Skip to main content

Hello,

 

I’m trying to use centreon plugins to match one connection on local port 4000 from one known IP address.

 

For this, I need to use “filter-ip” but I cannot manage to get it work.

 

I use the following command:

 

centreon_plugins.pl --plugin os::linux::snmp::plugin --mode tcpcon --hostname host --snmp-version 2 --snmp-community public --service='MyService,,established,4000,,,,,1:1

 

This one works, it returns one established connection:

OK: Service 'LMyService' connections: 1 - Total connections: 8

 

Then I tried to add an IP destination filter to only match my IP address. If I understand correctly, it an inverted filter to exclude everything that is not my IP address.

For the record, when using --debug, I can see the connection I’m trying to match:

.1.3.6.1.2.1.6.19.1.7.2.16.0.0.0.0.0.0.0.0.0.0.255.255.10.x.x.x.4000.2.16.0.0.0.0.0.0.0.0.0.0.255.255.10.y.y.y.54706 = 5  < this is 10.y.y.y

 

So I just tried to modify the command like this:

centreon_plugins.pl --plugin os::linux::snmp::plugin --mode tcpcon --hostname hosts --snmp-version 2 --snmp-community public --service='MyService,,established,4000,,,^(?!10.*)$,,1:1'

 

And I get 0 connection remaining… Any idea what I’m doing wrong ?

 

Best regards

Hello :)

The code that makes the comparison with the filter is in the `test_service` function on line 244. It's not easy to debug it without displaying the contents of the values tested to understand what is being compared with what. By adding this little piece of debugg code :

                if($tag ne "total"){
                    use Data::Dumper;
                    print Dumper("filter :".$self->{services}->{$tag}->{filter});
                    print Dumper($_."\n");
                }

You get this kind of output (I'm working on anonymised data from the plugin test repo) with the specified filter at the top and the variable that matched with :

$VAR1 = 'filter :.*?#127.*#.*?#.*?#.*?#established';
$VAR1 = 'ipv4#127.0.0.1#5670#127.0.0.1#47440#established';

In my case, I got all the ‘established’ connections on the ‘src_addr’: 127.0.0.1 and also 127.0.0.2.

perl centreon_plugins.pl --plugin os::linux::snmp::plugin --mode tcpcon --hostname=localhost --snmp-version=2c --snmp-community=local/linux --snmp-port=2024 --service='My service,,established,,,127.*,,,'
$VAR1 = 'filter :.*?#127.*#.*?#.*?#.*?#established';
$VAR1 = 'ipv4#127.0.0.1#50166#127.0.0.1#5669#established
';
$VAR1 = 'filter :.*?#127.*#.*?#.*?#.*?#established';
$VAR1 = 'ipv4#127.0.0.1#47440#127.0.0.1#5670#established
';
$VAR1 = 'filter :.*?#127.*#.*?#.*?#.*?#established';
$VAR1 = 'ipv4#127.0.0.1#5670#127.0.0.1#47440#established
';
$VAR1 = 'filter :.*?#127.*#.*?#.*?#.*?#established';
$VAR1 = 'ipv4#127.0.0.2#5669#127.0.0.1#50166#established
';
OK: Total connections: 43 - Service 'My service' connections: 4 | 'service_total'=43;;;0; 'service_My service'=4;;;0; 'con_closing'=0;;;0; 'con_finWait1'=0;;;0; 'con_timeWait'=33;;;0; 'con_lastAck'=0;;;0; 'con_synSent'=0;;;0; 'con_listen'=17;;;0; 'con_closeWait'=1;;;0; 'con_synReceived'=0;;;0; 'con_closed'=0;;;0; 'con_established'=8;;;0; 'con_finWait2'=1;;;0;

I hope these examples have helped you understand how the option works. Internally I've opened a development ticket to improve the verbosity of the debugging for this mode.

Kind regards.

Reply


Terms & ConditionsCookie settings