Re: Bind Statistics questions

2009-05-05 Thread Emery 

Hello Nuno,

I don't know if you can reset the stats, but in my environment I had the 
need to check statistics to alert us to attacks and high abnormally high 
query numbers. In order to do this, I wrote shell scripts that check the 
current count and writes that value to a file. This is a rotating 
process with the each iteration writing the current value to a file and 
on the next cycle comparing the new value to the written value before 
writing the new value to the file. On each iteration, the new value is 
subtracted from the written value to get the actual 1 minute count.


I use this process for the query and recursive query counts and if they 
breach a specific level, an email is sent. We also use Sitescope 
monitoring to the values to get trending information. If the stats 
cannot be reset, this is an alternative that has worked for me.


Emery Rudolph
University of Maryland University College.


Nuno Ribeiro wrote:


Hi all,

I have some doubts and I would like clarify them:
- Bind ( version 9.5) provides lots of statistics information and 
provides two interfaces for users to get access to it (file dump and 
HTTP access). For what I see and read the counters are cumulative 
during the time the service is running. My question is if it possible 
to reset the counter statistics in real time in order to have 
statistic details in a time interval?
Other question is if there is any statistic detail provide us 
information such this "average time answering to queries of type A"
 
Thanks in  any advance.


Best Regards,

--
Nuno Ribeiro


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind Statistics questions

2009-05-05 Thread Emery 
As I have received numerous request for my script, I've attached it 
here. Hopefully it is helpful.


   * Please note that I have removed our email address and domain at
 the end of the script during the mailx statement.


mailx -s "TOTAL Queries on `uname -n` are running $NUM/min" -r 
"d...@`uname -n`.domain.edu"  email_remo...@domain.edu < $err_dir/stdQueryMsg



Nuno Ribeiro wrote:


Hi all,

I have some doubts and I would like clarify them:
- Bind ( version 9.5) provides lots of statistics information and 
provides two interfaces for users to get access to it (file dump and 
HTTP access). For what I see and read the counters are cumulative 
during the time the service is running. My question is if it possible 
to reset the counter statistics in real time in order to have 
statistic details in a time interval?
Other question is if there is any statistic detail provide us 
information such this "average time answering to queries of type A"
 
Thanks in  any advance.


Best Regards,

--
Nuno Ribeiro


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
#!/usr/bin/ksh

#####   
# Author: Emery Rudolph #
# Date: Mar 03, 2009#
# Purpose: This script takes the count  #
# for total queries and sets a  #
# threshold above which a notification  #
# email is sent to alert sysadmins. #
# There is no action to take upon the   #
# server. Inform INET, so that they can #
# monitor and perhaps block the address #
#


dir=/var/run
err_dir=$dir/err_msgs
integer NUM
integer getValue
integer TRIGGER=1

cd $dir

sleep 3
cat /dev/null > $err_dir/stdQueryMsg
rm stdQuery2
mv stdQuery1 stdQuery2
touch stdQuery1

getValue=$(grep -w QUERY named.stats | awk '{print $1}')

echo "$getValue" >stdQuery1

var1=$(cat stdQuery1)   
var2=$(cat stdQuery2)   

echo "VAR1=$var1"
echo "VAR2=$var2"

NUM="$var1"-"$var2"
echo "Variable NUM=$NUM"
echo ""
echo $NUM > $dir/sitescope.standard.value

if(("$NUM">"$TRIGGER"))
then
echo "QUERY ALARM"

echo 
"##" >> 
$err_dir/stdQueryMsg
echo "The `uname -n` server is experiencing an unusually high   
" >> $err_dir/stdQueryMsg
echo "level of Standard Queries, which could be an  
" >> $err_dir/stdQueryMsg
echo "indication of a DOS attack. Please inspect the current
" >> $err_dir/stdQueryMsg
echo "activity in the $dir/Errors log and if confirmed, 
" >> $err_dir/stdQueryMsg
echo "contact the INET group to possibly block the offending
" >> $err_dir/stdQueryMsg
echo "IP address if warranted.  
" >> $err_dir/stdQueryMsg
echo "__
" >> $err_dir/stdQueryMsg
echo "CURRENT Total Queries: $NUM/minute
" >> $err_dir/stdQueryMsg
echo "__
" >> $err_dir/stdQueryMsg
echo 
"##" >> 
$err_dir/stdQueryMsg

mailx -s "TOTAL Queries on `uname -n` are running $NUM/min" -r 
"d...@`uname -n`.domain.edu" email_remo...@domain.edu < $err_dir/stdQueryMsg
fi
exit
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.5.1-P3 compilation problems.

2009-08-11 Thread Emery 

Good morning,

I've conducted two maintenance windows to upgrade our BIND primary 
server to the new code to address the recent security vulnerability, but 
cannot get past the error below. I have Openssl 9.8.0k installed. I have 
no problems running tests from the openssl prompt. I have tried 
exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory 
and have run the compilation with the --with-openssl=/usr/local/ssl 
switch to no avail.


I am running Solaris 10 Sparc -

I know that there is a precompiled version of this BIND release on 
Sunfreeware, but I am trying to upgrade our primary nameserver and would 
rather to this than a clean uninstall/install.


Is there any insight into what wall I'm running into?


checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... (cached) yes
checking for size_t... yes
checking for ssize_t... yes
checking for uintptr_t... yes
checking for socklen_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking for long long... yes
checking for struct lifconf... no
checking for kqueue... no
checking epoll support... no
checking sys/devpoll.h usability... yes
checking sys/devpoll.h presence... yes
checking for sys/devpoll.h... yes
checking if unistd.h or sys/types.h defines fd_set... yes
checking whether byte ordering is bigendian... yes
checking for OpenSSL library... using OpenSSL from /usr/local/ssl/lib 
and /usr/local/ssl/include

checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/usr/local/ssl/lib and /usr/local/ssl/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.5.1-P3 compilation problems.

2009-08-11 Thread Emery 

Mark -

Thanks for your notes. I will attempt to find a window to update the 
system patch level. This is especially frustration because I performed 
the upgrade on a disaster recovery system last week and it worked 
flawlessly. Hopefully patching the system will get us there. If so, I'll 
be sure to update the listserver, for the benefit of another poor soul 
in the same boat. :-)


Thanks again!

Emery.

Mark Andrews wrote:

In message <4a820186.20...@gmail.com>, Emery writes:
  

This is a multi-part message in MIME format.
--000608010205070908020408
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


Mark,

I am not really sure which error is the actual indicator of the 
aforementioned problem.  I've attached the config.log. Your insight is 
most welcome!



This looks like a broken .  The "checking for ANSI C
header files" also failed earlier in the build process.  This could
be because Sun's header files are broken or it could be gcc's "fixes"
arn't correct.

I suspect that there is a typedef for ctid_t not being made when
-D_XPG4_2 -D__EXTENSIONS__ are set on the command line.

I would make sure that your OS is fully patched then re-run
"fixincludes", if I remember the command name correctly, from the
gcc distribution.

Mark

configure:6112: gcc -o conftest -g -O2 -I/usr/local/ssl/include  -D_XPG4_2 -D__E
XTENSIONS__  conftest.c  -L/usr/local/ssl/lib -R/usr/local/ssl/lib -lcrypto >&5
In file included from /usr/include/sys/wait.h:24,
 from /usr/include/stdlib.h:22,
 from /usr/local/ssl/include/openssl/err.h:66,
 from conftest.c:27:
/usr/include/sys/siginfo.h:259: error: syntax error before "ctid_t"
/usr/include/sys/siginfo.h:292: error: syntax error before '}' token
/usr/include/sys/siginfo.h:294: error: syntax error before '}' token
/usr/include/sys/siginfo.h:390: error: syntax error before "ctid_t"
/usr/include/sys/siginfo.h:398: error: conflicting types for '__fault'
/usr/include/sys/siginfo.h:267: error: previous declaration of '__fault' was her
e
/usr/include/sys/siginfo.h:404: error: conflicting types for '__file'
/usr/include/sys/siginfo.h:273: error: previous declaration of '__file' was here
/usr/include/sys/siginfo.h:420: error: conflicting types for '__prof'
/usr/include/sys/siginfo.h:287: error: previous declaration of '__prof' was here
/usr/include/sys/siginfo.h:424: error: conflicting types for '__rctl'
/usr/include/sys/siginfo.h:291: error: previous declaration of '__rctl' was here
/usr/include/sys/siginfo.h:426: error: syntax error before '}' token
/usr/include/sys/siginfo.h:428: error: syntax error before '}' token
/usr/include/sys/siginfo.h:432: error: syntax error before "k_siginfo_t"
/usr/include/sys/siginfo.h:437: error: syntax error before '}' token
In file included from /usr/include/sys/procset.h:24,
 from /usr/include/sys/wait.h:25,
 from /usr/include/stdlib.h:22,
 from /usr/local/ssl/include/openssl/err.h:66,
 from conftest.c:27:
/usr/local/lib/gcc/sparc-sun-solaris2.9/3.4.6/include/sys/signal.h:96: error: sy
ntax error before "siginfo_t"
In file included from /usr/include/stdlib.h:22,
 from /usr/local/ssl/include/openssl/err.h:66,
 from conftest.c:27:
/usr/include/sys/wait.h:86: error: syntax error before "siginfo_t"

  

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users