Mongodb
mongosniff provides a low-level operation tracing/sniffing view into database activity in real time. Think of mongosniff as a MongoDB-specific analogue of tcpdump for TCP/IP network traffic. Typically, mongosniff is most frequently used in driver development.
mongosniff requires libpcap and is only available for Unix-like systems. Furthermore, the version distributed with the MongoDB binaries is dynamically linked against aversion 0.9 of libpcap. If your system has a different version of libpcap, you will need to compile mongosniff yourself or create a symbolic link pointing to libpcap.so.0.9 to your local version of libpcap. Use an operation that resembles the following:
ln -s /usr/lib/libpcap.so.1.1.1 /usr/lib/libpcap.so.0.9
Change the path's and name of the shared library as needed.
As an alternative to mongosniff, Wireshark, a popular network sniffing tool is capable of inspecting and parsing the MongoDB wire protocol.
mongosniff
--help
Returns a basic help and usage text.
--forward <host><:port>
Declares a host to forward all parsed requests that the mongosniff intercepts to another mongod instance and issue those operations on that database instance.
Specify the target host name and port in the <host><:port> format.
To connect to a replica set, you can specify the replica set seed name, and a seed list of set members, in the following format:
<replica_set_name>/<hostname1><:port>,<hostname2:<port>,...
--source <NET [interface]>, <FILE [filename]>, <DIAGLOG [filename]>
Specifies source material to inspect. Use --source NET [interface] to inspect traffic from a network interface (e.g. eth0 or lo.) Use --source FILE [filename] to read captured packets in pcap format.
You may use the --source DIAGLOG [filename] option to read the output files produced by the --diaglog option.
--objcheck
Modifies the behavior to only display invalid BSON objects and nothing else. Use this option for troubleshooting driver development. This option has some performance impact on the performance of mongosniff.
<port>
Specifies alternate ports to sniff for traffic. By default, mongosniff watches for MongoDB traffic on port 27017. Append multiple port numbers to the end of mongosniff to monitor traffic on multiple ports.
Use the following command to connect to a mongod or mongos running on port 27017 and 27018 on the localhost interface:
mongosniff --source NET lo 27017 27018
Use the following command to only log invalid BSON objects for the mongod or mongos running on the localhost interface and port 27018, for driver development and troubleshooting:
mongosniff --objcheck --source NET lo 27018
To build mongosniff yourself, Linux users can use the following procedure:
Obtain prerequisites using your operating systems package management software. Dependencies include:
libpcap - to capture network packets.
git - to download the MongoDB source code.
scons and a C++ compiler - to build mongosniff.
Download a copy of the MongoDB source code using git:
git clone git://github.com/mongodb/mongo.git
Issue the following sequence of commands to change to the mongo/ directory and build mongosniff:
cd mongo scons mongosniff
If you run scons mongosniff before installing libpcap you must run scons clean before you can build mongosniff.
MongoDB Documentation Project
2011-2013, 10gen, Inc.