Geneos

X Top Plug-in - Technical Reference

Introduction

The Geneos X Top plug-in monitors the top N producers of multicast traffic from a list of user-defined multicast groups, and displays statistics such as the data rate and packet rate.

The Netprobe host must be able to "listen" for the required multicast traffic (i.e. it should be on the same network segment as a host already subscribing to the required multicast data).

Views

View

The X Top plug-in produces a single view, with one row per top multicast session.

x-top2

Headline Legend

Name Description
totalSenders Total number of senders found matching the configured sessions.
overallSendRate Sum of data rates for all found senders (including those not in the view).
overallPacketRate Sum of packet rates for all found senders (including those not in the view).
topSendersTraffic Percentage of traffic generated by the top sender.

Table Legend

Name Description
rank The rank of the multicast sender - lower numbers indicate this source is sending more traffic.
hostname The hostname of the multicast sender.
ipAddress The IP address of the multicast sender.
dataRate Data sent in Kb/s, averaged over the sample interval.
pktRate Packets sent in Kb/s, averaged over the sample interval.
tmSinceLastPkt Number of seconds since the last packet was received.
balance Percentage of total traffic detected generated by this source.

Plug-in Configuration

The X Top plug-in listens to all multicast data received by a host, and matches the destination address and port with those configured by the user.

Plug-in configuration is placed in the x-top configuration section.

var-recvInterfaces

Specifies a comma-separated list of network interface names used to monitor multicast data.

On UNIX machines, interface names can be found using the command "ifconfig -a". Example names are "eth0" or "ce0".

On Windows machines, interface names can be listed by running Netprobe using the "-ifconfig" command-line option. A Windows interface name will look similar to the following:

\Device\NPF_{BDFE3EAC-0275-440A-923C-C9C4CE3B37F2}

Mandatory: Yes

sessions

Specifies the list of (at least one) multicast sessions that this plug-in will monitor.

Mandatory: Yes

sessions > session > var-name

The name of the multicast session. Session names should be unique within each plug-in instance.

Mandatory: Yes

sessions > session > connection

Specifies the multicast address and port for the session - multicast packets received for this connection will be added to the monitoring statistics for this session.

Mandatory: Yes

var-showTop

This parameter specifies the number of top senders to display in the view, which must be a positive integer of at least 1. Top senders are determined by comparing the data rate values. The view may show less than the configured number, if there are less senders than this value.

Mandatory: No
Default: 10

var-resolveIPAddress

This setting takes a Boolean value, and specifies whether or not the IP address of a multicast sender will be resolved to a hostname.

Mandatory: No
Default: true

Permissions

The plug-in requires the netprobe to be run with root permissions (on Unix operating systems) or as a local Administrator on Windows, as it needs to open network devices.

On Linux kernel versions 2.6.24 and up, an alternative to running the netprobe as root is available: Set the CAP_NET_RAW and CAP_NET_ADMIN Linux capability on the netprobe binary with the command "setcap cap_net_raw,cap_net_admin+eip <netprobe binary>" replacing <netprobe binary> with the appropriate netprobe binary file such as 'netprobe.linux_64'.

When running the netprobe with set capabilities, the lib64 folder in the netprobe directory should be put in the ld.so trusted paths. Otherwise, the runtime libraries will not be loaded properly. For guidance, see Run Netprobe under elevated privileges in Linux in .

On Solaris an alternative is to run the netprobeGXL program available from ITRS Support. This program is an auditable utility which runs as setuid root. The purpose of this program is to open the network device which is then passed to Netprobe, so that Netprobe does not need to run with root privileges.

Third Party Libraries

Windows: The Winpcap packet capture library http://www.winpcap.org/install/default.htm needs to be installed on the host. Version 4.0.2 is required for Windows Vista/Server 2003 support.

Unix: The shared library libpcap.so (version 1.0.0 or later is recommended) needs to be in the netprobe lib64 directory.

Note: As the netprobe needs to be run as root the LD_LIBRARY_PATH is ignored for security reasons.