Posted: Sun Jul 02, 2006 3:17 Post subject: SNMP OID for Active IP Connections?
Hi, I looking for a SNMP OID for Active IP Connections, as in DD-WRT v23 SP1 control panel Status / Router / Network.
I've tried to look and search thru wiki, old & new forums and browse SNMP with Getif, but found nothing.
In the "Get temperature through snmp (OID)" thread mapas wrote about "tcp connections (active/passive)" (.1.3.6.1.2.1.6.5.0 and .1.3.6.1.2.1.6.6.0), but it doesn't work for me, these numbers do not correspond to the above mentioned counter in the web control panel -- which stands for concurrent connections, and these OIDs from mapas are counters.
So, I'm looking for the concurrent connections OIDs.
Anyone? TIA.
OID 1.3.6.1.2.1.6.9
Type Gauge
Units
Access read-only
Status mandatory
The number of TCP connections for which the
current state is either ESTABLISHED or CLOSE-
WAIT.
I would think this would show you the number of open TCP connections.
EDIT: Actually, after doing an SNMPwalk of the device while I had the status page open, the OID 1.3.6.1.2.1.6.6.0 looks feasible. I know you mentioned that this one didn't correspond to the number of connections (was it way off or just slightly off?), but my walk value was fairly close to the numbers I was seeing on the web interface during the walk. _________________ WPA2-RADIUS AP: DD-WRT v24 SP1 std on WRT54GS v2.1
Spare AP: DD-WRT v24 SP1 std on WRT54G v3
Actually, after doing an SNMPwalk of the device while I had the status page open, the OID 1.3.6.1.2.1.6.6.0 looks feasible. I know you mentioned that this one didn't correspond to the number of connections (was it way off or just slightly off?), but my walk value was fairly close to the numbers I was seeing on the web interface during the walk.
Currently (shortly after router restart) it's like 1476, while in DD-WRT UI it shows 291 concurrent active IP connections. OID you are suggesting grows indefinitely until the router is restarted. But I'm looking for immediate count ("gauge" in the language of mrtg) of concurrent IP connections, as shown in DD-WRT UI.
I've even upgraded my firmware to match yours (from your signature), but it did not help.
Thanks for your input anyway. :)
So, I'm still looking for it --
IMHO it's vital to watch this number, as the majority of us knows what happens when DD-WRT reaches the limit of "IP Filter Maximum Ports".
It may be something as simplistic as cat'ing /proc/net/ip_conntrack and counting the number of lines it spits out, I'm not entirely sure.
You could check out the source code for the web page and see what it actually does to fine the number of connections. It may not be an SNMP OID - I'm not entirely sure. _________________ WPA2-RADIUS AP: DD-WRT v24 SP1 std on WRT54GS v2.1
Spare AP: DD-WRT v24 SP1 std on WRT54G v3
I know with Cacti (it sounds like you're using MRTG - I highly recommend you check out Cacti) you can poll statistics from a machine in other ways than just SNMP polls - you can run local linux scripts. There actually exists a "Unix - Get TCP Connections" Data Input Method preinstalled in Cacti. If you wanted to make your own, see Cacti's website for details on how exactly to do this.
Poke around in the /etc/snmp/snmpd.conf file to see if you can add this as an SNMP OID - I've never done it personally. _________________ WPA2-RADIUS AP: DD-WRT v24 SP1 std on WRT54GS v2.1
Spare AP: DD-WRT v24 SP1 std on WRT54G v3
Well, then the only other solution I can see is writing a simple script to export the values given by
wc -l /proc/net/ip_conntrack
to the snmpd.
I don't do it with the nvram settings, I preffer jffs or smbshare. So here is how I would do it:
One minor problem may arise when there's less than 1000 connections, since cut -b 4-7 embeds at least one space then. So I'd rather use sed -n $= /proc/net/ip_conntrack.
And because I have no jffs at the time, I'm using the following as a startup script (defined thru UI: Administration / Commands / Save Startup). Maybe someone will find it useful:
Well, you mean use wc -l /proc/net/ip_conntrack | awk '{print $1}' instead of /bin/sed -n $= /proc/net/ip_conntrack, right?
I don't know if it would be more efficient, but a) my method executes only one executable each time SNMP is queried, and b) when I put piped command directly in snmpd.conf it didn't work.
Well, you mean use wc -l /proc/net/ip_conntrack | awk '{print $1}' instead of /bin/sed -n $= /proc/net/ip_conntrack, right?
I don't know if it would be more efficient, but a) my method executes only one executable each time SNMP is queried, and b) when I put piped command directly in snmpd.conf it didn't work.
I found a better command:
Code:
grep -c tcp /proc/net/ip_conntrack
for the number of active TCP connections, use the command below for active UDP connections: