Using Logmon to Capture Output of Netstat Command and Alarm if Port is Not Found

Document ID : KB000010691
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Configuring the logmon probe in command mode to run a netstat command and configure an alert against the output. 

Background:

We need to monitor to see whether a UDP port is open and listening on a Linux robot.  If it is not present, we want to raise a Critical Alarm.

Environment:
UIM 8.5.1logmon 3.90 on a Linux Robot
Instructions:

1- Identify the appropriate command (sample below) to see if our port or service is present or NOT present.  This example looks for 'radius'.  If found, it will print: "Found Radius".  If NOT found, it will return: "No Radius".

if netstat -a | grep -qi "radius"; then echo Found Radius; else echo No Radius; fi

Validate that the command returns the expected output.  Use a bogus string if necessary to test the failure case.  For example as shown in Figure 1.

Figure 1:

Figure1.JPG

2- Deploy the "logmon" probe to the robot you want to monitor.

3- Using the IM or admin console, configure a new 'command' profile.  Use the command above as the command in the profile, for example as shown in Figure 2.

Figure 2:

Figure2.JPG

4- Create a new Watcher Rule on the Watcher Rules tab as shown in Figure 3.  Use the appropriate string returned by the command above.

Figure 3:

Figure3.JPG

5- For testing purposes, you may edit the string in the command to a bogus string, for example:

if netstat -a | grep -qi "radius123"; then echo Found Radius; else echo No Radius; fi

to validate the alarm is generated.  You can also create a "good case" informational alarm as shown in Figure 4.

Figure4.JPG

Additional Information:

The message in the logmon.log file: "Unable to open logmon.dta file"  is not an issue and will appear in a working environment.

Logmon Probe Documentation