As I have received numerous request for my script, I've attached it
here. Hopefully it is helpful.
* Please note that I have removed our email address and domain at
the end of the script during the mailx statement.
mailx -s "TOTAL Queries on `uname -n` are running $NUM/min" -r
"d...@`uname -n`.domain.edu" email_remo...@domain.edu < $err_dir/stdQueryMsg
Nuno Ribeiro wrote:
Hi all,
I have some doubts and I would like clarify them:
- Bind ( version 9.5) provides lots of statistics information and
provides two interfaces for users to get access to it (file dump and
HTTP access). For what I see and read the counters are cumulative
during the time the service is running. My question is if it possible
to reset the counter statistics in real time in order to have
statistic details in a time interval?
Other question is if there is any statistic detail provide us
information such this "average time answering to queries of type A"
Thanks in any advance.
Best Regards,
--
Nuno Ribeiro
------------------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
#!/usr/bin/ksh
#########################################
# Author: Emery Rudolph #
# Date: Mar 03, 2009 #
# Purpose: This script takes the count #
# for total queries and sets a #
# threshold above which a notification #
# email is sent to alert sysadmins. #
# There is no action to take upon the #
# server. Inform INET, so that they can #
# monitor and perhaps block the address #
#########################################
dir=/var/run
err_dir=$dir/err_msgs
integer NUM
integer getValue
integer TRIGGER=10000
cd $dir
sleep 3
cat /dev/null > $err_dir/stdQueryMsg
rm stdQuery2
mv stdQuery1 stdQuery2
touch stdQuery1
getValue=$(grep -w QUERY named.stats | awk '{print $1}')
echo "$getValue" >stdQuery1
var1=$(cat stdQuery1)
var2=$(cat stdQuery2)
echo "VAR1=$var1"
echo "VAR2=$var2"
NUM="$var1"-"$var2"
echo "Variable NUM=$NUM"
echo ""
echo $NUM > $dir/sitescope.standard.value
if(("$NUM">"$TRIGGER"))
then
echo "QUERY ALARM"
echo
"##########################################################" >>
$err_dir/stdQueryMsg
echo "The `uname -n` server is experiencing an unusually high
" >> $err_dir/stdQueryMsg
echo "level of Standard Queries, which could be an
" >> $err_dir/stdQueryMsg
echo "indication of a DOS attack. Please inspect the current
" >> $err_dir/stdQueryMsg
echo "activity in the $dir/Errors log and if confirmed,
" >> $err_dir/stdQueryMsg
echo "contact the INET group to possibly block the offending
" >> $err_dir/stdQueryMsg
echo "IP address if warranted.
" >> $err_dir/stdQueryMsg
echo "______________________________________________________
" >> $err_dir/stdQueryMsg
echo "CURRENT Total Queries: $NUM/minute
" >> $err_dir/stdQueryMsg
echo "______________________________________________________
" >> $err_dir/stdQueryMsg
echo
"##########################################################" >>
$err_dir/stdQueryMsg
mailx -s "TOTAL Queries on `uname -n` are running $NUM/min" -r
"d...@`uname -n`.domain.edu" email_remo...@domain.edu < $err_dir/stdQueryMsg
fi
exit
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
