2009/6/9 Noam Rathaus <no...@beyondsecurity.com>: > Amos, > > What are you trying to count? I hope I understood you correctly, you want to > know how many HTTP requests are being handled, against those that couldn't > be handled due to lack of connections.
Yes. "How many connections from customers have reached our servers but failed to complete the TCP hand shake and send a request?". > > netstat is a very bad counting devices, unless you are counting packets. I know. I try to use it as a tool to find counters which might exist in the kernel. For instance - it can't tell me which port or IP address the connections failed on. > > If you want to count "requests" I would count incoming connection requests > (SYN) vs apache log of requests > > The incoming connections should be counted using tcpdump or similar I just read during my googl'ing that tcpdump is not reliable - it could report packets more than once, e.g. packets which haven't been sent or count packets more than once. Also it slows down the network for time-stamping. Maybe a clever iptables rule can count incoming SYN packets on the relevant ports (we listen on about 4-5 different ports) and then I can compare it against Apache access log for same period. > > while apache log should be easily achievable by grep If the TCP-level connection is dropped before an HTTP request is received then I'm not sure Apache's log will show it (just tried this on a Ubuntu desktop, don't know how much it indicates for CentOS 5). Thanks, --Amos _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il