{"id":6449,"date":"2017-09-14T19:56:18","date_gmt":"2017-09-15T00:56:18","guid":{"rendered":"http:\/\/appcrawler.com\/wordpress\/?p=6449"},"modified":"2017-09-14T21:27:16","modified_gmt":"2017-09-15T02:27:16","slug":"formatting-netstat-output","status":"publish","type":"post","link":"http:\/\/appcrawler.com\/wordpress\/2017\/09\/14\/formatting-netstat-output\/","title":{"rendered":"Formatting netstat output"},"content":{"rendered":"<p>We had a need to ingest open sockets into Splunk so we could map our integration points across the enterprise.  We came up with what is below.  This will show if the host on which it is run is a client or a server of this socket, as well as print the IP address and port number of each side of the connection.<\/p>\n<pre>\r\n#!\/bin\/bash\r\n<<HEADER\r\n------------------------------------------------------------------------------------------------------------\r\nAuthor:         ******** Enterprise Architecture\r\nDate:           September 14, 2017\r\nPurpose:        Provide a script to generate open sockets to be ingested into Splunk\r\nRevisions:      SDH 2017-09-14 - Initial copy\r\n------------------------------------------------------------------------------------------------------------\r\nHEADER\r\n\r\nnetstat -anp | \\\r\nawk '$1 == \"tcp\" \\\r\n{\r\n  split($4,src,\":\");\r\n  split($5,target,\":\");\r\n  if ($6 == \"LISTEN\" &#038;&#038; !listenports[src[length(src)]]++) {\r\n    listenports[src[length(src)]]=0\r\n  }\r\n  else {\r\n    type = (src[length(src)] in listenports) ? \"server\" : \"client\"\r\n    print type,src[length(src) - 1],src[length(src)],target[length(target)-1],target[length(target)]\r\n  }\r\n}'\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>We had a need to ingest open sockets into Splunk so we could map our integration points across the enterprise. We came up with what is below. This will show if the host on which it is run is a&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"http:\/\/appcrawler.com\/wordpress\/2017\/09\/14\/formatting-netstat-output\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[14,16],"tags":[],"_links":{"self":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6449"}],"collection":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/comments?post=6449"}],"version-history":[{"count":4,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6449\/revisions"}],"predecessor-version":[{"id":6453,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/6449\/revisions\/6453"}],"wp:attachment":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/media?parent=6449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/categories?post=6449"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/tags?post=6449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}