Hi guys,
I deployed the netstat plugin on a Windows server.
Then went to manual check and configured “Critical”, when more than 10 time_wait connections are present.
Can you help me?
Everything seems OK. What i’m doing wrong?
The manual check is the problem. If the windows plugin is deployed then you should get automatically an TCP connection service on your Windows host. Now you can define the warning/crit values for this discovered service.
Andreas, Hi!
I put the “netstat_an.bat” inside plugin directory and restarted check_mk service. Am i missing anything?
I mean, i did it manually.
Inside “host and service parameters”, there is a rule called “Established TCP/UDP connections”, which only says: “Deploy netstat plugin”. What does it mean? i don’t think check_mk deploys automatically netstat plugin inside the windows server, right? So, what does it mean?
Then, inside “manual check”, are all sort of things to be set (warning and critical levels for different things), but i get that error.
So… this is exactly the reason why i called this thread “howto”. Can you tell me the steps to configure and set levels for tcp/udp connections? No matter the regexp right now (in my case, i need a critical when there is a specific amount of time_wait connections…). I just wanna make it work.
Thanks!!
One mistake from my side. The “netstat_an.bat” is not automatically discovered.
What i had in mind was the behavior of the “tcp_conn_stats” for Windows and Unix.
But this is only a performance counter what needs to be enabled inside the agent config.
Ok you have deployed the plugin. Now you need only to check that the output is generated.
If yes it is sufficient first to create a “manual check” for this host without parameters.
The result should be one check like this.
If this check is shown you can make your rule a little bit more specific to get to your needed information.
Andreas, I did that.
Like i said, if i do a cmk -d… i see the plugin output.
…
…
<<<>>>
<<<win_netstat>>>
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
…
…
Creating a manual check, without parameters, shows a new service… like i showed you.
“Error getting data from agent”
What i’m missing?
Like i said, i put the “bat” inside “plugin” directory and restart cmk service. That’s all.
Anything else? do i have to specify anything on check_mk.ini?
Thanks!
Ok if the output is there, can you please show the manual service definition. The small screen in my post is also from a manual service definition without any parameters for this host.
Andreas. My god.
The answer was on the combobox.
My brain never saw it.
netstat is not the one… (default)
you have to set… “win_netstat”
Can’t believe it.
It works perfect.
See you next time!
Hi Andreas,
ich verwende checkmk 2.0p3 und versuche gerade netstat für windows zu discovern. Wenn ich vom checkmk-Server ein Telnet auf Port 6556 auf den Windows-Server mache, bekomme ich schon den richtigen Output:
<<<win_netstat>>>
Aktive Verbindungen
Proto Lokale Adresse Remoteadresse Status
...
jedoch wird nichts discovered. Was fehlt mir noch? Wäre toll wenn Du mir einen Tipp geben könntest. Früher gab es das Wato, jetzt liegt alles unter setup. Muss ich noch einen manuellen Check für den Host einrichten? Wenn ja, wo mache ich das in der 2.0 Version?
Vielen Dank im Voraus
BG
Olli
Wie oben beschrieben muss ein manueller Netstat Check erstellt werden und bei diesem muss auch richtiger weise “win_netstat” ausgewählt werden.
Name in 2.0 müsste “Monitor specific TCP/UDP connections and listeners” sein.
Wow, vielen Dank Andreas, jetzt habe ich es gefunden. Ganz schön versteckt. Wenn dort im Anzeigename etwas von netstat gestanden hätte, hätte ich es sicherlich allein gefunden. Hätte hätte Fahrradkette… Freu mich, dass es jetzt rennt. Nochmals danke!
Eins fällt mir noch ein … gibt es eine Übersetzungstabelle oder Datei, wo ich durch einfaches Suchen nach netstat auf diesen Anzeigenamen “Monitor specific TCP/UDP connections and listeners” schliessen kann? Oder anders gefragt, wie hast Du den Anzeigenamen gefunden?
BG
Olli
Nach “connections” gesucht 
Alles was mit so TCP/UDP Zeugs zu tun hat heißt irgendwie halt “connection”.
To add on
Extra: If the plugin works correctly, doing telnet again will return the netstat infos.
Kudos to the team for this awesome plugin, saves a lot of my time
I want to implement this too on 1.6 and so i am searching for “Monitor specific TCP/UDP connections and listeners” on 1.6 but cannot find. Searched on “connections” too …
plugun exists on 1.6 , installed, netstat info received by CMK server but i need the name of the rule.
DOCUMENTATION please.
Remember with 1.6 there is no global rule search.
Take a look at the categorie “Manual checks” there you should find the rule “Monitor specific TCP/UDP connections and listeners”.
I feel a little stupid: where do i find the categorie manual check?
On 2.0 (in my test environment) i find the rule “Monitor specific TCP/UDP connections and listeners” in setup > services > enforced services under “Networking”
On 1.6 in WATO ; “Host & Service Parameters” ; “Parameters for discovered services” : there is there a similar “NETWORKING” part but there is no “Monitor specific TCP/UDP connections and listeners” in it.
And i do not see a category “Manual checks” ; i see a category “Active checks”.
Tanks, i was looking in Host & Service parameters
I am very happy about the help here. It works now.
But can you put al this wisdom in the official “Check manual page of win_netstat” : it contains now not much usefull information about it (exept the fact that the agent needs to be installed).
A feature that exists for more than 5 years and is “official part of Check_MK” , i would expect a decent “Check manual page of win_netstat”.
“No work is done before the paperwork is finished”
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
