ip-monitor
Monitor network device status changes
SYNOPSIS
ip monitor [ all | ADDRESS | LINK | ROUTE | NETCONF | NETNSID | VRF ] [ dev DEV ] [ up ] [ br DEV ] [ src PREFIX ] [ object OBJECT ] [ PREFIXLEN PREFIX ] [ family { inet | inet6 | link } ] [ label LABEL ] [ suppress_prefixlist ] [ suppress_address ] [ suppress_rule ] [ fil TYPE ]
PARAMETERS
all
Monitor all objects.
ADDRESS
Monitor address changes.
LINK
Monitor link state changes (interface up/down).
ROUTE
Monitor routing table changes.
NETCONF
Monitor network configuration changes.
NETNSID
Monitor the assignment of interfaces to network namespaces.
VRF
Monitor VRF interface changes.
dev DEV
Monitor events for a specific device.
up
Monitor only interfaces that are up.
br DEV
Filter events for a specific bridge device.
src PREFIX
Filter events based on a source prefix.
object OBJECT
Filter events for a specific object type (e.g., neighbour).
PREFIXLEN PREFIX
Filter by prefix length.
family { inet | inet6 | link }
Filter by address family.
label LABEL
Filter by label.
suppress_prefixlist
Suppress prefixlist messages.
suppress_address
Suppress address messages.
suppress_rule
Suppress rule messages.
fil TYPE
Filter by event type (e.g., add, delete).
DESCRIPTION
The ip-monitor command provides a real-time interface to monitor changes in the state of network interfaces, addresses, routes, and neighbor discoveries. It listens for Netlink messages from the kernel, providing immediate notification of any changes. This is invaluable for dynamic network environments where interfaces are frequently added, removed, or reconfigured.
Instead of periodically polling network information, ip-monitor offers an event-driven approach, making it significantly more efficient and responsive. It can be used to trigger scripts or other actions based on network events, facilitating automated network management and troubleshooting. By filtering based on various criteria (e.g., interface name, address family), you can focus the monitoring on specific aspects of the network. It supports monitoring various network devices and their related information. The most important is monitoring the routes, addresses and link status. The tool is part of the iproute2 package, offering other networking tools.
CAVEATS
The ip-monitor command requires root privileges to access network information. Be careful when parsing the output of ip-monitor as the format can change slightly between versions of iproute2.
OUTPUT FORMAT
The output of ip-monitor consists of Netlink messages describing network events. These messages are printed to standard output in a human-readable format, which can be parsed by scripts for automated network management.
USE CASES
Common use cases for ip-monitor include: detecting when a network interface comes up or goes down, tracking changes to IP addresses and routes, and triggering alerts when network configuration changes occur. Useful for network management and automation.
HISTORY
The ip-monitor command is part of the iproute2 suite, which has been developed and maintained by Stephen Hemminger and others. It was created as a replacement for older tools like ifconfig and route, offering a more modern and flexible way to configure and monitor network interfaces.
The iproute2 suite utilizes the Netlink protocol to communicate with the kernel, providing a more efficient and extensible interface than the older SIOC* ioctl system calls.