Documentation is part of plugin code on top. This is quote from there:


This is a nagios plugin that checks number of TCP connections from or to the system. The plugin gets the data either from local computer with 'netstast' or from remote system using 'snmpnetstat' (if '-H' and '-C' are not specified then its local).

You can set this up to provide warning and critical values if number of connections for specific port out or in is too low or too high. Data is also made available for nagios 2.0 post-processing based on specified ports.

This program is written and maintained by: William Leibzon - william(at)


  1. Make sure to check and if necessary adjust the the path to
  2. Make sure you have snmpnetstat in /usr/bin or adjust the path below
  3. Syntax of snmpnetstat is different depending on which NET-SNMP package    you have installed. Please specify your version of NET-SNMP package    as '-N 5.0" or '-N 5.4' if you're unsure use '-v' and see what was    autodetermined.
  4. Beware that all service port names are ALWAYS retrieved from system    running plugin and in case of SNMP check this might not be the same    as what is set on remote system.

TCP Port names are specified with '-p' or '-a' option for checking number of connections based on specified warning and critical values and with '-A' for those ports which you want in perfomance output. Each TCP port name (or number) should be prefixed with either '>' or ' # want to check incoming connections to the specified port (' # connections ('>') to the specified port on remote system.  For example using '--ports >smtp' means you want to check on number of outgoing SMTP (port 25) connections.

The values retrieved are compared to specified warning and critical levels. Warning and critical levels are specified with '-w' and '-c' and each one must have exact same number of values (separated by ',') as number of attribute (tcp port names) specified with '-p'. Any values you dont want to compare you specify as ~. There are also number of other one-letter modifiers that can be used before actual data value to direct how data is to be checked. These are as follows:

> : issue alert if data is above this value (default)
#    = : issue alert if data is equal to this value
! : issue alert if data is NOT equal to this value

A special modifier '^' can also be used to disable checking that warn values

are less than (or greater than) critical values (it is rarely needed).

Additionally if you want performance output then use '-f' option to get all the ports specified with '-p' or specify particular list of of ports for performance data with '-A' (this list can include names not found in '-p'). Note that when reporting for in perfomance data instead of saying ">smtp' or " #


The first example is for your server to check SMTP connections - warnings would be sent here fore more then 15 incoming connections or more then 10 outgoing and critical alerts for more than 40 incoming or 20 outgoing

define command {
       command_name check_smtp_connections
       command_line $USER1$/ -L "SMTP Load" -H $HOSTADDRESS$ -C $ARG1$ -N 5.3 -2 -p "smtp" -w $ARG2$ -c $ARG3$ -f -A "@"

define service{
      use                             std-service
      service_description             SMTP Load
      hostgroups                      mailserv
      check_command                   check_smtp_connections!public!">15,>10"!">40,>20"

The second example is for a webserver to check HTTP connections. In this case the server is always little loaded (i.e. you have busy website) so not only is their upper bound of 30 for warning and 100 for critical but also a bound to send alert if there are # specify this http name is repeated twice at '-p'; the result is a little strange though as it will report "http in connections" twice - its on my "todo list" to get this taken care of and only report same port/direction information once).

define command {
       command_name check_http_connections
       command_line $USER1$/ -L "HTTP Load" -H $HOSTADDRESS$ -C $ARG1$ -2 -p "http,http" -w $ARG2$ -c $ARG3$ -A "http,@"

define service{
      use                             std-service
      service_description             HTTP Load
      hostgroups                      webserv
      check_command                   check_http_connections!public!"30"!"~,100"

Note: those who want to minimize load on nagios server and number of extra lookups should really combine above into one command if your server is doing both HTTP and SMTP (but of course then it might not look as nice in the services list)