check_netstat / check_snmp_netstat

Documentation is part of plugin code on top. Below from there (and it is the not most current!):

ABOUT THIS PLUGIN

This is a nagios plugin that checks number of TCP connections from or to the system. The plugin gets the data either from local computer with 'netstast' or from remote system using 'snmpnetstat' (if '-H' and '-C'
are not specified then its local).

You can set this up to provide warning and critical values if number of connections for specific port out or in is too low or too high. Data is also made available for nagios 2.0 post-processing based on specified ports.

SETUP NOTES

1. Make sure to check and if necessary adjust the the path to utils.pm
2. Make sure you have snmpnetstat in /usr/bin or adjust the path below
3. Beware that all service port names are ALWAYS retrieved from system
running plugin and in case of SNMP check this might not be the same
as what is set on remote system.

TCP Port names are specified with '-p' or '-a' option for checking number of connections based on specified warning and critical values and with '-A' for those ports which you want in performance output. Each TCP port name (or number) should be prefixed with either '>' or 'smtp' means you want to check on number of outgoing SMTP (port 25) connections. Special value of '@' (or just '>') allow to check check on total number connections (they will be reported as port 'all').

The values retrieved are compared to specified warning and critical levels. Warning and critical levels are specified with '-w' and '-c' and each one must have exact same number of values (separated by ',') as number of attribute (tcp port names) specified with '-p'. Any values you dont want to compare you specify as ~. There are also number of other one-letter modifiers that can be used before actual data value to direct how data is to be checked. These are as follows:

> : issue alert if data is above this value (default)
< : issue alert if data is below this value
= : issue alert if data is equal to this value
! : issue alert if data is NOT equal to this value

A special modifier '^' can also be used to disable checking that warn values are less then (or greater then) critical values (it is rarely needed).

Additionally if you want performance output then use '-f' option to get all the ports specified with '-p' or specify particular list of of ports for performance data with '-A' (this list can include names not found in '-p'). Note that when reporting for in perfomance data instead of saying ">smtp' or "15,>10"!">40,>20"
}

The second example is for a webserver to check HTTP connections. In this case the server is always little loaded (i.e. you have busy website) so not only is their upper bound of 30 for warning and 100 for critical but also a bound to send alert if there are <5 connections (and to specify this http name is repeated twice at '-p'; the result is a little strange though as it will report "http in connections" twice - its on my "todo list" to get this taken care of and only report same port/direction information once).

define command {

command_name check_http_connections
command_line $USER1$/check_netstat.pl -L "HTTP Load" -H $HOSTADDRESS$ -C $ARG1$ -2 -p "http,http" -w $ARG2$ -c $ARG3$ -A "http,@"

}

define service{

use std-service
service_description HTTP Load
hostgroups webserv
check_command check_http_connections!public!"30"!"~,100"

}

Note: those who want to minimize load on nagios server and number of extra lookups should really combine above into one command if your server is doing both HTTP and SMTP (but of course then it might not look as nice in the services list)