Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Reporting

Reply
Highlighted

Alert on DNS "failed to load" event

Adviser
Posts: 82
2013     0

On rare occasion, a malformed zone can trigger a failed to load event on the DNS engine, We have been asked to create a report that the zone fails to load and get an alert on it.

 

1) creating the field extraction: 

 

(?=[^f]*(?:failed to load|f.*failed to load))^[^'\n]*'(?P<fqdn>[^']+)(?:[^'\n]*'){2}(?P<type>\w+)(?:[^ \n]* ){3}'(?P<dns_view>\w+)(?:[^ \n]* ){4}(?P<root_cause>.+)

 1-field extraction.png

 

2) Search & table

index=ib_syslog "failed to load" | table _time,host,dns_view,fqdn,type,root_cause

 2-Search.png

 

3) Save as Real-time Alert and set the appropriate actions

 

4) View alert in near real time 

 4-Alerts.png

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products.
Highlighted

Re: Alert on DNS "failed to load" event

[ Edited ]
Adviser
Posts: 200
2014     0

Interesting report Nicolas!  Thanks for posting!!

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You