02 May 2024 10:45 AM - edited 02 May 2024 10:46 AM
Hello Folks
How can I monitoring something like netstat on Linux host i.e
Somthing like source address and if connection is established or not ?
Proto Local Address Foreign Address State
TCP 57.4.247.208:52606 ec2-54-81-72-134:https ESTABLISHED
TCP 57.4.247.208:53652 93:https ESTABLISHED
TCP 57.4.247.208:53712 ec2-52-210-196-187:https ESTABLISHED
Solved! Go to Solution.
02 May 2024 08:07 PM
Some of the information is grabbed by the network module. It includes things like connections refused & timed out, even lower level things like retransmissions. It is even grabbed at the process level. Is has been very useful to me, and had a very big use case last month. You might need to get in more details at the server/network level, but it is very helpful.
What you are asking for is an "audit like" level of all connections in a server. They can be huge! You could eventually ingest them as logs, but what would be the use case besides an audit?
Another option might be to use eBPF, and you can get some inspiration n this article: https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca9...
Don't know anyone that has done this in Dynatrace though.
Finally, I once saw an offering based on Gigamon. Not sure if it does what you need, but check it out at:
https://www.dynatrace.com/hub/detail/gigamon-hawk-deep-observability-pipeline/