I'm using Zabbix 3.2. I want to calculate the traffic statistics on network interface based on the program name.
Like for getting total incoming traffic, we use net.if.in[if,] , by same way is it possible to retreive traffic utilized by each running process like in Nethogs. If so, pls share the Item key. Or, if there is any sh script to do the same.
Thanks in advance.
You haven't specified the operating system, but the question is tagged 'unix' and you mention nethogs and shell scripts - I'll assume Linux.
It might be a bit too much to monitor traffic for all of the processes - there could be hundreds of them, and even though many would not use the network, on a server system many would.
It is also important how you want to structure the data. For example, do you want to split it up per process name, or per individual process? Or maybe even process name and its parameters - in case of running several Java JVMs on the same box. You would have to decide on all this, as it will affect the data collection.
As sending data to Zabbix, the simplest way on the Zabbix side would be monitoring by process name only, and creating items in advance, if you know all the process names you will be interested in. If you do not know them, you will have to use Zabbix low level discovery to automatically create items as new processes appear.
And we finally get to the data collection part. Here, it indeed might be the easiest to use nethogs (keeping in mind that UDP is not supported). You can run nethogs in "trace" mode, which is pretty much the same as the "batch" mode for top. In this mode, output is simply printed to stdout.
nethogs -c 1 -d 60 -t
Here, the parameters mean:
Nethogs also supports setting traffic output type with the -v flag. You'd have to decide how you want to visualise this:
With Zabbix, you probably will not want to use modes 1 or 3 - it is better to store data in bytes and allow Zabbix to add the multiplier as needed. In case of the KB/s mode (0), it is probably worth adding an item multiplier of 1024 to store data in bytes and again benefiting from the automatic unit application at Zabbix. Note that in any case you will want to run nethog instances back-to-back, to avoid windows where you are not collecting data. One way to minimise possibility of any windows would be running nethogs constantly (without supplying -c option) and redirecting output to a file. A script would then parse the file and send the data to Zabbix with zabbix_sender.
You wouldn't run this as a normal Zabbix user parameter, neither as an active, nor passive check - it would block for too long. Consider using atd (see this howto) or nohup to launch a script that sends data to Zabbix with zabbix_sender instead.
Note that you must run nethogs as root - use sudo for that.
I'm not aware of any existing scripts for this, but the following might get you started:
nethogs -c 1 -d 1 -t | awk 'BEGIN {FS="[[:space:]/]+"}; /Refreshing/,0 \
{if ($1 != "Refreshing:" && $1 != "unknown") {print $(NF-4), $(NF-1), $NF}}'
Here, awk grabs only program lines and prints out program name and sent/received traffic.