All Apps and Add-ons

Splunk_TA_nix interfaces.sh not working on RHEL7.1

schose
Builder

Hi all,

The script interfaces.sh needed for getting interfaces and network thruput seems to be broken on RHEL7... works fine on RHEL6. "ifconfig" is producing different output for both platforms.

using "Red Hat Enterprise Linux Server release 7.1 (Maipo)" with TA 5.2.1.

does anyone have a fix for that?

Regards,

Andreas

0 Karma
1 Solution

stevenriggs
Engager

This is an old post but the issue seems to still be present. Here's my change to the xLinux part of the script. I hope it helps someone.

if [ "x$KERNEL" = "xLinux" ] ; then
    if [ -f /etc/redhat-release ] ; then
        if grep -q 7 /etc/redhat-release ; then
            #This is RedHat or CentOS 7
            assertHaveCommand ifconfig
            assertHaveCommand dmesg

            CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep flags | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f1 | tee -a $TEE_DEST"
            CMD='ifconfig'
            GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
            GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
            GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
            GET_COLLISIONS='{if ($0 ~ /collisions /) { collisions = $11 }}'
            GET_RXbytes='{if ($0 ~ /RX packets /) { RXbytes = $5 }}'
            GET_RXerrors='{if ($0 ~ /RX errors /) {RXerrors = $3}}'
            GET_TXbytes='{if ($0 ~ /TX packets /) { TXbytes = $5 }}'
            GET_TXerrors='{if ($0 ~ /TX errors /) {TXerrors= $3}}'
            GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
            FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
            BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

            echo "$HEADER"
            for iface in `$CMD_LIST_INTERFACES`
            do
                    # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
                    SPEED=`ethtool $iface | grep Speed: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                    DUPLEX=`ethtool $iface | grep Duplex: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                    $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
                    echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
            done
        fi
    else
        #This is everything but RedHat or CentOS 7

        assertHaveCommand ifconfig
        assertHaveCommand dmesg

        CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:Ethernet' | tee -a $TEE_DEST | cut -d' ' -f1 | tee -a $TEE_DEST"
        CMD='ifconfig'
        GET_MAC='{NR == 1 && mac = $5}'
        GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]}}'
        GET_IPv6='{$0 ~ /inet6 addr:/ && IPv6 = $3}'
        GET_COLLISIONS='{if ($0 ~ /collisions:/) {split($1, a, ":"); collisions = a[2]}}'
        GET_RXbytes='{if ($0 ~ /RX bytes:/) {split($2, a, ":"); RXbytes= a[2]}}'
        GET_RXerrors='{if ($0 ~ /RX packets:/) {split($3, a, ":"); RXerrors=a[2]}}'
        GET_TXbytes='{if ($0 ~ /TX bytes:/) {split($6, a, ":"); TXbytes= a[2]}}'
        GET_TXerrors='{if ($0 ~ /TX packets:/) {split($3, a, ":"); TXerrors=a[2]}}'
        GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
        FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
        BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

        echo "$HEADER"
        for iface in `$CMD_LIST_INTERFACES`
        do
            # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
            SPEED=`dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d'`
            DUPLEX=`dmesg | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([\-\_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d'`
            $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
            echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
        done
    fi
elif [ "x$KERNEL" = "xSunOS" ] ; then

View solution in original post

mljdivemaster
Explorer

This seems to be still an issue, I had to update the script to reflect on how information is presented in RHEL. Using stevenriggs post above, we added following code. The main difference is that we are now using grep "release 7" to avoid grep RHEL 6.7

 if [ "x$KERNEL" = "xLinux" ] ; then
         if grep -q "release 7" /etc/redhat-release ; then
             #This is RedHat or CentOS 7
             assertHaveCommand ifconfig
             assertHaveCommand dmesg

             CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep flags | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f1 | tee -a $TEE_DEST"
             CMD='ifconfig'
             GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
             GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
             GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
             GET_COLLISIONS='{if ($0 ~ /collisions /) { collisions = $11 }}'
             GET_RXbytes='{if ($0 ~ /RX packets /) { RXbytes = $5 }}'
             GET_RXerrors='{if ($0 ~ /RX errors /) {RXerrors = $3}}'
             GET_TXbytes='{if ($0 ~ /TX packets /) { TXbytes = $5 }}'
             GET_TXerrors='{if ($0 ~ /TX errors /) {TXerrors= $3}}'
             GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
             FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
             BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

             echo "$HEADER"
             for iface in `$CMD_LIST_INTERFACES`
             do
                     # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
                     SPEED=`ethtool $iface | grep Speed: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                     DUPLEX=`ethtool $iface | grep Duplex: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                     $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
                     echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
             done
     else
         #This is everything but RedHat or CentOS 7

         assertHaveCommand ifconfig
         assertHaveCommand dmesg

         CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:Ethernet' | tee -a $TEE_DEST | cut -d' ' -f1 | tee -a $TEE_DEST"
         CMD='ifconfig'
         GET_MAC='{NR == 1 && mac = $5}'
         GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]}}'
         GET_IPv6='{$0 ~ /inet6 addr:/ && IPv6 = $3}'
         GET_COLLISIONS='{if ($0 ~ /collisions:/) {split($1, a, ":"); collisions = a[2]}}'
         GET_RXbytes='{if ($0 ~ /RX bytes:/) {split($2, a, ":"); RXbytes= a[2]}}'
         GET_RXerrors='{if ($0 ~ /RX packets:/) {split($3, a, ":"); RXerrors=a[2]}}'
         GET_TXbytes='{if ($0 ~ /TX bytes:/) {split($6, a, ":"); TXbytes= a[2]}}'
         GET_TXerrors='{if ($0 ~ /TX packets:/) {split($3, a, ":"); TXerrors=a[2]}}'
         GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
         FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
         BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

         echo "$HEADER"
         for iface in `$CMD_LIST_INTERFACES`
         do
             # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
             SPEED=`dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d'`
             DUPLEX=`dmesg | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([\-\_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d'`
             $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
             echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
         done
     fi

stevenriggs
Engager

This is an old post but the issue seems to still be present. Here's my change to the xLinux part of the script. I hope it helps someone.

if [ "x$KERNEL" = "xLinux" ] ; then
    if [ -f /etc/redhat-release ] ; then
        if grep -q 7 /etc/redhat-release ; then
            #This is RedHat or CentOS 7
            assertHaveCommand ifconfig
            assertHaveCommand dmesg

            CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep flags | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f1 | tee -a $TEE_DEST"
            CMD='ifconfig'
            GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
            GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
            GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
            GET_COLLISIONS='{if ($0 ~ /collisions /) { collisions = $11 }}'
            GET_RXbytes='{if ($0 ~ /RX packets /) { RXbytes = $5 }}'
            GET_RXerrors='{if ($0 ~ /RX errors /) {RXerrors = $3}}'
            GET_TXbytes='{if ($0 ~ /TX packets /) { TXbytes = $5 }}'
            GET_TXerrors='{if ($0 ~ /TX errors /) {TXerrors= $3}}'
            GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
            FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
            BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

            echo "$HEADER"
            for iface in `$CMD_LIST_INTERFACES`
            do
                    # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
                    SPEED=`ethtool $iface | grep Speed: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                    DUPLEX=`ethtool $iface | grep Duplex: | sed -e 's/^[ \t]*//' | tr -s ' ' | cut -d' ' -f2`
                    $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
                    echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
            done
        fi
    else
        #This is everything but RedHat or CentOS 7

        assertHaveCommand ifconfig
        assertHaveCommand dmesg

        CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:Ethernet' | tee -a $TEE_DEST | cut -d' ' -f1 | tee -a $TEE_DEST"
        CMD='ifconfig'
        GET_MAC='{NR == 1 && mac = $5}'
        GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]}}'
        GET_IPv6='{$0 ~ /inet6 addr:/ && IPv6 = $3}'
        GET_COLLISIONS='{if ($0 ~ /collisions:/) {split($1, a, ":"); collisions = a[2]}}'
        GET_RXbytes='{if ($0 ~ /RX bytes:/) {split($2, a, ":"); RXbytes= a[2]}}'
        GET_RXerrors='{if ($0 ~ /RX packets:/) {split($3, a, ":"); RXerrors=a[2]}}'
        GET_TXbytes='{if ($0 ~ /TX bytes:/) {split($6, a, ":"); TXbytes= a[2]}}'
        GET_TXerrors='{if ($0 ~ /TX packets:/) {split($3, a, ":"); TXerrors=a[2]}}'
        GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_RXerrors $GET_TXbytes $GET_TXerrors"
        FILL_BLANKS='{length(speed) || speed = "<n/a>"; length(duplex) || duplex = "<n/a>"; length(IPv4) || IPv4 = "<n/a>"; length(IPv6) || IPv6= "<n/a>"}'
        BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'

        echo "$HEADER"
        for iface in `$CMD_LIST_INTERFACES`
        do
            # ethtool(8) would be preferred, but requires root privs; so we use dmesg(8), whose [a] source can be cleared, and [b] output format varies (so we have less confidence in parsing)
            SPEED=`dmesg  | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([0-9]+)([Mm]bps)/))             {print $i} else { if (match($i, /[Mm]bps/))   {print $(i-1) "Mb/s"} } } }' | sed '$!d'`
            DUPLEX=`dmesg | awk '/[Ll]ink( is | )[Uu]p/ && /'$iface'/ {for (i=1; i<=NF; ++i) {if (match($i, /([\-\_a-zA-Z0-9]+)([Dd]uplex)/)) {print $i} else { if (match($i, /[Dd]uplex/)) {print $(i-1)       } } } }' | sed 's/[-_]//g; $!d'`
            $CMD $iface | tee -a $TEE_DEST | awk "$BEGIN $GET_ALL $FILL_BLANKS $PRINTF" name=$iface speed=$SPEED duplex=$DUPLEX
            echo "Cmd = [$CMD $iface];     | awk '$BEGIN $GET_ALL $FILL_BLANKS $PRINTF' name=$iface speed=$SPEED duplex=$DUPLEX" >> $TEE_DEST
        done
    fi
elif [ "x$KERNEL" = "xSunOS" ] ; then

schose
Builder

Hi all,

if anyone is interessted i created a patchfile. It's available on https://www.batchworks.de/dateien/public.php?service=files&t=fe7f1a73be92e9bef7474aecf78cd19a

*** interfaces.sh   Mon May 11 19:05:18 2015
--- interfaces.rhel7.sh Mon May 11 19:05:27 2015
***************
*** 23,36 ****
    assertHaveCommand ifconfig
    assertHaveCommand dmesg

!   CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'Link encap:Ethernet' | tee -a $TEE_DEST | cut -d' ' -f1 | tee -a $TEE_DEST"
    CMD='ifconfig'
!   GET_MAC='{NR == 1 && mac = $5}'
!   GET_IPv4='{if ($0 ~ /inet addr:/) {split($2, a, ":"); IPv4 = a[2]}}'
!   GET_IPv6='{$0 ~ /inet6 addr:/ && IPv6 = $3}'
!   GET_COLLISIONS='{if ($0 ~ /collisions:/) {split($1, a, ":"); collisions = a[2]}}'
!   GET_RXbytes='{if ($0 ~ /RX bytes:/) {split($2, a, ":"); RXbytes= a[2]}}'
!   GET_TXbytes='{if ($0 ~ /TX bytes:/) {split($6, a, ":"); TXbytes= a[2]}}'
    GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_TXbytes"
    FILL_BLANKS='{length(speed) || speed = "&lt;n/a&gt;"; length(duplex) || duplex = "&lt;n/a&gt;"; length(IPv4) || IPv4 = "&lt;n/a&gt;"; length(IPv6) || IPv6= "&lt;n/a&gt;"}'
    BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'
--- 23,36 ----
    assertHaveCommand ifconfig
    assertHaveCommand dmesg

!   CMD_LIST_INTERFACES="eval ifconfig | tee $TEE_DEST | grep 'eth' | tee -a $TEE_DEST | cut -d' ' -f1 | tee -a $TEE_DEST | sed 's/://'"
    CMD='ifconfig'
!         GET_MAC='{if ($0 ~ /ether /) { mac = $2 }}'
!         GET_IPv4='{if ($0 ~ /inet /) {split($2, a, " "); IPv4 = a[1]}}'
!         GET_IPv6='{if ($0 ~ /inet6 /) { IPv6 = $2 }}'
!         GET_COLLISIONS='{if ($0 ~ /collisions /) { collitions = $11 }}'
!         GET_RXbytes='{if ($0 ~ /RX packets /) { RXbytes = $5 }}'
!         GET_TXbytes='{if ($0 ~ /TX packets /) { TXbytes = $5 }}'
    GET_ALL="$GET_MAC $GET_IPv4 $GET_IPv6 $GET_COLLISIONS $GET_RXbytes $GET_TXbytes"
    FILL_BLANKS='{length(speed) || speed = "&lt;n/a&gt;"; length(duplex) || duplex = "&lt;n/a&gt;"; length(IPv4) || IPv4 = "&lt;n/a&gt;"; length(IPv6) || IPv6= "&lt;n/a&gt;"}'
    BEGIN='BEGIN {RXbytes = TXbytes = collisions = 0}'
0 Karma

mljdivemaster
Explorer

I downvoted this post because the code is not working on both rhel 6 and rhel 7

0 Karma

dajomas
Path Finder

I downvoted this post because this patch will cause the interface.sh script to work with rhel 7/centos 7 but the script will no longer work for lower versions

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...