cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Netstat monitoring for connection status and source IP

rishisingh1210
Visitor

Hello Folks

 

How can I monitoring something like netstat on Linux host i.e

Somthing like source address and if connection is established or not ?

Proto Local Address Foreign Address State
TCP 57.4.247.208:52606 ec2-54-81-72-134:https ESTABLISHED
TCP 57.4.247.208:53652 93:https ESTABLISHED
TCP 57.4.247.208:53712 ec2-52-210-196-187:https ESTABLISHED

1 REPLY 1

AntonioSousa
DynaMight Guru
DynaMight Guru

@rishisingh1210,

Some of the information is grabbed by the network module. It includes things like connections refused & timed out, even lower level things like retransmissions. It is even grabbed at the process level. Is has been very useful to me, and had a very big use case last month. You might need to get in more details at the server/network level, but it is very helpful.

What you are asking for is an "audit like" level of all connections in a server. They can be huge! You could eventually ingest them as logs, but what would be the use case besides an audit?

Another option might be to use eBPF, and you can get some inspiration n this article: https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca9...
Don't know anyone that has done this in Dynatrace though.

Finally, I once saw an offering based on Gigamon. Not sure if it does what you need, but check it out at:
https://www.dynatrace.com/hub/detail/gigamon-hawk-deep-observability-pipeline/

Antonio Sousa

Featured Posts