Anyone have any ideas on making sure a client is connected and passing data over a socket?
What I know a head of time:
I know I could scrape netstat to get connection count. I know I can get traffic info with a netflow collector and some hackery (or a tool like boundary), but it would be nice to do it in check_mk instead (fewer support teams involved). Maybe do something with this http://msdn.microsoft.com/en-us/library/70xadeyt(v=vs.110).aspx, but at that point I’d rather do it at the netflow level so I have a cross platform solution.
Thoughts?
Patrick
Hi Patrick,
Interesting idea. Would sampled packet capture, or even permanent
packet capture be sufficient?
You could write a agent plugin that either invokes the capturing tool
at same interval, or manage the capture out of band as a long-lived
process or scheduled task, and then use the plugin to collect & report
things like number of packets, number of bytes etc.
The use of agent caching & async may be useful for such a plugin
(http://mathias-kettner.de/checkmk_windows.html)
windump is the CLI equivalent to tcpdump on other platforms, or you
could use tshark, wireshark's CLI tool, or something else.
You could store a pcap with relatively few bytes per packet (just
enough to store IP/TCP headers) and then during your plugin run,
output some stats. You could even ask your capture tool to rotate
pcaps at some interval (time, num packets, size etc) and then that
rotation might be useful to 'know' data has passed.
I know that for at least windump and tshark, you'll need winpcap
installed to run those tools.
Otherwise the netflow option sounds more broadly useful, although
collecting flows at the right points in your network might be
challenging.
Let me know what you come up with 
Regards,
Chris