Hi all,

I have munin running a while and the odd time I was getting an email alert about connections through my firewall but today I'm getting them every couple of minutes.

the email has the following contents

ocaldomain :: localhost.localdomain :: Connections through firewall
CRITICALs: Total is 11.91 (outside range [:5]).

Any idea what Munin is trying to tell me??

It's a bug (or at least a bad interaction) with a difference in behavior of some shells when performing a read on the /proc filesystem. It affects (perhaps among others) recent Ubuntu and Debian releases that switched the system shell to dash.

See http://www.munin-monitoring.org/ticket/1025 - if you correct the two lines in fw_conntrack per the diff in the ticket it should fix the problem, or upgrade to a corrected version if available in your preferred installation approach.

-- David

Thanks a mill for catching that David so quickly. I'll see if I can apply the diff fix.

hmmm.
weird one.
the diff suggests replacing 2 lines of code that my version looks like it already has.

This is the relevant snippet from my

/usr/share/munin/plugins/fw_conntrack

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX </proc/sys/net/ipv4/ip_conntrack_max
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             read MAX < /proc/sys/net/ipv4/netfilter/ip_conntrack_max

Maybe a new bug?

actually ignore my last comment
I found another thread suggesting I switch the line of code I have.
I was reading the diff the wrong way around it would seem! Although I assumed that red highlighted text in a diff was the text to remove and green was what was added!

http://bugs.debian.org/cgi-bin/bugrepor ... =594695#24

Fix was to modify these lines:

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            read MAX </proc/sys/net/ipv4/ip_conntrack_max
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             read MAX < /proc/sys/net/ipv4/netfilter/ip_conntrack_max
        fi

With:

        if [ -f /proc/sys/net/ipv4/ip_conntrack_max ] ; then
            MAX=$(cat /proc/sys/net/ipv4/ip_conntrack_max)
        elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_max ]; then
             MAX=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max)
        fi

Hmm, red should in fact be remove and green add. At least when viewing repository commit diffs.

Ah, unless you're talking about viewing the patch itself. Looking at the actual patch file, it appears to be a diff from local working copy to repository, so when viewed with the default trac view will appear backwards.

But if you click on the actual committed change to the repository it shows up correctly. I should have specifically mentioned viewing the committed change to avoid confusion, sorry.

-- David

No worries David - I figured as much in the end.

Anyway I applied the patch just over an hour ago and no more emails. Fingers crossed!