[XML] SocketStats version 0.1
Moderators: Developers, Moderators
-
- Posts: 42
- Joined: Wed Dec 10, 2003 7:19 am
[XML] SocketStats version 0.1
Hello there !
Quickly wrote another one to count the number of different sockets.
Here's the readme - still first version so not much documentation and perhaps some bugs? (hopefully not!)
==========================================
SocketStats v0.1 - Copyright Rolf Poser - GNU Public License
Released: 20 May 2004
SORRY - THIS WILL ONLY WORK EASILY ON UNIX
(perhaps you'll get this to work on cygwin/win32 if you're brave!)
Testtest said today that he wasn't too hapy with the basic tcp_connections
perl script - the shortcoming being of course that if you specify "http"
as a parameter in the command line it will include "https" in the line count..
Having enjoyed the way the graphs stacked in another project (squidstats)
I decided that this should be easy enough to get working in an evening.
So here it is - a count for some of the more popular socket types in use
(listen, established or other states). The more advanced cacti users will
be able to figure out how to add some additional socket types...
This is version 0.1 so no documentation, and very little info
for you here, but you should be able to figure most things out...
First, there is a script script/ to copy to <path_cacti>/scripts (and make
sure your cacti user can read/execute it. Make sure that the pointer
to bash is correct and that all of the other executables in the default
system path so that the script will work.
In addition, you will need to load up the XML graph template from the xml/
directory.
Best of luck !!
Rolf.
PS: I'm running this on FC1, so if this exactly what you are using, then
you should be OK with all of the path information.
Quickly wrote another one to count the number of different sockets.
Here's the readme - still first version so not much documentation and perhaps some bugs? (hopefully not!)
==========================================
SocketStats v0.1 - Copyright Rolf Poser - GNU Public License
Released: 20 May 2004
SORRY - THIS WILL ONLY WORK EASILY ON UNIX
(perhaps you'll get this to work on cygwin/win32 if you're brave!)
Testtest said today that he wasn't too hapy with the basic tcp_connections
perl script - the shortcoming being of course that if you specify "http"
as a parameter in the command line it will include "https" in the line count..
Having enjoyed the way the graphs stacked in another project (squidstats)
I decided that this should be easy enough to get working in an evening.
So here it is - a count for some of the more popular socket types in use
(listen, established or other states). The more advanced cacti users will
be able to figure out how to add some additional socket types...
This is version 0.1 so no documentation, and very little info
for you here, but you should be able to figure most things out...
First, there is a script script/ to copy to <path_cacti>/scripts (and make
sure your cacti user can read/execute it. Make sure that the pointer
to bash is correct and that all of the other executables in the default
system path so that the script will work.
In addition, you will need to load up the XML graph template from the xml/
directory.
Best of luck !!
Rolf.
PS: I'm running this on FC1, so if this exactly what you are using, then
you should be OK with all of the path information.
- Attachments
-
- socketstats-0.1.zip
- XML template and BASH script.
- (6.33 KiB) Downloaded 2050 times
Re: [XML] SocketStats version 0.1
Oh man -----/-----@Rolf Poser wrote:...
Quickly wrote another one to count the number of different sockets...
... Quickly wrote another one ... ... Rolf, do have also some "brain parts under GNU" for me ?? - joking
Rolf, you gave me another "sleepless night" - just downloading it NOW - THX !!!!
SF.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Rolf, tried a few things on my box with unix_socketdetails.sh.
Had no luck so far:
My sys with SuSE 9.0
bash --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.
sh --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.
ls -l /bin/bash
-rwxr-xr-x 1 root root 464680 Oct 2 2003 /bin/bash
ls -l /bin/sh
lrwxrwxrwx 1 root root 4 May 9 10:45 /bin/sh -> bash
Going now to bed - maybe too tired - already 04:45 in the morning here
Had no luck so far:
Code: Select all
: command not foundtml/cacti/scripts/unix_socketdetails.sh: line 2:
: command not foundtml/cacti/scripts/unix_socketdetails.sh: line 4:
'home/htdocs/web1/html/cacti/scripts/unix_socketdetails.sh: line 15: syntax error near unexpected token `do
'home/htdocs/web1/html/cacti/scripts/unix_socketdetails.sh: line 15: `for socket in `echo $SOCKETLIST`; do
bash --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.
sh --version
GNU bash, version 2.05b.0(1)-release (i586-suse-linux)
Copyright (C) 2002 Free Software Foundation, Inc.
ls -l /bin/bash
-rwxr-xr-x 1 root root 464680 Oct 2 2003 /bin/bash
ls -l /bin/sh
lrwxrwxrwx 1 root root 4 May 9 10:45 /bin/sh -> bash
Going now to bed - maybe too tired - already 04:45 in the morning here
-
- Posts: 42
- Joined: Wed Dec 10, 2003 7:19 am
Try this perl version
Stef:
You're probably in the same time zone as myself (I'm in South Africa - GMT+2), so I can see that your early morning posts are really early (or late - whichever way one wants to see it).
I've rewritten most of the script into perl - it should be more compatible with your system. Perl is in any case a bit more powerful and fast when it comes to text processing -- I was just too lazy to figure out how to write it in perl initially.
Let me know,
Rolf.
You're probably in the same time zone as myself (I'm in South Africa - GMT+2), so I can see that your early morning posts are really early (or late - whichever way one wants to see it).
I've rewritten most of the script into perl - it should be more compatible with your system. Perl is in any case a bit more powerful and fast when it comes to text processing -- I was just too lazy to figure out how to write it in perl initially.
Let me know,
Rolf.
Code: Select all
#!/usr/bin/perl
# Perl version - should be more compatible across platforms:
my $socketlist = $ARGV[0];
chomp $socketlist;
if ($socketlist eq '') {
$socketlist = "20 21 22 23 25 80 443 8080";
@socketlistarray = split ( / /, $socketlist);
} else {
@socketlistarray = @ARGV;
}
my $output = `netstat -an | grep -v unix | awk '{print \$4}' | awk -F: '{print \$2}'`;
my @outputarray = split ( /\n/, $output);
foreach my $sockettype (@socketlistarray){
my $counter = 0;
foreach my $opensocket (@outputarray){
if ($opensocket == $sockettype){
$counter++;
}
}
print "unix_socket_",$sockettype,":",$counter," "
}
Re: Try this perl version
THX Rolf, so 'going out tonight' has just been "toasted" - my girlll was really , but she's now ing again, after a nice dinner, so is my stomach too.Rolf Poser wrote:... much code ...
So "cranking up" my LOL-lame-notebook and starting over this in about 1/2 an hour ...
Greets and THX - Stef.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
:) :) :)
Hello back folks
Here's my brain dump:
So uploading unix_socketdetails.pl into <cacti_script_dir> and import template worked
without problem.
Afterwards adding the new imported template TOWARDS a Host Template --> in my case i added it to "ucd/net SNMP Host" -->
"Associated Graph Templates" --> "Add Graph Template: Unix - Socket Connection Details" --> save.
Then i had to change "Data Input Methods" --> "Data Input Methods [edit: Unix - Get Socket Details]" , because per default
the template gets its data from /bin/bash unix_socketdetails.sh (shell script-i had probs with).
Changed "Input String" into 'perl <path_cacti>/scripts/unix_socketdetails.pl 20 21 22 23 25 80 443 8080' -->
Then adding "New Graphs" --> "Create" --> (Select a graph type to create) --> choosing "Create: Unix - Socket Connection Details"
--> Then on top "Create graphs..." --> some pollings --> Working perfect
Or see the "start of graphing" HERE - don't bother of the layout - set up in 1 min. - really
Greets Rolf !! you made once again "my day" !! Stef.
Here's my brain dump:
So uploading unix_socketdetails.pl into <cacti_script_dir> and import template worked
without problem.
Afterwards adding the new imported template TOWARDS a Host Template --> in my case i added it to "ucd/net SNMP Host" -->
"Associated Graph Templates" --> "Add Graph Template: Unix - Socket Connection Details" --> save.
Then i had to change "Data Input Methods" --> "Data Input Methods [edit: Unix - Get Socket Details]" , because per default
the template gets its data from /bin/bash unix_socketdetails.sh (shell script-i had probs with).
Changed "Input String" into 'perl <path_cacti>/scripts/unix_socketdetails.pl 20 21 22 23 25 80 443 8080' -->
Then adding "New Graphs" --> "Create" --> (Select a graph type to create) --> choosing "Create: Unix - Socket Connection Details"
--> Then on top "Create graphs..." --> some pollings --> Working perfect
Or see the "start of graphing" HERE - don't bother of the layout - set up in 1 min. - really
Greets Rolf !! you made once again "my day" !! Stef.
Last edited by testtest on Mon May 24, 2004 9:01 am, edited 2 times in total.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
So Rolf, looking closer to it, changes of the PORTS must be done in two steps ?! - Right ?
First, change in unix_socketdetails.pl the PORTS.
Second adding the PORTS in cacti_graph_template_unix_socket_connection_details.xml ?
But where to get these <hash_100002125f6e64f40a5ac16f6e50bb7fc28799>
things ? Want to learn more, a tip ?
For ex. the most used / open Ports are 20 21 22 25 80 110 443 465 995 as for FTP, SSH, SMTP, HTTP, POP3, HTTPS, SMTPS SSL/TLS, SPOP3
How to add, Rolf ? Greets and thanks - Stef
First, change in unix_socketdetails.pl the PORTS.
Second adding the PORTS in cacti_graph_template_unix_socket_connection_details.xml ?
But where to get these <hash_100002125f6e64f40a5ac16f6e50bb7fc28799>
things ? Want to learn more, a tip ?
For ex. the most used / open Ports are 20 21 22 25 80 110 443 465 995 as for FTP, SSH, SMTP, HTTP, POP3, HTTPS, SMTPS SSL/TLS, SPOP3
How to add, Rolf ? Greets and thanks - Stef
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
1. Rolf can you lokk this graph ?
Something is not working properly - mostly it's an configuration isse , i think.
The 'grey' graph for ftp 'remains' on 2 connects, and goes somewhat up, but there where no or not so much connects to ftp.
So maybe the counter gets not 'resetted' in the graph itself ?
@guest - i will look for it, maybe Rolf is faster with a reply
Graph:
Something is not working properly - mostly it's an configuration isse , i think.
The 'grey' graph for ftp 'remains' on 2 connects, and goes somewhat up, but there where no or not so much connects to ftp.
So maybe the counter gets not 'resetted' in the graph itself ?
@guest - i will look for it, maybe Rolf is faster with a reply
Graph:
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
- @guest - so far i've seen in unix_socketdetails.pl the stats are called via "netstat -an", so it is a 'local' command for the host running at.guest wrote:i guess this script only works for localhost right ? i get the same graphs for all hosts and they are the localhost graph
Rectify me, if wrong.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
yes i saw the script was using netstat but i was hoping there a remote option to it that i didn't know !
if it'd work on remote servers as well i'd be in heaven ^^
i think it might be possible with a bit of tweaking using > to a file, transfering it, and then echoing it on the local machine, but what a pain...
about your "ghost connections" problem i have about the same, my ssh port always has 1 user at least connected... but that's because netstat shows open sockets, so the server itself is "1 user"... but maybe i'm wrong?
if it'd work on remote servers as well i'd be in heaven ^^
i think it might be possible with a bit of tweaking using > to a file, transfering it, and then echoing it on the local machine, but what a pain...
about your "ghost connections" problem i have about the same, my ssh port always has 1 user at least connected... but that's because netstat shows open sockets, so the server itself is "1 user"... but maybe i'm wrong?
yepp - looked and tested a lil bit around. It's currently as you described.Anonymous wrote:yes i saw the script was using netstat but i was hoping there a remote option to it that i didn't know !
if it'd work on remote servers as well i'd be in heaven ^^
i think it might be possible with a bit of tweaking using > to a file, transfering it, and then echoing it on the local machine, but what a pain...
about your "ghost connections" problem i have about the same, my ssh port always has 1 user at least connected... but that's because netstat shows open sockets, so the server itself is "1 user"... but maybe i'm wrong?
Rolf was so cute to code this stats 'from the hand' and it is just v0.1, so i was really GLAD to get 'just' that.
But showing it to friends, and also receiving some mails from ppl., saying WOW - especially this stats are very useful IMHO.
I would say, IMHO, improving and tweaking it, or better 'expand' its capabilities, is worth the work.
ACK, transferring it via a file i would not appreciate, there are too many 'concerns' - but there are basically other possibilities to achieve this easily.
Easily in means of checking remote ports itself, but currently i have no clue, how to check the 'number' of 'users', or better 'services' at a remote service, like FTP, SSH etc.
And i would not do this, for ex. with making compromises towards security, of course.
Maybe Rolf knows something about this ?
Greets Stef.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
-
- Posts: 42
- Joined: Wed Dec 10, 2003 7:19 am
Sorry for delay..
Hi folks - sorry for the delay!
I've been on my back for a few days with flu.
In brief - here are some ideas for some questions given:
1. To add ports, you will unfortunately have to do a sizeable amount of configuration work. The script is generic and can accept a list of ports on the command line for which it should parse. (It has a default list, in case none are passed.) In order to add the ports you want, you will need to edit the data input method for the script and add the ports to the command line. You will need to add an output field for each new port i.e. unix_socket_<#> where <#> is the numerical port number for the port as specified on the command line. You will need to repeat this process for each socket in the data template, by creating a new data source for each one (using the name you assigned in the data input method). Finally, you will need to add the "stack" graph to the list in the graph template for each port. You will need to create the entries by following the examples for the other ports. (use the blue up and down arrows to place the new graph items in the right place).
I know this is not ideal , and maybe I can find a smarter way to script this, or to generate this through some form of query - I'll need to check it out.
2. FTP-Data and ftp (for Stef) - I didn't see more than 1 socket open on your graph - it is probably just the "listening" socket for the server when no-one is connected. Most services leave at least one socket in a "listening" state so that new client connections can attach to them. I'll consider adding an option to a future version that only lists sockets that are not "listening". There are a couple of other statuses that may be useful to include (i.e. sockets that are being connected to, but not yet established -- if you see lots of these, then it could be a sign of a denial-of-service attack).
3. Remote netstat could be done in a number of ways - I'll see whether I can create a simple apache-based page that will do the trick, i.e. the web server page calls netstat and puts out the output to a web reply. One could probably do this using ssh or any other number of ways, but I like using the web since you can constrain it using other means other than user/passwd pairs. Anyway, any suggestions are welcome.
Regards,
Rolf.
PS: I managed to rig a long piece of ethernet into my bed from downstairs so that I can do this from underneath a blanket on my laptop -- time to get that 802.11g hub!
I've been on my back for a few days with flu.
In brief - here are some ideas for some questions given:
1. To add ports, you will unfortunately have to do a sizeable amount of configuration work. The script is generic and can accept a list of ports on the command line for which it should parse. (It has a default list, in case none are passed.) In order to add the ports you want, you will need to edit the data input method for the script and add the ports to the command line. You will need to add an output field for each new port i.e. unix_socket_<#> where <#> is the numerical port number for the port as specified on the command line. You will need to repeat this process for each socket in the data template, by creating a new data source for each one (using the name you assigned in the data input method). Finally, you will need to add the "stack" graph to the list in the graph template for each port. You will need to create the entries by following the examples for the other ports. (use the blue up and down arrows to place the new graph items in the right place).
I know this is not ideal , and maybe I can find a smarter way to script this, or to generate this through some form of query - I'll need to check it out.
2. FTP-Data and ftp (for Stef) - I didn't see more than 1 socket open on your graph - it is probably just the "listening" socket for the server when no-one is connected. Most services leave at least one socket in a "listening" state so that new client connections can attach to them. I'll consider adding an option to a future version that only lists sockets that are not "listening". There are a couple of other statuses that may be useful to include (i.e. sockets that are being connected to, but not yet established -- if you see lots of these, then it could be a sign of a denial-of-service attack).
3. Remote netstat could be done in a number of ways - I'll see whether I can create a simple apache-based page that will do the trick, i.e. the web server page calls netstat and puts out the output to a web reply. One could probably do this using ssh or any other number of ways, but I like using the web since you can constrain it using other means other than user/passwd pairs. Anyway, any suggestions are welcome.
Regards,
Rolf.
PS: I managed to rig a long piece of ethernet into my bed from downstairs so that I can do this from underneath a blanket on my laptop -- time to get that 802.11g hub!
1.st of all - Get well soon! !!!
Second: yepp, right with the ftp, also now it's clear with Port:20
Greets Stef.
Second: yepp, right with the ftp, also now it's clear with Port:20
have imagined this 'in pictures' - would look really interesting - 'the Hax0R in the bed' - nothing can stop him - get well !!! and a 802.11g of coursePS: I managed to rig a long piece of ethernet into my bed from downstairs so that I can do this from underneath a blanket on my laptop -- time to get that 802.11g hub!
Greets Stef.
[url=http://stef.funpic.de/index.html]Stef.s small Fan Page[/url]
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Free your brain with trashing away MS - no pain, no torture, no troubles of learning Linux can compete with your Freedom using it.
Who is online
Users browsing this forum: No registered users and 4 guests