...', of the 'queried' host.

Then it is just simple:

Edit Rolf's original unix_socketdetails.pl and make the following changes:

Change

Code: Select all

my $output = `netstat -an | grep -v unix | awk '{print \$4}' | awk -F: '{print \$2}'`;

with

Code: Select all

my $output = `lynx -auth=User:Password -dump http://www.yourdomain.com/index.shtml | grep -v unix | awk '{print \$4}' | awk -F: '{print \$2}'`;

^^ of course the URL of your .shtml file

The output looks like this:

Code: Select all

unix_socket_20:0 unix_socket_21:2 unix_socket_22:2 unix_socket_25:1 unix_socket_80:2 unix_socket_110:1 unix_socket_443:0 unix_socket_465:1 unix_socket_995:1

and is equivalent to the 'locahost' variant.

Greets Stef.

Guest · Post by **Guest** » Wed May 26, 2004 6:31 am

i got it working for a remote server too, but i used scp.

now i'd like to do this for all my servers (+-10), but i'm a bit lost in how to do that... (data input method / data source / graph creation)

cheers

jfauteux · Post by **jfauteux** » Wed May 26, 2004 7:12 am

is there anything special i need to do to import the graph template? Using the "import templates" feature - i browse to the directory where the cati_graph_template_unix_socket_details.xml file is and then i hit "save" and the screen just kind of cycles - but i never see the graph template in the graph template section - any ideas?

testtest · Post by **testtest** » Wed May 26, 2004 9:03 am

Anonymous wrote:i got it working for a remote server too, but i used scp.

now i'd like to do this for all my servers (+-10), but i'm a bit lost in how to do that... (data input method / data source / graph creation)

cheers

that is a question for Rolf, 'cause i'm not into deep with the template, graph creation itself ... - maybe i find time to look for it, or in the meantime Rolf answers.

Greets Stef.

testtest · Post by **testtest** » Wed May 26, 2004 9:06 am

jfauteux wrote:is there anything special i need to do to import the graph template? Using the "import templates" feature - i browse to the directory where the cati_graph_template_unix_socket_details.xml file is and then i hit "save" and the screen just kind of cycles - but i never see the graph template in the graph template section - any ideas?

Nope, there's nothing special about importing it . There are known issues for importing templates with cacti.versions - just look around here in the forum.
BTW. which cact.version are you using ?
Greets Stef.

Morpheus · Post by **Morpheus** » Fri Jun 04, 2004 2:59 am

Isn't there a way we could extend the SNMP daemon ?
I know that you can pass a complete OID to the SNMP daemon, just like in bindstats...

That way we could Dynamically get the ports to monitor.

pbulteel · Post by **pbulteel** » Tue Nov 15, 2005 8:12 am

Couldn't that be implemented?

snmpnetstat -v1 -c public <machinename> | grep ESTABLISHED | wc -l

And to this, maybe we can add a | grep ssh or something like that to get a stat on a particular app...

Just throwing out some ideas.

-P

And I just noticed that if you add a -n you can see it as numeric, meaning you could then categorize the output into protocols ( end in 80 or 443 ) or machine example localhost connections (127.0.0.1) even do something like machine to external connections ...

Post by **gandalf** » Wed Nov 16, 2005 4:37 pm

There's already a TCP montor for that on the forum (uses TCP MIB counters)
Reinhard

kumaresh · Post by **kumaresh** » Tue Mar 27, 2007 2:13 am

Can you plz get back with the code for retrieving number of socket connections for the windows 2000 m/c?

Cacti

[XML] SocketStats version 0.1

Remote netstat

Re: Remote netstat

uploading template

Re: uploading template

My $ 0.02

What about snmpnetstat?

Socket Connection Details for Windows 2000

Who is online