TCP Links Plug-in - Technical Reference
Introduction
The Geneos UNIVERSAL TCP Links plug-in monitors active TCP/IP connections to and from the Netprobe host. This plug-in is typically used in conjunction with the "expect rows" feature available with all data views, which allows gateway to alert when an expected connection is missing (and therefore down).
For monitoring of connections to an SLE or LIFFE exchanges, it is preferable to use the GL-SLE-TCP plug-in since it provides more specific detail for this usage.
Note: This plug-in uses the netstat command which is part of the net-tools package. The net-tools package is not included in the minimal RHEL7 installation by default. As a result, the net-tools package must be installed separately on a minimal RHEL7 installation in order for the plug-in to work.
Views
View
The TCP Links plugin produces a single view, where each row in the table represents a single TCP connection. The example below is shown using "expect rows", indicated by the presence of the "Availability" column to the far right.
Headline Legend
Name | Description |
---|---|
Total connections | The total number of TCP/IP connections monitored by the plug-in (i.e. those that match the configured monitoring criteria). |
Table Legend
Name | Description |
---|---|
name | Unique connection named, formed by combining elements of the local and remote connection addresses. |
localAddress | The local host and port being used for the connection. |
remoteAddress | The remote host and port being used for the connection. |
sendQueue | Number of bytes in the send queue (waiting to be sent). This column is unavailable for Windows. |
recvQueue | Number of bytes in the receive queue (waiting to be read). This column is unavailable for Windows. |
state | The TCP/IP connection state. |
type | TCP or UDP. |
Availability | This column will only be present when using the expect rows feature. Possible values are "absent" or "present". |
Plug-in Configuration
The TCP Links plug-in can be configured to run on any Netprobe host. Configuration is placed in the "tcp-links" section, and by default no other settings are required.
localPorts
The localPorts section allows users to define a list of ports by which they can filter the view on the localAddress field of a connection. If no ports are defined, then all connections are displayed.
If the localAddress field for a connection contains a specified port (using case sensitive comparison), then the connection passes the filter and is displayed. Otherwise the connection is omitted from the view and hence will not be available in gateway for rules or actions.
Note: Despite the name, the local port can optionally contain a hostname, port or a combination of the two. Syntax is based on Perl-Compatible Regular Expressions (PCRE).
Mandatory: No
remotePorts
The remotePorts section allows users to define a list of ports by which they can filter the view on the remoteAddress field of a connection. If no ports are defined, then all connections are displayed.
If the remoteAddress field for a connection contains a specified port (using case sensitive comparison), then the connection passes the filter and is displayed. Otherwise the connection is omitted from the view and hence will not be available in gateway for rules or actions.
Note: Despite the name, the remote port can optionally contain a hostname, port or a combination of the two. Syntax is based on Perl-Compatible Regular Expressions (PCRE).
Mandatory: No
command
The TCP Links plug-in obtains connection information using the netstat utility. The command used to run the utility can be overridden using this setting, which may be useful if access to netstat is protected by access control software.
For example, this command may be set to "pbrun netstat -n" or "sudo netstat -n".
nameContents
The nameContents setting controls the format of the connection name, as reported in the name column of the data view. If this setting is not specified, the name format defaults to showing the full connection details as described below.
If this setting is specified, then each of the contained settings must be specified with a Boolean value detailing whether this field will be included in the name field. The name format consists of two host+port pairs, separated by a - character. Each pair is constructed according to the following table:
Host setting value | Port setting value | Host+port format | Example |
---|---|---|---|
false | false | <empty> | |
false | true | :<port> | :80 |
true | false | <host> | www.google.com |
true | true | <host>:<port> | www.google.com:80 |
serviceTokens
The serviceTokens setting contains a list of tokens, which are treated in the same manner as for localPorts. This is a legacy setting for backwards compatibility reasons, and should be ignored in favour of using localPorts.