[SOLVED] SunOS 5.10 Netstat monitoring/logging help

narddawg314 · 05-11-2015, 03:32 PM

I'm looking for some assistance with logging connections to a server. I need to know when a connection is established and from where. It would be great if protocol or what the connection is for could also be logged.

My end goal is to identify what servers are connecting to this server and what they are doing. This server acts as our NAS and I need to do some maintenance and don't want to take it down during high traffic times. I also need to notify the other server owners to suspend any jobs that connect during the maintenance window.

jlliagre · 05-11-2015, 05:50 PM

You can use this script: http://www.brendangregg.com/DTrace/connections

Replace SS_TCP_FAST_ACCEPT by SS_DIRECT if you got an error about the former being undefined.

narddawg314 · 05-27-2015, 11:09 AM

Quote:

Originally Posted by jlliagre

You can use this script: http://www.brendangregg.com/DTrace/connections

Replace SS_TCP_FAST_ACCEPT by SS_DIRECT if you got an error about the former being undefined.

Thank you, and this worked great on the DEV box, but on the PROD server there is no /user/bin/ksh only /usr/bin/sh. Any hints to convert this to work in that shell?

This is the response:

Code:

./connections.sh: syntax error at line 87: `(' unexpected

I've tried removing the parenthesis it's referring to, but as expected that caused another error:

Code:

./connections.sh: print: cannot open

I tried escaping the parenthesis to see if that would do the trick, but no dice again:

Code:

./connections.sh: (: cannot open

jlliagre · 05-27-2015, 03:33 PM

Huh, ksh removed from a production server ??

Try /usr/xpg4/bin/sh which should just work, assuming it hasn't been removed too.

narddawg314 · 05-28-2015, 11:23 AM

Quote:

Originally Posted by jlliagre

Huh, ksh removed from a production server ??

Try /usr/xpg4/bin/sh which should just work, assuming it hasn't been removed too.

..i'm a bonehead. it's there. anyway, I'm getting a different error in PROD now with this section:

Code:

### Process options
while getopts htvZ name
do
        case $name in
        t)      opt_time=1 ;;
        v)      opt_timestr=1 ;;
        Z)      opt_zone=1 ;;
        h|?)    cat <<-END >&2

It's complaining about the << saying there is no closing

Code:

./connections.sh[65]: syntax error at line 71 : `<<' unmatched

narddawg314 · 05-28-2015, 11:34 AM

well well well.... found this little snippet and decided to try it out:

Quote:

Make sure the 'EOF' is at the beginning of the line ... there should be no
white space prior to the EOF label.

I modified the closing "END" statement that appears below what I pasted above, by deleting all whitespace and it worked.

Would this be due to different ksh versions or something else at play here do you think?

jlliagre · 05-28-2015, 08:20 PM

That's odd. There should be no need to remove the leading spaces as << is used with the "-" modifier (ie. "<<-END" vs "<<END")