Dnstap: erinevus redaktsioonide vahel

Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== ===dns-collector=== dns-collector https://github.com/dmachard/go-dns-collector kasutamiseks sobib öelda duser@ns2-nsd-01:~/dnstap-receiver$ docker run --r...')
 
 
(ei näidata sama kasutaja 6 vahepealset redaktsiooni)
1. rida: 1. rida:
 
===Sissejuhatus===
  
===Sissejuhatus===
  +
  +
===Tööpõhimõte===
  +
  +
Väited
  +
  +
* dnstap formaadis andmeid kogub eraldi protsess ja sisenemiskohaks on unix socket (nt /var/run/dnstap.sock)
  +
* dnstap formaadis andmeid moodustab ja salvestad dnstap koguja unix socket peale nimeserveri protsess, nt nsd
  +
* dnstap koguja tavaliselt võimaldab sinna sisenenud dnstap vormingus andmeid teisendada ja edasi saata, nt järgmisele protsessile või salvestada tekstifaili failisüsteemi
   
 
===dns-collector===
  
===dns-collector===
37. rida: 45. rida:
 
mode: text
  
mode: text
 
text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"
  
text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"
  +
  +
- name: web
  +
webserver:
  +
listen-ip: 0.0.0.0
  +
listen-port: 8080
  +
basic-auth-login: admin
  +
basic-auth-pwd: parool
  +
tls-support: false
  +
  +
routes:
  +
- from: [ tap_in ]
  +
to: [ std_out, web ]
  +
   
 
routes:
  
routes:
67. rida: 88. rida:
 
root@ns2-nsd-01:~# tail -n 1 -f /opt/duser/dnstap-receiver/var-run/dnstap.log
 
root@ns2-nsd-01:~# tail -n 1 -f /opt/duser/dnstap-receiver/var-run/dnstap.log
 
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;
  
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;
  +
  +
dnstap exporter paistab selliselt
  +
  +
<pre>
  +
$ curl --user admin:parool http://127.0.0.1:8080/metrics
  +
..
  +
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="yyy.xxx.ee"} 8
  +
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="xxx.ee"} 6
  +
dnscollector_qps{stream="ns2-nsd-01"} 0
  +
dnscollector_qps_max_total{stream="ns2-nsd-01"} 50
  +
dnscollector_truncated_total{stream="ns2-nsd-01"} 0
  +
dnscollector_authoritative_answer_total{stream="ns2-nsd-01"} 2787
  +
dnscollector_recursion_available_total{stream="ns2-nsd-01"} 0
  +
dnscollector_authentic_data_total{stream="ns2-nsd-01"} 2759
  +
dnscollector_as_stats_total{stream="ns2-nsd-01"} 1
  +
dnscollector_as_stats_top_total{stream="ns2-nsd-01",number="-",owner="-"} 5574
  +
</pre>
  +
  +
===NSD seadistamine===
  +
  +
<pre>
  +
dnstap:
  +
dnstap-enable: yes
  +
dnstap-socket-path: "/opt/duser/dnstap-receiver/var/run/dnstap.sock"
  +
dnstap-send-identity: yes
  +
dnstap-send-version: yes
  +
dnstap-log-auth-query-messages: yes
  +
dnstap-log-auth-response-messages: yes
  +
</pre>
  +
  +
===dns liikluse visualiseerimine===
  +
  +
====Tööpõhimõte====
  +
  +
====prometheus====
  +
  +
duser@ns2-nsd-01:~$ docker run -t -i -v /opt/duser/dnstap-receiver/prometheus.yml:/etc/prometheus/prometheus.yml -p 9090:9090 prom/prometheus
  +
  +
kus
  +
  +
<pre>
  +
# cat /opt/duser/dnstap-receiver/prometheus.yml
  +
global:
  +
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  +
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  +
  +
alerting:
  +
alertmanagers:
  +
- static_configs:
  +
- targets:
  +
  +
rule_files:
  +
  +
scrape_configs:
  +
- job_name: "dnscollector"
  +
scrape_interval: 5s
  +
static_configs:
  +
- targets: ["10.40.0.109:8080"]
  +
basic_auth:
  +
username: 'admin'
  +
password: 'parool'
  +
</pre>
  +
  +
Tulemusena peab olema prometheus webgui peal näha
  +
  +
* Status -> Targets all sissekanne 'dnscollector' ja State -> Up jne
  +
* Graph -> Expression lahtrist paremal asuva Metrics Explorer nupu abil on näha nimekiri iseloomulikest valikutest (dnscollector_as_stats_top_total jt)
  +
  +
====grafana====
  +
  +
Grafana rakenduse käivitamiseks sobib öelda
  +
  +
duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana
  +
  +
Seejärel seadistatakse Prometheus Data Source
  +
  +
vasak menüü -> Configuration -> Data sources
  +
  +
ning paremas paneelis
  +
  +
Add data source -> Prometheus
  +
  +
ning täidetake lahtrid sobivalt
  +
  +
* HTTP -> URL - http://10.40.0.109:9090/
  +
  +
Seejärel lisatakse dnscollector dashboard
  +
  +
vasak menüü -> Dashboards -> Browse -> Import -> Import via grafana.com -> 15416
  +
  +
Tulemusena ilmub
  +
  +
TODO
  +
  +
Kasulikud lisamaterjalid
  +
  +
* https://grafana.com/grafana/dashboards/15416
   
 
===Kasulikud lisamaterjalid===
  
===Kasulikud lisamaterjalid===

Viimane redaktsioon: 25. juuni 2022, kell 18:40

Sissejuhatus

Tööpõhimõte

Väited

  • dnstap formaadis andmeid kogub eraldi protsess ja sisenemiskohaks on unix socket (nt /var/run/dnstap.sock)
  • dnstap formaadis andmeid moodustab ja salvestad dnstap koguja unix socket peale nimeserveri protsess, nt nsd
  • dnstap koguja tavaliselt võimaldab sinna sisenenud dnstap vormingus andmeid teisendada ja edasi saata, nt järgmisele protsessile või salvestada tekstifaili failisüsteemi

dns-collector

dns-collector https://github.com/dmachard/go-dns-collector kasutamiseks sobib öelda 

duser@ns2-nsd-01:~/dnstap-receiver$ docker run --rm -i -t -v /opt/duser/dnstap-receiver/var-run:/var/run -v /opt/duser/dnstap-receiver/dnscollector.conf:/etc/dnscollector/config.yml --name=dnscollector01 dmachard/go-dnscollector

kus

  • konteineris töötav .sock mapping - /opt/duser/dnstap-collector/var-run -> /var/run
  • konteineris töötav dns collector seadistusfail - /opt/duser/dnstap-collector/dnscollector.conf -> /etc/dnscollector/config.yml

dns collector seadistusfail 

root@ns2-nsd-01:~# cat /opt/duser/dnstap-receiver/dnscollector.conf 
trace:
  verbose: true
  log-malformed: false
  filename: ""
  max-size: 10
  max-backups: 10

multiplexer:
  collectors:
    - name: tap_in
      dnstap:
        sock-path: /var/run/dnstap.sock

  loggers:
    - name: std_out
      logfile:
        file-path:  "/var/run/dnstap.log"
        max-size: 100
        max-files: 10
        mode: text
        text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"

    - name: web
      webserver:
        listen-ip: 0.0.0.0
        listen-port: 8080
        basic-auth-login: admin
        basic-auth-pwd: parool
        tls-support: false

  routes:
    - from: [ tap_in ]
      to: [ std_out, web ]


  routes:
    - from: [ tap_in ]
      to: [ std_out ]

kus

  • TODO

Protesside käivitamise tegevuste järjekord

  • kõik protsessid seisavad
  • käivitatakse dns collector docker konteiner
  • kohendatakse host peal loabitte
root@ns2-nsd-01:~# chmod 0666 /opt/duser/dnstap-receiver/var-run/dnstap.sock
  • käivitatakse nsd protsess
root@ns2-nsd-01:~# systemctl start nsd

Tulemusena tekib päringu puhul 

$ dig @10.400.0.11 _dmarc.talechh.ee txt

logi 

root@ns2-nsd-01:~# tail -n 1  -f /opt/duser/dnstap-receiver/var-run/dnstap.log 
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;

dnstap exporter paistab selliselt 

$ curl --user admin:parool http://127.0.0.1:8080/metrics
..
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="yyy.xxx.ee"} 8
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="xxx.ee"} 6
dnscollector_qps{stream="ns2-nsd-01"} 0
dnscollector_qps_max_total{stream="ns2-nsd-01"} 50
dnscollector_truncated_total{stream="ns2-nsd-01"} 0
dnscollector_authoritative_answer_total{stream="ns2-nsd-01"} 2787
dnscollector_recursion_available_total{stream="ns2-nsd-01"} 0
dnscollector_authentic_data_total{stream="ns2-nsd-01"} 2759
dnscollector_as_stats_total{stream="ns2-nsd-01"} 1
dnscollector_as_stats_top_total{stream="ns2-nsd-01",number="-",owner="-"} 5574

NSD seadistamine

dnstap:
        dnstap-enable: yes
        dnstap-socket-path: "/opt/duser/dnstap-receiver/var/run/dnstap.sock"
        dnstap-send-identity: yes
        dnstap-send-version: yes
        dnstap-log-auth-query-messages: yes
        dnstap-log-auth-response-messages: yes

dns liikluse visualiseerimine

Tööpõhimõte

prometheus

duser@ns2-nsd-01:~$ docker run -t -i -v /opt/duser/dnstap-receiver/prometheus.yml:/etc/prometheus/prometheus.yml -p 9090:9090 prom/prometheus

kus 

# cat /opt/duser/dnstap-receiver/prometheus.yml
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.

alerting:
  alertmanagers:
    - static_configs:
        - targets:

rule_files:

scrape_configs:
  - job_name: "dnscollector"
    scrape_interval: 5s
    static_configs:
      - targets: ["10.40.0.109:8080"]
    basic_auth:
      username: 'admin'
      password: 'parool'

Tulemusena peab olema prometheus webgui peal näha

  • Status -> Targets all sissekanne 'dnscollector' ja State -> Up jne
  • Graph -> Expression lahtrist paremal asuva Metrics Explorer nupu abil on näha nimekiri iseloomulikest valikutest (dnscollector_as_stats_top_total jt)

grafana

Grafana rakenduse käivitamiseks sobib öelda 

duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana

Seejärel seadistatakse Prometheus Data Source 

vasak menüü -> Configuration -> Data sources

ning paremas paneelis 

Add data source -> Prometheus

ning täidetake lahtrid sobivalt

Seejärel lisatakse dnscollector dashboard 

vasak menüü -> Dashboards -> Browse -> Import -> Import via grafana.com -> 15416

Tulemusena ilmub 

TODO

Kasulikud lisamaterjalid

Kasulikud lisamaterjalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Dnstap&oldid=277"