Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API & Integration, DevOps,NetOps,SecOps

Reply

DNS/DHCP Monitoring with API

[ Edited ]
Techie
Posts: 7
301     0

Is it possible to use the API for DNS/DHCP/NIOS monitoring? Which urls do we need?

What should we monitor?

Re: DNS/DHCP Monitoring with API

[ Edited ]
Superuser
Posts: 81
301     0

Hello There,

 

It is possible. But you'd need a scripted logic for this. Summary of the logic is :

 

1) First you need to prepare a list of all Grid node references. References are just a string with which you could get to specific details about a node. Call for that would be :

 

https://<Grid_Master_IP>/wapi/v2.10.1/member

 

2) From the output of the first call, you need the value of "host_name" & "_ref" for all the items that you seen in the list. With hostname, you can identify different grid nodes(Ie, server names).

 

3) Now depending on the servers that you're interested in, you could use the "_ref" value for each nodes to get the service status from all the nodes. That call would be :

 

https://<Grid_Master_IP>/wapi/v2.10.1/member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain/memberservicestatus/nodeinfo?_return_fields=service_status

What you need to note in the call above is that "member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain" has to be the "value" of the "_ref" keys of all grid nodes that you get from call #1.

 

4) If you just take a look at the response of the second API call, you will understand what you need to do further with it. A sample output of call #2 would be :

{
    "_ref": "member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain",
    "service_status": [
        {
            "description": "DHCP Service is inactive",
            "service": "DHCP",
            "status": "INACTIVE"
        },
        {
            "description": "DNS Service is working",
            "service": "DNS",
            "status": "WORKING"
        },
        {
            "description": "NTP Service is inactive",
            "service": "NTP",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - TFTP Service is inactive",
            "service": "TFTP",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - HTTP File Dist Service is inactive",
            "service": "HTTP_FILE_DIST",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - FTP Service is inactive",
            "service": "FTP",
            "status": "INACTIVE"
        },
        {
            "description": "CPU: 100%, Memory: 0%, Hard Disk: 0%",
            "service": "BLOXTOOLS",
            "status": "INACTIVE"
        },
        {
            "description": "Captive Portal Service is inactive",
            "service": "CAPTIVE_PORTAL",
            "status": "INACTIVE"
        },
        {
            "service": "HSM",
            "status": "UNKNOWN"
        },
        {
            "description": "Subscriber Collection Service is inactive",
            "service": "IMC",
            "status": "INACTIVE"
        },
        {
            "description": "TAXII Service is inactive",
            "service": "TAXII",
            "status": "INACTIVE"
        }
    ]
}                                     

If you'd like to have a robust script including all that logic, please let me know.

 

Best regards,

 

Re: DNS/DHCP Monitoring with API

New Member
Posts: 1
301     0

This is helpful but wondering how can I get the status of DNS Service only.

Re: DNS/DHCP Monitoring with API

New Member
Posts: 6
301     0

If you are doing this in bash, you can just take the output of the curl and filter it though grep and chop off any bits you don't need. People who know jq, zq and other tools can probably tell you how to do it better. 

 

YOUROUTPUT | egrep '"description": "DNS'

 

This is also a great place to just use snmp query. Then you can be specific. 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You