How to trigger an alert when the number of TCP connections to a particular port exceeds a certain number.

search cancel

How to trigger an alert when the number of TCP connections to a particular port exceeds a certain number.

book

Article ID: 227057

calendar_today

Updated On:

Products

NetMaster Network Management for TCP/IP NetMaster File Transfer Management NetMaster Network Management for SNA NetMaster Network Automation SOLVE:Operations Automation

Issue/Introduction

Request an SVC Dump be taken when TCP connections to a particular port exceed a certain threshold.

For example when more than 50 Established TCP connections are made to Port xxx, trigger a Slip Trap to produce an SVC Dump. Note the port is in use by only one application and is a server port in Listening mode. TCP connections can be in established, timewait or finwait states.

Environment

Release : 12.2

Component : CA NetMaster Network Management for TCP/IP

Resolution

Created NCL code that listens for connection start events and uses a call to EZBNMIFR to determine if the current active connection count is over the threshold. It relies on a /IPAPPLS definition that would deliver the SMF connection start events to NetMaster. (Deliver Records = INIT or BOTH).

The procedure would be tailored for the port and jobname of interest and the threshold. The action taken in the sample is to issue a system display time command. This would be replaced with the SLIP command.

See attached CON# file.

Details of NCL Sample:

-* Sample connection count monitor
-* /IPAPPLS required to have Deliver Records set to INIT or BOTH
-* for connections using the port specified

&jobname = NMCS81 -* Filter connection events for this job
&monport = 8011
&threshold = 4

&conactive = 0 -* wait til first connection event

&intcmd PROFILE EDS ENABLE=CONN TYPE=APPLICATION +
NAME=$IP.CONNECT.START RESOURCE=&jobname
&intread set
&DOWHILE &conactive < &threshold
&intread type=any mdo=conn.
&assign vars=cn@* generic from mdo=conn.
&IF &cn@lclport = &monport &then +
&do
&call proc=$IPCALL +
SHARE=($IPDATA.) +
PARMS=(ACTION=GET,CLASS=LSTNRLST,LPORT=&monport)
-*
-* connection.{1}.jobname ................. NMCS81
-* connection.{1}.connId .................. 0039F5CA
-* connection.{1}.lclHost ................. *
-* connection.{1}.lclPort ................. 8011
-* connection.{1}.active .................. 4
-* connection.{1}.accept .................. 9
-* connection.{1}.backlog ................. 0
-* connection.{1}.blmax ................... 20
-* connection.{1}.blExceed ................ 0
-* connection.{1}.idle .................... 0:00:00
-*
-* Assume not shared port and only one listener
-*
&IF &retcode eq 0 &THEN +
&DO
&Assign vars=conactive from mdo=$ipdata.connection.{1}.active
&DOEND

&DOEND
&DOEND

&write data=CON# &conactive gt &threshold !!!
&intcmd SYSCMD D T
&INTREAD STRING &MSG
&write data=CON# &MSG
&INTREAD STRING &MSG
&write data=CON# &MSG
&write data=CON# Mission accomplished
&RETURN

Attachments

1635312165529__CON#.txt get_app

Feedback

thumb_up Yes

thumb_down No