Alert on DNS "failed to load" event

Posts: 82
2375     0

On rare occasion, a malformed zone can trigger a failed to load event on the DNS engine, We have been asked to create a report that the zone fails to load and get an alert on it.


1) creating the field extraction: 


(?=[^f]*(?:failed to load|f.*failed to load))^[^'\n]*'(?P<fqdn>[^']+)(?:[^'\n]*'){2}(?P<type>\w+)(?:[^ \n]* ){3}'(?P<dns_view>\w+)(?:[^ \n]* ){4}(?P<root_cause>.+)

 1-field extraction.png


2) Search & table

index=ib_syslog "failed to load" | table _time,host,dns_view,fqdn,type,root_cause



3) Save as Real-time Alert and set the appropriate actions


4) View alert in near real time 


Check out our new Tech docs website at for latest documentation on Infoblox products.

Re: Alert on DNS "failed to load" event

[ Edited ]
Posts: 200
2376     0

Interesting report Nicolas!  Thanks for posting!!


Showing results for 
Search instead for 
Did you mean: 

Recommended for You