Geneos

TCP Links Plug-in - Technical Reference

Introduction

The Geneos UNIVERSAL TCP Links plug-in monitors active TCP/IP connections to and from the Netprobe host. This plug-in is typically used in conjunction with the "expect rows" feature available with all data views, which allows gateway to alert when an expected connection is missing (and therefore down).

For monitoring of connections to an SLE or LIFFE exchanges, it is preferable to use the GL-SLE-TCP plug-in since it provides more specific detail for this usage.

Note: This plug-in uses the netstat command which is part of the net-tools package. The net-tools package is not included in the minimal RHEL7 installation by default. As a result, the net-tools package must be installed separately on a minimal RHEL7 installation in order for the plug-in to work.

Views

View

The TCP Links plugin produces a single view, where each row in the table represents a single TCP connection. The example below is shown using "expect rows", indicated by the presence of the "Availability" column to the far right.

tcp-links2

Headline Legend

Name Description
Total connections The total number of TCP/IP connections monitored by the plug-in (i.e. those that match the configured monitoring criteria).

Table Legend

Name Description
name Unique connection named, formed by combining elements of the local and remote connection addresses.
localAddress The local host and port being used for the connection.
remoteAddress The remote host and port being used for the connection.
sendQueue Number of bytes in the send queue (waiting to be sent). This column is unavailable for Windows.
recvQueue Number of bytes in the receive queue (waiting to be read). This column is unavailable for Windows.
state The TCP/IP connection state.
type TCP or UDP.
Availability This column will only be present when using the expect rows feature. Possible values are "absent" or "present".

Plug-in Configuration

The TCP Links plug-in can be configured to run on any Netprobe host. Configuration is placed in the "tcp-links" section, and by default no other settings are required.

localPorts

The localPorts section allows users to define a list of ports by which they can filter the view on the localAddress field of a connection. If no ports are defined, then all connections are displayed.

If the localAddress field for a connection contains a specified port (using case sensitive comparison), then the connection passes the filter and is displayed. Otherwise the connection is omitted from the view and hence will not be available in gateway for rules or actions.

Note: Despite the name, the local port can optionally contain a hostname, port or a combination of the two. Syntax is based on Perl-Compatible Regular Expressions (PCRE).

Mandatory: No

remotePorts

The remotePorts section allows users to define a list of ports by which they can filter the view on the remoteAddress field of a connection. If no ports are defined, then all connections are displayed.

If the remoteAddress field for a connection contains a specified port (using case sensitive comparison), then the connection passes the filter and is displayed. Otherwise the connection is omitted from the view and hence will not be available in gateway for rules or actions.

Note: Despite the name, the remote port can optionally contain a hostname, port or a combination of the two. Syntax is based on Perl-Compatible Regular Expressions (PCRE).

Mandatory: No

command

The TCP Links plug-in obtains connection information using the netstat utility. The command used to run the utility can be overridden using this setting, which may be useful if access to netstat is protected by access control software.

For example, this command may be set to "pbrun netstat -n" or "sudo netstat -n".

Mandatory: No
Default: "netstat -n"

nameContents

The nameContents setting controls the format of the connection name, as reported in the name column of the data view. If this setting is not specified, the name format defaults to showing the full connection details as described below.

If this setting is specified, then each of the contained settings must be specified with a Boolean value detailing whether this field will be included in the name field. The name format consists of two host+port pairs, separated by a - character. Each pair is constructed according to the following table:

Host setting value Port setting value Host+port format Example
false false <empty>
false true :<port> :80
true false <host> www.google.com
true true <host>:<port> www.google.com:80

Mandatory: No
Default: <localhost>:<localport>-<remotehost>:<remoteport>

serviceTokens

The serviceTokens setting contains a list of tokens, which are treated in the same manner as for localPorts. This is a legacy setting for backwards compatibility reasons, and should be ignored in favour of using localPorts.