TechQA.

Monit for custom UDP protocol check

688 views Asked by At

Ok, I'm a newb for both Linux AND Monit so bear with me here...

I've configured a custom protocol check to monitor a port on a remote device. The remote unit is a DFSI device built on the TIA 102.BAHA standard, which utilizes UDP for communications.

In my monitrc conf file I added this entry... 

check HOST DLC-PORT ADDRESS 192.168.100.85
    if failed
        port 50050 type udp
        SEND "\0x00\0x01\0x00\0xED\0xB6\0x73\0xF5\0x3D\0xD7\0x05\0x05"
        EXPECT "\0x02\0x01\0x00\0x01\0x00\0x00\0x03\0x01\0xC3\0x64"
    then alert

The /var/log/monit.log reports this message...

[PST Jan 5 12:13:41] error : 'DLC-PORT' failed protocol test [generic] at IN ET[192.168.100.85:50050] via UDP -- GENERIC: receiving unexpected data [\0\0\0] -- No match

I've run a Wireshark trace and the send command seems to be sending the proper payload in the packet and the response payload from my device matches the expected string as well.

The log file response message data "\0\0\0" is not the payload of the response packet.

I can't seem to figure out the response message Monit thinks is receiving or format my EXPECTED string correctly. I've tried adding the string "\0\0\0" and adding that string to the end of my expected and adding all the UDP padding bites as well. No luck. Any ideas?

Here is an export from Wireshark, sorry it looks messy on this forum. First frame (40) is the SEND and you can see my send string inserted into the message. Second frame (41) is the response and you can see my EXPECTED string embedded in there too.

Thanks!

No. Time Source Destination Protocol Length Info 40 3.780573 192.168.100.11 192.168.100.85 DFSIControl 60 FSC Connect - 45460 → 50050 Len=11

Frame 40: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: HewlettP_3a:de:f0 (d0:bf:9c:3a:de:f0), Dst: InsideTe_26:db:a5 (00:e0:f4:26:db:a5)

Internet Protocol Version 4, Src: 192.168.100.11, Dst: 192.168.100.85

User Datagram Protocol, Src Port: 45460 (45460), Dst Port: 50050 (50050)

P25 DFSI Protocol for Control Conveyance Message ID: 0x00 FSC Connect Message Version: 0x01 Message Correlation Tag: 0x00 Voice Conveyance Base Port (must be even for RTP): 60854 Voice Conveyance SSRC Identifier: 0x73f53dd7 Fixed Station Heartbeat Period (seconds 5-255): 5 Host Heartbeat Period (seconds 5-255): 5

0000 00 e0 f4 26 db a5 d0 bf 9c 3a de f0 08 00 45 00
0010 00 27 4b 7f 40 00 40 11 a5 95 c0 a8 64 0b c0 a8
0020 64 55 b1 94 c3 82 00 13 b8 59 00 01 00 ed b6 73
0030 f5 3d d7 05 05 00 00 00 00 00 00 00

No. Time Source Destination Protocol Length Info 41 3.791312 192.168.100.85 192.168.100.11 DFSIControl 60 FSC Acknowledgement - 50050 → 45460 Len=10

Frame 41: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: InsideTe_26:db:a5 (00:e0:f4:26:db:a5), Dst: HewlettP_3a:de:f0 (d0:bf:9c:3a:de:f0)

Internet Protocol Version 4, Src: 192.168.100.85, Dst: 192.168.100.11

User Datagram Protocol, Src Port: 50050 (50050), Dst Port: 45460 (45460)

P25 DFSI Protocol for Control Conveyance Message ID: 0x02 FSC Acknowledgement Message Version: 0x01 Acknowledged Message ID: 0x00 (FSC Connect ACK/NAC) Acknowledged Message Version: 0x01 Acknowledged Message Correlation Tag: 0x00 Response Code: 0x00 (General Acknowledgement) Response Data Length: 0x03 Response Version: 1 Voice Conveyance Base Port (must be even for RTP): 50020

0000 d0 bf 9c 3a de f0 00 e0 f4 26 db a5 08 00 45 88
0010 00 26 c8 75 40 00 40 11 28 18 c0 a8 64 55 c0 a8
0020 64 0b c3 82 b1 94 00 12 78 99 02 01 00 01 00 00
0030 03 01 c3 64 00 00 00 00 00 00 00 00

Update: I figured out how to enable very verbose logging and captured this information from a CHECK in the log file.

PST Jan 5 15:20:27] debug : 'DLC-PORT' succeeded connecting to INET[192.168.100.85:50050] via UDP

PST Jan 5 15:20:27] debug : GENERIC: successfully sent: '\0x00\0x00▒s▒=▒'

PST Jan 5 15:20:27] error : 'DLC-PORT' failed protocol test [generic] at INET[192.168.100.85:50050] via UDP -- GENERIC: receiving unexpected data [\0\0\0] -- No match

PST Jan 5 15:20:27] debug : -----------------------------------------------

PST Jan 5 15:20:27] debug : monit() [0x41b83b]

PST Jan 5 15:20:27] debug : monit(LogError+0xb6) [0x41c1c6]

PST Jan 5 15:20:27] debug : monit(Event_post+0x214) [0x418284]

PST Jan 5 15:20:27] debug : monit() [0x42a805]

PST Jan 5 15:20:27] debug : monit(check_remote_host+0x12b) [0x42cacb]

PST Jan 5 15:20:27] debug : monit(validate+0x2b6) [0x42ae76]

PST Jan 5 15:20:27] debug : monit(main+0x482) [0x40ba72]

PST Jan 5 15:20:27] debug : /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f29415d4b45]

PST Jan 5 15:20:27] debug : monit() [0x40bd41]

linux monitoring monit
Original Q&A
0

There are 0 answers

Related Questions in LINUX

Related Questions in MONITORING

Related Questions in MONIT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions