How to monitor the number of active connections on a port, report this as a QOS metric and alarm if a threshold is breached

Document ID : KB000100197
Last Modified Date : 10/07/2018
Show Technical Document Details
Introduction:
We need to monitor the number of active connections on a port, report this as a QOS metric and alarm if a threshold is breached. Is this possible?
Background:
There is no probe that can achieve this natively as a qos however it is possible to use the logmon probe to execute netstat to collect this data and then report this as a QOS value.

The netstat command to collect the number of active connections to a port is 

netstat -na | find /c "port" 

eg to collect port 48000 
  • Windows
netstat -na | find /c "48000"
  • Unix \ Linux
netstat -na | grep "48000" | wc -l




The instructions below show how to configure the logmon probe to run this command, generate QOS messages for the number of active connections to port 48000 and generate alarms when thresholds are breached

Note the example below is for windows, please change the netstat command for Unix \ LInux
Instructions:

Generate QoS

  1. Open logmon configuration and click the setup button
    • Select the "Quality of Service Definitions" tab
      • Click the green plus to create a new QoS Definition
        • QoS name = Qos_port_48000_connections
        • Description = number of connections to port 48000
        • QoS Unit and Unit Abbreviation = "Bytes" "B"
        • "OK"
  2. Create a new profile called "port_48000" and define the following settings on the General tab
    • Mode = command
    • Command = netstat -na | find /c "48000"
    • Select "Generate Quality of Service"
    • Select "Generate Alarm"
  3. No need to create a Format Rule
  4. Create a Watcher Rule called "count" and configure the watcher tabs as below
    • Standard
      • Match Expression = *
    • Variables
      • Create a  new variable called "connections"
        • in variable settings select "text Block"
        • ok the variable settings
    • QoS
      • Dbl Click "connections" under "QoS on Variables"
        • QoS Name = Qos_port_48000_connections
        • QoS Target = <Robot name>

Create Alarm based on Threshold

  • Each Alarm threshold requires an additional watcher
    • You need to use a regex expression to define the threshold
    • This example sets an alarm when the number of connections is >400 so we need a regex for >400
      • 4[0-9][1-9]|[9][0-9][0-9]|[1-9]\d{3,}
        • you can test this here
  1. Create a Watcher Rule called "alarm greater than 400" and configure the watcher tabs as below
    • Standard
      • Match Expression = 4[0-9][1-9]|[9][0-9][0-9]|[1-9]\d{3,}
    • Message to Send on Match = Connections on port 48000 exceeded 400
    • Message Severity = Your choice of severity for this alarm