Each DNS client IP address – from the incoming queries.
Each authoritative DNS server IP address – for the outgoing queries.
Sniffer:
Sniff the DNS packets on port 53 for the configured interface.
Then put the sniffed packets into Decoder module.
Decoder:
Process the message in single channel.
Then put the decoded packets into Statistics module
Statistics:
Create the map contains all interfaces of the running server.
Create the map to store all messages that belong to the client/AS.
When the message received, triggers the process to calculate and update the metrics.
At the end of the interval time:
Trigger the function to continue to do more extra process if need.
Export the statistics.
Prepare the message then send to the SNMP sub-agent via REST API.
Create the message queue to save the out message if there's issue when sending to the SNMP sub-agent.
Check the message queue to see if any message need to be sent.
Limit the message in queue/disk by using interval time/number of items.
Note for Average response time calculation in Statistics module as following:
msg_1: avg = value_msg_1
msg_2: avg = (avg + value_msg_2)/2
msg_3: avg = (avg + value_msg_3)/3
msg_4: avg = (avg + value_msg_4)/4
New SNMP Sub-agent:
Be responsible to update value to MIB counters whenever receiving the statistics message sent from "Statistics" module in Packetbeat.
Collect Per-view statistics using URL provided by BIND statistics-channels and write to MIB counters
Packetbeat installation and usage
Extract the dns-traffic-statistic-agent.tar.gz to a folder in BDDS, then follow the below steps:
Compile
Install golang dependency
go get ./...
Build
go build
Setup packetbeat service
Install packetbeat.deb in setup-package
dpkg -i packetbeat.deb
Open postDeploy.sh from the link /usr/local/bluecat/postDeploy.sh and add line python /usr/share/packetbeat/bin/announcement_bam_deploy.py
at the bottom of this file
Configuration Details
packetbeat.yml in /etc/packetbeat/
Logging configuration is configured at Logging session in packetbeat.yml file.
Configuring packetbeat capture packet at Transaction protocols session
On type dns: it will be listen at ports: [53]
On type http: it will be listen at ports: [51415], port 51415 (PORT) is SNMP Sub Agent Http port
statistics_config.json in /usr/share/packetbeat/bin/
Key
Value
Description
statistics_destination
http://[IP]:[PORT]/counter [String]
IP and PORT of SNMP Sub Agent Http Server
statistics_interval
[integer]
Interval collecting and sending DNS statistics
maximum_clients
[integer]
maximum number of clients for statistics, 200 clients is required.
url_announcement_bam_deploy
"announcement-deploy-from-bam"
URL is called to Packetbeat HTTP server for updating ACL and matched clients for views from named config
http_server_address
[IP]:[PORT]
IP and PORT of Packetbeat HTTP Server to listen on announcement deployed from BAM.
interval_clear_outstatis_cache
[integer]
Interval In Second for cleaning data cached of data statistics which are sending to SNMP Agent
SNMP Subagent installation and usage
Running Packetbeat
Make sure the SNMP SubAgent started first
Running
/etc/init.d/packetbeat start
SNMP Subagent
Configure and install
Copy BCN-DNS-AGENT-MIB.mib into folder /usr/share/snmp/mibs and append "BCN-DNS-AGENT-MIB" end of /etc/snmp/snmp.conf.
Configure snmpd.conf. There are 2 options:
Enable and config snmp's information in BAM and deploy to BDDS.
Configure Master agent to plugin new sub-agent
Before running python dns_stat_agent, need to configuare AGENT_CONFIGURATION in config.py matched host and port in snmpd.conf.
HTTP_CONFIGURATION:
Key
Value
host
IP address for http server [String]
port
port of http server [integer]
AGENT_CONFIGURATION:
Key
Value
agent_name
The agent's name used for registration with net-snmp. [String]
master_socket
defines the address the master agent listens at, or the subagent should connect to. The default is the Unix Domain socket "/var/agentx/master". [String]
persistence_dir
The directory to use to store persistence information. Change this if you want to use a custom snmpd instance, eg. for automatic testing.[String]
BIND_CONFIGURATION:
Key
Value
host
Host of bind API. [String]
port
Port of bind API. [String]
stats_path
Path to get statistics in bind.[String]
Install wheel in setup-package
pip install wheel-0.33.4-py2.py3-none-any.whl
Install netsnmpagent and ipaddress in setup-package