ip-monitor

ip monitor [ all | ADDRESS | LINK | ROUTE | NETCONF | NETNSID | VRF ] [ dev DEV ] [ up ] [ br DEV ] [ src PREFIX ] [ object OBJECT ] [ PREFIXLEN PREFIX ] [ family { inet | inet6 | link } ] [ label LABEL ] [ suppress_prefixlist ] [ suppress_address ] [ suppress_rule ] [ fil TYPE ]

all
    Monitor all objects.

ADDRESS
    Monitor address changes.

LINK
    Monitor link state changes (interface up/down).

ROUTE
    Monitor routing table changes.

NETCONF
    Monitor network configuration changes.

NETNSID
    Monitor the assignment of interfaces to network namespaces.

VRF
    Monitor VRF interface changes.

dev DEV
    Monitor events for a specific device.

up
    Monitor only interfaces that are up.

br DEV
    Filter events for a specific bridge device.

src PREFIX
    Filter events based on a source prefix.

object OBJECT
    Filter events for a specific object type (e.g., neighbour).

PREFIXLEN PREFIX
    Filter by prefix length.

family { inet | inet6 | link }
    Filter by address family.

label LABEL
    Filter by label.

suppress_prefixlist
    Suppress prefixlist messages.

suppress_address
    Suppress address messages.

suppress_rule
    Suppress rule messages.

fil TYPE
    Filter by event type (e.g., add, delete).

The ip-monitor command provides a real-time interface to monitor changes in the state of network interfaces, addresses, routes, and neighbor discoveries. It listens for Netlink messages from the kernel, providing immediate notification of any changes. This is invaluable for dynamic network environments where interfaces are frequently added, removed, or reconfigured.
Instead of periodically polling network information, ip-monitor offers an event-driven approach, making it significantly more efficient and responsive. It can be used to trigger scripts or other actions based on network events, facilitating automated network management and troubleshooting. By filtering based on various criteria (e.g., interface name, address family), you can focus the monitoring on specific aspects of the network. It supports monitoring various network devices and their related information. The most important is monitoring the routes, addresses and link status. The tool is part of the iproute2 package, offering other networking tools.

The ip-monitor command requires root privileges to access network information. Be careful when parsing the output of ip-monitor as the format can change slightly between versions of iproute2.

The output of ip-monitor consists of Netlink messages describing network events. These messages are printed to standard output in a human-readable format, which can be parsed by scripts for automated network management.

Common use cases for ip-monitor include: detecting when a network interface comes up or goes down, tracking changes to IP addresses and routes, and triggering alerts when network configuration changes occur. Useful for network management and automation.

The ip-monitor command is part of the iproute2 suite, which has been developed and maintained by Stephen Hemminger and others. It was created as a replacement for older tools like ifconfig and route, offering a more modern and flexible way to configure and monitor network interfaces.
The iproute2 suite utilizes the Netlink protocol to communicate with the kernel, providing a more efficient and extensible interface than the older SIOC* ioctl system calls.

ip(8), ifconfig(8), netstat(1)