Is there a way to monitor which ports are open in a server?

Basically, a way to know what ports are open, or in listening state, in a server, particularly Ubuntu Servers.
I’m not really sure if I’m asking this the wrong way but I was assigned to create a monitoring system for all our servers and to know/monitor what ports are opened.

Like for sure, port 22 is open in all our servers. I want that to reflect in a dashboard.
What if other random TCP ports are opened, how can I show that in a dashboard?

Metrics monitoring is fine, I used the combo of InfluxDB, Grafana, Telegraf.
I’m just confused by what is assigned to me.
There’s a language barrier going on internally so I cannot really clarify.
Before I ended our meeting, I was thinking maybe there’s really a “port monitoring” dashboard in grafana, so I googled away. But for 2days now, can’t find anything.

I was thinking too, if I just make sure that the server is being monitored in CPU, memory, network, or any metrics, why bother monitoring what ports are open? Besides, ports are opened selectively for each server, so what’s there to monitor?

Hope you’ll are getting what I try to ask and can point me in the right direction.

I think the first thing you need to start from is a list of which port numbers
are supposed to be open on each server, because your monitoring output is
going to fall into two categories:

  1. Ports which are supposed to be open and aren’t (service should be available
    and isn’t)

  2. Ports which are not supposed to be open but are (potential security risk)

Only the people who run and manage the servers can tell you which ports are in
which list for each machine (or type of machine).

Personally I would try to set these up as individual service checks for the
ports which should be open, and a single combined check for the ones which
aren’t, so it shows “good” if none of them are open, and “bad” if any
(possibly multiple) are open.

You may be able to use the list of “ports which should be open” to generate
the list of “ports which should not be open”, simply by negation - again that
is a question for the system admins of the machines in question to answer.

Whether Grafana is the best tool to do this sort of monitoring with, though,
is another question. Grafana is focused on time-based data series, and I
would seriously consider using something like icinga instead for this type of
monitoring requirement.

Regards,

Antony.

Hey pooh/Antony,

exactly!!! thanks so much for confirming what I’m thinking.

Since I’m talking to a different nationality, communication is really hard.
I asked opened ports should be provided to me for each server so I can plan better in how to monitor these.
He said okay, then I waited. After few days, he asked for an update on how the port monitoring implementation is going. That made me confused, and made me think, maybe I’m missing something or got lost in translation.
I have to admit though, this guy is really a great developer/sysadmin, so I doubt myself rather than him.lol.

I will look into icinga.
So grafana is out on this kind of monitoring setup right?

I would not say that Grafana is not able to do this, but as someone who uses
both for different purposes, I would do this type of monitoring with Icinga.

I regard Grafana as a good tool when you want a fast response to a steady
stream of data with timestamps, and you want to analyse that data over varying
timescales.

I regard Icinga as a good tool when you’re more interested in “what’s the
state of things right now?” (although it also has a history of what happened
previously), and you want alerts to be sent out when something isn’t the way
it should be.

Icinga tends to work on a slower timescale than Grafana, though - Grafana can
react within a second to some change, and it depends completely on how fast
you feed it data as to how responsive it is. Icinga tends to work on service
checks being run every minute or so, which for testing which ports on a server
are open and which are closed would be good enough for me.

Good luck,

Antony.

if not time series then what is icinga based on ?