Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Reporting

Reply

monitor these UDP and TCP INfoblox query metrics

New Member
Posts: 1
1023     0

Hi, I'm having issues and I can only see them in syslog alerts, do you know where I can monitor these INfoblox UDP and TCP query metrics, view and raise events when these threshold events occur. Actually, I want to generate it when it reaches the soft limit value.

I'm getting alerts like this and I only get the alert when I'm in syslog


Log:  warning client @0x7f562c459510 (no-peer): TCP client quota reached: quota reached
named[23534]: warning client @0x7f53ce573ea0 (no-peer): TCP client quota reached: quota reached

I also needed to get an email alert when I reached the tcp limit or something like that

show  named_tcp_clients_limit
 Member override inactive, tcp_clients_limit using grid value 1000


Re: monitor these UDP and TCP INfoblox query metrics

New Member
Posts: 2
1024     0

Please correct me if Im wrong,

 

I am reading this as how to create a new report "view and raise events when these threshold events occur."

 

From the infoblox GUI, go to the reporting and Anlytics tab.

From the reports section you should be able to establish a new report to monitor UDP and TCP query metrics although you will need to select the correct data sources related to queiries, TCP, and UDP., Under the new report your establishing you should be able to configure your threseholds for the metrics your looking to monitor.

 

 

Regarding having your email notified for meet threseholds I found this documention @ docs.infoblox.com/space/nios86/203622640/About+Alerts

 

  1. From the Reporting tab, select the Alerts tab -> select an alert and click Open in Search.

  2. From the Save As drop-down list, click Alert.

  3. In the Save As Alert dialog box, complete the following:

    • Specify the title and description.

    • Alert Type: Select Scheduled

    • Time Range: Specify the time range. For example, you can select Run Every Day.

    • Schedule At: Specify the time.

    • Trigger Condition: Specify trigger conditions. For more information, refer to the Splunk documentation.

    • Trigger Actions: Click this to configure alert actions. You can select the following:

      • Send SNMP Trap: Select this to enable SNMP traps. For information about how to trigger SNMP traps for reporting event types, see Configuring SNMP.

      • Send email: Select this to send alert notification through email. You can specify email address in the To text box.

      • Send to Syslog. Select this to log a message in the syslog. If you configure this option with an alert, the message goes to the syslog on the reporting member or indexer.

      • File Transfer Action: Select this to upload the search results to an FTP or SCP or TFTP server configured on the Set up page. For information about Reporting (Index) Storage space, see Grid Reporting Properties.

  4. Click Save.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You