Reply
Highlighted

DNS Top Client - improvements

[ Edited ]
Adviser
Posts: 49
7671     8

 

If you want to extent the builtin DNS Top client report with geolocation & map, here is a few tip and some code to quickly copy and paste

 

Capture d’écran 2016-03-30 à 15.23.32.png

 

Top DNS Client per county:

index=ib_dns_summary report=si_dns_top_clients $members$ $dns_view_str$ | iplocation CLIENT| stats sum(COUNT) as CLIENT_QUERIES by Country | sort -Country limit=$topn$

 

Top DNS Client per city:

index=ib_dns_summary report=si_dns_top_clients $members$ $dns_view_str$ | iplocation CLIENT| stats sum(COUNT) as CLIENT_QUERIES by City | sort -City limit=$topn$

 

Top DNS Client GeoLocation:

index=ib_dns_summary report=si_dns_top_clients $members$ $dns_view_str$ | iplocation CLIENT | geostats sum(COUNT) by CLIENT globallimit=0 locallimit=10

 

Next step could be to reuse these queries on ADP attack reports to geo localize Attackers IPs.

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products.

Re: DNS Top Client - improvements

Alexander
Techie
Posts: 4
7672     8

Hi. Thanks for dashboard.

My servers located in Moscow Russia, and client basically from Russia, but i dot see country Russia in "Top 10 DNS Clients Country" and Moscow in "Top 10 DNS Clients City". In top is USA what is very strange.

In the same time at "Top DNS Client Geo Map" Russia and Moscow is biggest pie.

Re: DNS Top Client - improvements

Alexander
Techie
Posts: 4
7672     8

I fix it. Just changed sort type to CLIENT_QUERIES.

Re: DNS Top Client - improvements

[ Edited ]
Adviser
Posts: 49
7672     8

Actually there is no CLIENT_QUERIES, what you may want is to remove the by CLIENT constraint:

 

index=ib_dns_summary report=si_dns_top_clients (orig_host="*") * | iplocation CLIENT | geostats sum(COUNT) globallimit=0 locallimit=10

 

doing so give a global visibility on queries distribution but not what are the top IP per location:

 

Capture d’écran 2016-04-14 à 18.19.35.png

 

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products.

Re: DNS Top Client - improvements

AGOVINDANE
Techie
Posts: 5
7672     8

Hi Nico,

 

Thanks for this great DNS Top Client Dashboard improvement.

 

 

Regards,

Alex

Re: DNS Top Client - improvements

Expert
Posts: 183
7672     8

Anything in the works to be able to do this on a enterprise's intranet using the EA's contaned in the IPAM data to geolocate internally?

This would be great for both this kind of query heat map as well as Infoblox member status, plotted on a map like this pulling the location from the member's EA's.  (CPU, memory, calculated % load from some of the other dashboads you have provided....   maybe a use either a custom script on the reporting member or just a "last data collected" from a member to get a basic up \ down connectivity status....)

Re: DNS Top Client - improvements

Expert
Posts: 183
7672     8

I found some of the pieces of the very old bloxtools plug in that was started for putting Infoblox grid status onto a google map.  From the file dates it looks like it was around 2009.   The google maps API that it used has been depricated and the code is not really useful even as a starting point.

So just another nudge that this kind of "report candy" is nice to show off the reporting tool and can be useful for help desks and NOC's for large Intranets...

Showing results for 
Search instead for 
Do you mean 

Recommended for You