Collect IP and Port (date and time) of a Connection

[Rob Lindsey]

We have had a few things going on with our network where they are replacing firewalls and routers and switches and such.  Well this has affected connections to our interface engines, just the test connections (thank goodness).  The networking team has asked us to keep track of every connection, not just if the outside connection has sent data.  I have that one already but if a outside connection via VPN has made a connection.  We have a lot of connections that happen but if they do not send data in our test environment how can we get the IP and Port with date and time of the connection.  I know that if I turn up the EO config (enable_all or enable_PDL_all) I can get that information but that would be a huge waste of process log size and disk I/O.

Does anyone have any thoughts on how this might be done easily?  I have a feeling it might be a PDL change.  FYI, we have 32 CL servers with over 15,000 threads between all of the servers.

TIA

Rob Lindsey

Topic

[Steve Herber]

We have multiple alerts on all of our threads and we track each change to opening, up, or down state and include the date and time.  We keep the logs for 90 days.  We have another script we call thread history that goes through the logs pulling out the information about the particular thread we specify on the command line.

In you case I would expand the script to do an lsof or netstat and also log the network information for the thread.

 

Steve Herber

1 prod server with about 400 threads.

Steve Herber
University of Washington

[Rob Abbott]

I can see why you are wanting this information.  I will enter an enhancement request for a future release:

• Log inbound connections as module/INFO/1.  Log entry will be timestamped and contain the IP and port of the remote client

I will request this for PDL, TCP/IP and web service providers.

Rob Abbott
Cloverleaf Emeritus

[Joe Grathoff]

Since you’re doing an engineering request, it would be nice to see IP/Port in the netmonitor maybe under thread status.

[Charlie Bursell]

What if you define the thread as multiserver with one connection.  You will get the address connecting to you in the metadata.  You could run a proc in startup and log time and address from there.

[Rob Abbott]

It is a workaround for now – but I think they want the connection info at the time of connection, not when a message comes in.

Rob Abbott
Cloverleaf Emeritus

[Charlie Bursell]

i was thinking the first message after the thread starts would probably be the initial connection time.  That’s why I recommended putting it in start potion of Tcl.

 

I do agree it would be nice if the engine provided this data without needing a message.

[Steve Herber]

I did not mention in my earlier note, but we collect the up/down changes from the alert system.

I think this data would be most valuable as a new alert, one on each connection and another on each disconnection to handle the multiple connection situation server.

Steve Herber
University of Washington

[Rob Abbott]

Hi all, these log entries already exist.  Here are examples for both the TCP and PDL drivers:

 

[pdl :PDL :DBUG/0:pdl_server_5556:09/17/2019 11:43:23] tcp-client: 127.0.0.1:57616 connect to server
[tcp :open:DBUG/0:tcp_server_5555:09/17/2019 11:43:26] tcp-client: 127.0.0.1:54478 connect to server

 

the client IP and port are shown in the log entry.  I’m attaching an EO config that will enable these entries in your log file.   Tested on 19.1 so YMMV on earlier releases, but it should work.

Note that there is a lot of other log entries that are dumped with PDL DBUG/0.  I am going to request that both of these entries be moved from DBUG/0 to INFO/1.

Edit: remove .txt from the filename and drop it in your <site>/eoalias or <root>/eoalias/root directory.

• This reply was modified 5 years, 3 months ago by Rob Abbott. Reason: file upload failed without extension

Attachments:

You must be logged in to view attached files.

Rob Abbott
Cloverleaf Emeritus

[Author]

Replies