I'm looking to monitor a VoIP environment and its servers use a large range of ports when communicating. My question is, how do I monitor the massive amount of ports and servers without busting through the ip/port combination maximum?
Also, the environment does not have the VoIP decode so was going to use gen with trans for the TCP call setup traffic and UDP for the actual voice traffic to give them volume based metrics.
Let me know if there is anything clever I can try within these constraints.
I don't have any clever ways of monitoring such a large range of ports and IPs but as long as your AMD is beefy enough you should be able to increase the limit of monitored ports by editing the driver.max.addr.filter.size property in the rtm.config file. If volume metrics are all that is needed you could also use the autodiscovery feature or even better create a specific autodiscovery rule for that traffic.
Hope that helps.
In the end the client only wanted volume metrics and no call quality stats, so I did two things:
1) Added an auto-discovery rule, like you guessed
2) Adjusted the bytes count for an auto-discovered service to be 1024 instead of the lower default value. This way auto-discover doesn't create a thousand software services... it has to see 1024 bytes of traffic before it creates one.