Reply
Highlighted

DNS Report help

[ Edited ]
ArjunDj
Techie
Posts: 3
3150     0

Dear All,

 

I am a newbie to infoblox reporting module.I want to run a job for getting TOP DNS client per domain report and when i run the job i am getting no result found but we have lot of DNS queries happening.Below is the script that I can see in the search option.I need a report for like what is the source IP and there queried URL.Really looking forward for a solution.

 

index=ib_dns_summary report=si_top_clients_per_domain | lookup dns_viewkey_displayname_lookup VIEW output display_name | stats sum(COUNT) as CLIENT_QUERIES by FQDN CLIENT | sort -CLIENT_QUERIES | head 10 | eventstats sum(CLIENT_QUERIES) as TOTAL | eval PERCENT=round(CLIENT_QUERIES*100/TOTAL,1) | eval PCLIENT=CLIENT+"("+PERCENT+"%)" | rename FQDN as "Domain", CLIENT as "Client", CLIENT_QUERIES as Queries | fields "Domain", "Client", Queries

 

 

Thanks

AJ

Re: DNS Report help

Adviser
Posts: 97
3151     0

Hello AJ and welcome!

 

Do your other reports work? Can you see the raw events? Try searching wih:

 

index=ib_dns_summary report=si_top_clients_per_domain

If that doesn't return anything it could indicate that your DNS appliances aren't properly sending data to the reporting server. This could be for a number of reasons:

  • You haven't configured the indexes properly under the "grid reporting properties"
  • Network ACLs are preventing the necessary communications

 

 

Re: DNS Report help

ArjunDj
Techie
Posts: 3
3151     0

Thanks RBarlow for the reply.

 

 

We dont have any ACL configured.

And sorry to ask what do you mean by indexes configuration...what option should I check for to generate this report.Other reports like RPZ hit report and all are working.

Re: DNS Report help

Adviser
Posts: 97
3151     0

Search the NIOS admin guide for the section on "Reporting (Index) Storage Space". It describes the indexes and hwo to configure them.

Re: DNS Report help

Adviser
Posts: 116
3151     0

Hi AJ,

 

As Roger mentioned, you would need to verify that the "DNS Query" indexing category is enabled for indexing either at the "Grid Reporting Properties" or under individual DNS "Member Reporting Properties" or both. <screenshots attached>

Additionally, DNS Top Clients per Domain, is a per domain report where you need to specify the domain names that reqire monitoring. <screenshots attached>

Though documentation suggests that only authoritative domains are supported, both authoritative and external domains are supported [As far as I have tested in 7.3.x and 8.0].

 

Thank you,

 

Bibin

Showing results for 
Search instead for 
Do you mean 

Recommended for You