05-24-2016 08:52 AM
Looking for a report that shows DDNS failures, must include the following data:
IP of client
FQDN (of attempted update)
this info seems to be in the syslog, but I cant get a report to work.
sample syslog entry (IP, zone, and update changed for security):
|client 18.104.22.168#36540/key dhcp_updater_default: updating zone 'zone.com/IN': update unsuccessful: ddnsupdate.zone.com/TXT: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Solved! Go to Solution.
05-24-2016 12:17 PM
I assume you are doing this with 7.3.200, since that is the only version which currently supports syslog data in the reporter?
If so, you'll need to create the necessary extractions, then generate the report.
05-28-2016 05:26 AM
index=ib_syslog dhcp_updater_default | rex "client (?<Client>[^#]+).+zone '(?<Zone>[^\/]+)\/IN'.+unsuccessful: (?<FQDN>[^:]+):.*\((?<Error>.+)\)" | stats count as Errors by Client Zone FQDN Error | sort -Errors