Post by Bjørn RubergPost by Heidenreich Ralfis a munin plugin available, that shows me in a graph all connections to
my server, divided in ports?
The "port_" plugin does exactly that, except that it's one tcp port
per plugin - i.e. port_80 shows connections to port 80, port_25
shows connections to port 25 etc.
A combined plugin may, as Nicolai states, be easy to write; or you can
create a virtual plugin that gathers data from several port_ plugins.
A virtual plugin that gathers data from others means a lot of
processes where only 1 is needed. I suggest to write your own plugin.
I just did, quick and dirty. You see it is simple.
The netstat information is provided in /proc/net/tcp6 (on modern
systems; e.g. on my Debian box I can ignore /proc/net/tcp). Port
numbers, though, appear as hex numbers. Eg. port 443 (https) = 01BB.
# 8< ---------------------- cut here -------------------------- >8
#!/bin/bash
[ "/$1/" = '/config/' ] \
&& echo "\
graph_title TCP port connection count
graph_args --base 1000 -l 0
graph_vlabel concurrent connections
graph_category network
port21.label port 21
port22.label port 22
port80.label port 80
port143.label port 143
port443.label port 443
port993.label port 993
" && exit
awk 'BEGIN { p21=0; p22=0; p80=0; p143=0; p443=0; p993=0; }
$4 != "01" { next }
$2 ~ /:0015$/ { p21++ }
$2 ~ /:0016$/ { p22++ }
$2 ~ /:0050$/ { p80++ }
$2 ~ /:008F$/ { p143++ }
$2 ~ /:01BB$/ { p443++ }
$2 ~ /:03E1$/ { p993++ }
END {
print "port21.value " p21;
print "port22.value " p22;
print "port80.value " p80;
print "port143.value " p143;
print "port443.value " p443;
print "port993.value " p993;
}' /proc/net/tcp6
# 8< ---------------------- cut here -------------------------- >8
HTH,
--
-- Andreas
P.S.: The line $4 != "01" { next } means that only "established"
connections are counted. Other states ("listen", "time_wait", etc.)
are ignored.