-
Re: Monitor Number of Ports Being Used
Jan Pelousek Nov 14, 2016 4:31 PM (in response to nick_scott)1 of 1 people found this helpfulHello, I believe if you are also using the SAM, you may create custom powershell template like Create a Windows PowerShell monitor . As you plan to monitor the poller directly (or is polled by SAM agent), the component may initiate just local session. The script body will be
Write-Host ("Statistic: " + (Get-NetTCPConnection).count)
Then define the thresholds for the component and create alert as usual.
-
Re: Monitor Number of Ports Being Used
rschroederNov 14, 2016 4:53 PM (in response to nick_scott)
I'm a bit confused about your referencing 64K ports. Do you mean polled elements? If not, what ports are you referencing?
If you ARE talking about polled elements, you can see how many are being polled each time you look at the Polling Engine Status. I put mine right in the home page of NPM:
Is this what you're referencing?
This doesn't get you an alert, but it's very easy to see how many items are polled, and what percentage of polling completion is happening.
From there, a good custom SWQL person might find it easy to build an alert from that info . . .
-
Re: Monitor Number of Ports Being Used
Jan Pelousek Nov 14, 2016 5:08 PM (in response to rschroeder)My understanding is, that we're about detection of approaching the max number of opened TCP connections. This is by protocol defined as 65535 because of 16 bit TCP header.
-
Re: Monitor Number of Ports Being Used
rschroederNov 14, 2016 5:11 PM (in response to Jan Pelousek)
Ah, now I understand. Thank you for clarifying that. Please disregard my earlier post.
-
Re: Monitor Number of Ports Being Used
nick_scott Nov 15, 2016 7:58 AM (in response to Jan Pelousek)You got it Jan! That is exactly what I was looking for. Thank you very much!
-
Re: Monitor Number of Ports Being Used
RichardLettsNov 15, 2016 3:08 PM (in response to Jan Pelousek)
a TCP connection is defined by the tuple: (local IP, local port, remote ip, remote port); There is nothing in the TCP protocol that says the only the local port part has to be unique for each TCP connection.
i.e. (10.1.1.1,22,10.2.2.2,1230) and (10.1.1.1,22,10.3.3.3,1230) are two different connections
The same is true for UDP; the SNMP code I wrote back in the 1990's used a single source UDP port on the source side and did its own demultiplexing of incoming packets to avoid the problem of limited numbers of file descriptors in large networks. It also makes it MUCH easier to punch a network-management-sized hole through a firewall.
-
-