X Top Plug-in - Technical Reference
The Geneos X Top plug-in monitors the top N producers of multicast traffic from a list of user-defined multicast groups, and displays statistics such as the data rate and packet rate.
The Netprobe host must be able to "listen" for the required multicast traffic (i.e. it should be on the same network segment as a host already subscribing to the required multicast data).
The X Top plug-in produces a single view, with one row per top multicast session.
|totalSenders||Total number of senders found matching the configured sessions.|
|overallSendRate||Sum of data rates for all found senders (including those not in the view).|
|overallPacketRate||Sum of packet rates for all found senders (including those not in the view).|
|topSendersTraffic||Percentage of traffic generated by the top sender.|
|rank||The rank of the multicast sender - lower numbers indicate this source is sending more traffic.|
|hostname||The hostname of the multicast sender.|
|ipAddress||The IP address of the multicast sender.|
|dataRate||Data sent in Kb/s, averaged over the sample interval.|
|pktRate||Packets sent in Kb/s, averaged over the sample interval.|
|tmSinceLastPkt||Number of seconds since the last packet was received.|
|balance||Percentage of total traffic detected generated by this source.|
The X Top plug-in listens to all multicast data received by a host, and matches the destination address and port with those configured by the user.
Plug-in configuration is placed in the x-top configuration section.
Specifies a comma-separated list of network interface names used to monitor multicast data.
On UNIX machines, interface names can be found using the command "ifconfig -a". Example names are "eth0" or "ce0".
On Windows machines, interface names can be listed by running Netprobe using the "-ifconfig" command-line option. A Windows interface name will look similar to the following:
Specifies the list of (at least one) multicast sessions that this plug-in will monitor.
sessions > session > var-name
The name of the multicast session. Session names should be unique within each plug-in instance.
sessions > session > connection
Specifies the multicast address and port for the session - multicast packets received for this connection will be added to the monitoring statistics for this session.
This parameter specifies the number of top senders to display in the view, which must be a positive integer of at least 1. Top senders are determined by comparing the data rate values. The view may show less than the configured number, if there are less senders than this value.
The plug-in requires the netprobe to be run with root permissions (on Unix operating systems) or as a local Administrator on Windows, as it needs to open network devices.
On Linux kernel versions 2.6.24 and up, an alternative to running the netprobe as root is available: Set the CAP_NET_RAW and CAP_NET_ADMIN Linux capability on the netprobe binary with the command "setcap cap_net_raw,cap_net_admin+eip <netprobe binary>" replacing <netprobe binary> with the appropriate netprobe binary file such as 'netprobe.linux_64'.
When running the netprobe with set capabilities, the lib64 folder in the netprobe directory should be put in the ld.so trusted paths. Otherwise, the runtime libraries will not be loaded properly. For guidance, see Run Netprobe under elevated privileges in Linux in .
On Solaris an alternative is to run the netprobeGXL program available from ITRS Support. This program is an auditable utility which runs as setuid root. The purpose of this program is to open the network device which is then passed to Netprobe, so that Netprobe does not need to run with root privileges.
Third Party Libraries
Windows: The Winpcap packet capture library http://www.winpcap.org/install/default.htm needs to be installed on the host. Version 4.0.2 is required for Windows Vista/Server 2003 support.
Unix: The shared library libpcap.so (version 1.0.0 or later is recommended) needs to be in the netprobe lib64 directory.
Note: As the netprobe needs to be run as root the LD_LIBRARY_PATH is ignored for security reasons.