We're now gathering data on all open connections. But looking at the netstat output, we can see connections in different states, such as TIME_WAIT and ESTABLISHED:

tcp   0   0   127.0.0.1:10050   127.0.0.1:60774         TIME_WAIT
tcp   0   0   192.168.56.10:22  192.168.56.1:51187      ESTABLISHED  

If we want to monitor connections in different states, would we have to create a new user parameter for each? Fortunately, no. Zabbix supports so-called flexible user parameters, which allow us to pass parameters to the command executed.

Again, edit zabbix_agentd.conf and modify the user parameter line we added before to read as follows:

UserParameter=net.tcp.conn[*],netstat -nt | grep ^tcp | grep -c "$1" 

We've made the following changes:

• First, the addition of [*] indicates that this user parameter itself accepts parameters
• Second, adding the second grep statement allows us to use such passed parameters in the command
• We also moved the -c flag to the last grep statement to do the counting

All parameters we would use now for this key will be passed to the script—$1 substituted for the first parameter, $2 for the second, and so on. Note the use of double quotes around $1. This way, if no parameter is passed, the result would be the same as without using grep at all.

Restart the agent to make it pick up the modified user parameter.

Back in the frontend, follow these steps:

1. Navigate to Configuration | Hosts, click on Items next to A test host, click on Open connections in the Name column, and then click on the Clone button at the bottom of the editing form. Change the following fields:

• • Name: Open connections in $1 state
  • Key: net.tcp.conn[TIME_WAIT]

2. Click on the Add button at the bottom.
3. Now click on Open connections in the TIME_WAIT state in the Name column, click on Clone, and modify the Key field to read net.conn[ESTABLISHED]; then click on the Add button at the bottom.

See the man page for netstat for a full list of possible connection states.

Take a look at Monitoring | Latest data:

It's possible that the values don't match; summing open connections in all states might not give the same number as all open connections. First, remember that there are more connection states, so you'd have to add them all to get a complete picture. Second, as we saw before, all of these values aren't retrieved simultaneously, so one item grabs data, and a moment later another comes in, but the data has already changed slightly.

We're now receiving values for various items, but we only had to add a single user parameter. Flexible user parameters allow us to return data based on many parameters. For example, we could provide additional functionality to our user parameter if we make a simple modification like this:

UserParameter=net.conn[*],netstat -nt | grep ^tcp | grep "$1" | grep -c "$2" 

We added another grep command on the second parameter, again using double quotes to make sure the missing parameter won't break anything. Now, we can use the IP address as a second parameter to figure out the number of connections in a specific state to a specific host. In this case, the item key might be net.conn[TIME_WAIT,127.0.0.1].

Note that the item parameter ordering (passing state first and IP second) in this case is completely arbitrary. We could swap them and get the same result, as we're just filtering the output by two strings with grep. If we were to swap them, the description would be slightly incorrect, as we're using positional item key parameter references in it.