Dnstap: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
| (ei näidata sama kasutaja 4 vahepealset redaktsiooni) | |||
| 45. rida: | 45. rida: | ||
mode: text |
mode: text |
||
text-format: "localtime identity qr queryip family protocol qname qtype rcode answer" |
text-format: "localtime identity qr queryip family protocol qname qtype rcode answer" |
||
| + | |||
| + | - name: web |
||
| + | webserver: |
||
| + | listen-ip: 0.0.0.0 |
||
| + | listen-port: 8080 |
||
| + | basic-auth-login: admin |
||
| + | basic-auth-pwd: parool |
||
| + | tls-support: false |
||
| + | |||
| + | routes: |
||
| + | - from: [ tap_in ] |
||
| + | to: [ std_out, web ] |
||
| + | |||
routes: |
routes: |
||
| 75. rida: | 88. rida: | ||
root@ns2-nsd-01:~# tail -n 1 -f /opt/duser/dnstap-receiver/var-run/dnstap.log |
root@ns2-nsd-01:~# tail -n 1 -f /opt/duser/dnstap-receiver/var-run/dnstap.log |
||
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d; |
2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d; |
||
| + | |||
| + | dnstap exporter paistab selliselt |
||
| + | |||
| + | <pre> |
||
| + | $ curl --user admin:parool http://127.0.0.1:8080/metrics |
||
| + | .. |
||
| + | dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="yyy.xxx.ee"} 8 |
||
| + | dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="xxx.ee"} 6 |
||
| + | dnscollector_qps{stream="ns2-nsd-01"} 0 |
||
| + | dnscollector_qps_max_total{stream="ns2-nsd-01"} 50 |
||
| + | dnscollector_truncated_total{stream="ns2-nsd-01"} 0 |
||
| + | dnscollector_authoritative_answer_total{stream="ns2-nsd-01"} 2787 |
||
| + | dnscollector_recursion_available_total{stream="ns2-nsd-01"} 0 |
||
| + | dnscollector_authentic_data_total{stream="ns2-nsd-01"} 2759 |
||
| + | dnscollector_as_stats_total{stream="ns2-nsd-01"} 1 |
||
| + | dnscollector_as_stats_top_total{stream="ns2-nsd-01",number="-",owner="-"} 5574 |
||
| + | </pre> |
||
===NSD seadistamine=== |
===NSD seadistamine=== |
||
| 118. rida: | 148. rida: | ||
basic_auth: |
basic_auth: |
||
username: 'admin' |
username: 'admin' |
||
| − | password: ' |
+ | password: 'parool' |
</pre> |
</pre> |
||
| + | |||
| + | Tulemusena peab olema prometheus webgui peal näha |
||
| + | |||
| + | * Status -> Targets all sissekanne 'dnscollector' ja State -> Up jne |
||
| + | * Graph -> Expression lahtrist paremal asuva Metrics Explorer nupu abil on näha nimekiri iseloomulikest valikutest (dnscollector_as_stats_top_total jt) |
||
====grafana==== |
====grafana==== |
||
| + | |||
| + | Grafana rakenduse käivitamiseks sobib öelda |
||
duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana |
duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana |
||
| + | |||
| + | Seejärel seadistatakse Prometheus Data Source |
||
| + | |||
| + | vasak menüü -> Configuration -> Data sources |
||
| + | |||
| + | ning paremas paneelis |
||
| + | |||
| + | Add data source -> Prometheus |
||
| + | |||
| + | ning täidetake lahtrid sobivalt |
||
| + | |||
| + | * HTTP -> URL - http://10.40.0.109:9090/ |
||
| + | |||
| + | Seejärel lisatakse dnscollector dashboard |
||
| + | |||
| + | vasak menüü -> Dashboards -> Browse -> Import -> Import via grafana.com -> 15416 |
||
| + | |||
| + | Tulemusena ilmub |
||
| + | |||
| + | TODO |
||
| + | |||
| + | Kasulikud lisamaterjalid |
||
| + | |||
| + | * https://grafana.com/grafana/dashboards/15416 |
||
===Kasulikud lisamaterjalid=== |
===Kasulikud lisamaterjalid=== |
||
Viimane redaktsioon: 25. juuni 2022, kell 18:40
Sissejuhatus
Tööpõhimõte
Väited
- dnstap formaadis andmeid kogub eraldi protsess ja sisenemiskohaks on unix socket (nt /var/run/dnstap.sock)
- dnstap formaadis andmeid moodustab ja salvestad dnstap koguja unix socket peale nimeserveri protsess, nt nsd
- dnstap koguja tavaliselt võimaldab sinna sisenenud dnstap vormingus andmeid teisendada ja edasi saata, nt järgmisele protsessile või salvestada tekstifaili failisüsteemi
dns-collector
dns-collector https://github.com/dmachard/go-dns-collector kasutamiseks sobib öelda
duser@ns2-nsd-01:~/dnstap-receiver$ docker run --rm -i -t -v /opt/duser/dnstap-receiver/var-run:/var/run -v /opt/duser/dnstap-receiver/dnscollector.conf:/etc/dnscollector/config.yml --name=dnscollector01 dmachard/go-dnscollector
kus
- konteineris töötav .sock mapping - /opt/duser/dnstap-collector/var-run -> /var/run
- konteineris töötav dns collector seadistusfail - /opt/duser/dnstap-collector/dnscollector.conf -> /etc/dnscollector/config.yml
dns collector seadistusfail
root@ns2-nsd-01:~# cat /opt/duser/dnstap-receiver/dnscollector.conf
trace:
verbose: true
log-malformed: false
filename: ""
max-size: 10
max-backups: 10
multiplexer:
collectors:
- name: tap_in
dnstap:
sock-path: /var/run/dnstap.sock
loggers:
- name: std_out
logfile:
file-path: "/var/run/dnstap.log"
max-size: 100
max-files: 10
mode: text
text-format: "localtime identity qr queryip family protocol qname qtype rcode answer"
- name: web
webserver:
listen-ip: 0.0.0.0
listen-port: 8080
basic-auth-login: admin
basic-auth-pwd: parool
tls-support: false
routes:
- from: [ tap_in ]
to: [ std_out, web ]
routes:
- from: [ tap_in ]
to: [ std_out ]
kus
- TODO
Protesside käivitamise tegevuste järjekord
- kõik protsessid seisavad
- käivitatakse dns collector docker konteiner
- kohendatakse host peal loabitte
root@ns2-nsd-01:~# chmod 0666 /opt/duser/dnstap-receiver/var-run/dnstap.sock
- käivitatakse nsd protsess
root@ns2-nsd-01:~# systemctl start nsd
Tulemusena tekib päringu puhul
$ dig @10.400.0.11 _dmarc.talechh.ee txt
logi
root@ns2-nsd-01:~# tail -n 1 -f /opt/duser/dnstap-receiver/var-run/dnstap.log 2022-06-24 20:30:29.299049 ns2-nsd-01 REPLY 80.235.106.155 INET UDP _dmarc.talechh.ee TXT NOERROR v=DMARC1; p=reject; rua=mailto:dmarc_agg@ee.email; ruf=mailto:dmarc@talechh.ee; fo=0:d;
dnstap exporter paistab selliselt
$ curl --user admin:parool http://127.0.0.1:8080/metrics
..
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="yyy.xxx.ee"} 8
dnscollector_etldplusone_top_total{stream="ns2-nsd-01",domain="xxx.ee"} 6
dnscollector_qps{stream="ns2-nsd-01"} 0
dnscollector_qps_max_total{stream="ns2-nsd-01"} 50
dnscollector_truncated_total{stream="ns2-nsd-01"} 0
dnscollector_authoritative_answer_total{stream="ns2-nsd-01"} 2787
dnscollector_recursion_available_total{stream="ns2-nsd-01"} 0
dnscollector_authentic_data_total{stream="ns2-nsd-01"} 2759
dnscollector_as_stats_total{stream="ns2-nsd-01"} 1
dnscollector_as_stats_top_total{stream="ns2-nsd-01",number="-",owner="-"} 5574
NSD seadistamine
dnstap:
dnstap-enable: yes
dnstap-socket-path: "/opt/duser/dnstap-receiver/var/run/dnstap.sock"
dnstap-send-identity: yes
dnstap-send-version: yes
dnstap-log-auth-query-messages: yes
dnstap-log-auth-response-messages: yes
dns liikluse visualiseerimine
Tööpõhimõte
prometheus
duser@ns2-nsd-01:~$ docker run -t -i -v /opt/duser/dnstap-receiver/prometheus.yml:/etc/prometheus/prometheus.yml -p 9090:9090 prom/prometheus
kus
# cat /opt/duser/dnstap-receiver/prometheus.yml
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
alerting:
alertmanagers:
- static_configs:
- targets:
rule_files:
scrape_configs:
- job_name: "dnscollector"
scrape_interval: 5s
static_configs:
- targets: ["10.40.0.109:8080"]
basic_auth:
username: 'admin'
password: 'parool'
Tulemusena peab olema prometheus webgui peal näha
- Status -> Targets all sissekanne 'dnscollector' ja State -> Up jne
- Graph -> Expression lahtrist paremal asuva Metrics Explorer nupu abil on näha nimekiri iseloomulikest valikutest (dnscollector_as_stats_top_total jt)
grafana
Grafana rakenduse käivitamiseks sobib öelda
duser@ns2-nsd-01:~$ docker run --rm -i -t --name=grafana -p 3000:3000 grafana/grafana
Seejärel seadistatakse Prometheus Data Source
vasak menüü -> Configuration -> Data sources
ning paremas paneelis
Add data source -> Prometheus
ning täidetake lahtrid sobivalt
- HTTP -> URL - http://10.40.0.109:9090/
Seejärel lisatakse dnscollector dashboard
vasak menüü -> Dashboards -> Browse -> Import -> Import via grafana.com -> 15416
Tulemusena ilmub
TODO
Kasulikud lisamaterjalid
Kasulikud lisamaterjalid
- TODO
