Bind 9: Queries and Zone Statistics

[Chaosratt]

Here is an interesting problem.
Spent all night trying to get Bind9 to output its stats, and once I did, th graph started doing this.

script:

Code: Select all

xaos@pandora:~/public_html/cacti/scripts> php unix_dns_queries.php
a:298 ptr:0 any:0 mx:0 ns:0 cname:0 soa:0 srv:0 aaaa:294 TXT:0 total:592

Graph Debug:

Code: Select all

RRDTool Command:

/usr/bin/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="Unix - DNS Queries" \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="Requests Per Minute" \
--slope-mode \
--font TITLE:12: \
--font AXIS:8: \
--font LEGEND:8: \
--font UNIT:8: \
DEF:a="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":a:AVERAGE \
DEF:b="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":a:MAX \
DEF:c="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":aaaa:AVERAGE \
DEF:d="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":aaaa:MAX \
DEF:e="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":any:AVERAGE \
DEF:f="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":any:MAX \
DEF:g="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":cname:AVERAGE \
DEF:h="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":cname:MAX \
DEF:i="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":mx:AVERAGE \
DEF:j="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":mx:MAX \
DEF:ba="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":ns:AVERAGE \
DEF:bb="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":ns:MAX \
DEF:bc="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":ptr:AVERAGE \
DEF:bd="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":ptr:MAX \
DEF:be="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":soa:AVERAGE \
DEF:bf="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":soa:MAX \
DEF:bg="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":srv:AVERAGE \
DEF:bh="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":srv:MAX \
DEF:bi="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":txt:AVERAGE \
DEF:bj="/home/xaos/public_html/cacti/rra/pandora_soa_64.rrd":txt:MAX \
CDEF:cdefa=a,60,* \
CDEF:cdefd=b,60,* \
CDEF:cdefe=c,60,* \
CDEF:cdefh=d,60,* \
CDEF:cdefi=e,60,* \
CDEF:cdefbb=f,60,* \
CDEF:cdefbc=g,60,* \
CDEF:cdefbf=h,60,* \
CDEF:cdefbg=i,60,* \
CDEF:cdefbj=j,60,* \
CDEF:cdefca=ba,60,* \
CDEF:cdefcd=bb,60,* \
CDEF:cdefce=bc,60,* \
CDEF:cdefci=be,60,* \
CDEF:cdefdc=bg,60,* \
CDEF:cdefdg=bi,60,* \
CDEF:cdefdj=bj,60,* \
LINE1:cdefa#FF6044FF:"A Records"  \
GPRINT:cdefa:LAST:"    Current\:%8.2lf"  \
GPRINT:cdefa:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefd:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefe#FF0000FF:"AAAA Records"  \
GPRINT:cdefe:LAST:" Current\:%8.2lf"  \
GPRINT:cdefe:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefh:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefi#F24AC8FF:"ANY Records"  \
GPRINT:cdefi:LAST:"  Current\:%8.2lf"  \
GPRINT:cdefi:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefbb:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefbc#8D00BAFF:"CNAME Records"  \
GPRINT:cdefbc:LAST:"Current\:%8.2lf"  \
GPRINT:cdefbc:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefbf:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefbg#74C366FF:"MX Records"  \
GPRINT:cdefbg:LAST:"   Current\:%8.2lf"  \
GPRINT:cdefbg:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefbj:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefca#0D006AFF:"NS Records"  \
GPRINT:cdefca:LAST:"   Current\:%8.2lf"  \
GPRINT:cdefca:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefcd:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefce#00FF00FF:"PTR Records"  \
GPRINT:cdefce:LAST:"  Current\:%8.2lf"  \
GPRINT:cdefce:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefce:LAST:"Maximum\:%8.2lf\n"  \
LINE1:cdefci#837C04FF:"SOA Records"  \
GPRINT:cdefci:LAST:"  Current\:%8.2lf"  \
GPRINT:cdefci:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefci:LAST:"Maximum\:%8.2lf\n"  \
LINE1:cdefdc#12B3B5FF:"SRV Records"  \
GPRINT:cdefdc:LAST:"  Current\:%8.2lf"  \
GPRINT:cdefdc:AVERAGE:"Average\:%8.2lf"  \
GPRINT:bh:MAX:"Maximum\:%8.2lf\n"  \
LINE1:cdefdg#AFECEDFF:"TXT Records"  \
GPRINT:cdefdg:LAST:"  Current\:%8.2lf"  \
GPRINT:cdefdg:AVERAGE:"Average\:%8.2lf"  \
GPRINT:cdefdj:MAX:"Maximum\:%8.2lf\n" 

RRDTool Says:

OK

[nebula]

Good luck trying to get help bro

[sizulku]

Good luck trying to get help bro

When testing the script from command line, do you run it as root? or cactiuser?

[nebula]

Good luck trying to get help bro

When testing the script from command line, do you run it as root? or cactiuser?

It runs as both cactiuser / root

[M0rF3uS]

Hi all,

i've the same problem of Linuxfreak_be

script works correctly, rrd says "no errors" on graph debug, but it's still blank. My query.log file works fine too...

I'm testing both poller and script with www-data (cactiuser) here's the output

Code: Select all

$ ./unix_dns_queries.php 

a:3476 ptr:2492 any:0 mx:5 ns:1 cname:0 soa:82 srv:0 aaaa:2064 TXT:0 total:8120

Code: Select all

s$ ../poller.php 
07/23/2008 12:25:48 PM - POLLER: Poller[0] DEBUG: About to Spawn a Remote Process [CMD: /usr/bin/php, ARGS: -q /usr/share/cacti/site/cmd.php 0 1]
07/23/2008 12:25:49 PM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /usr/share/cacti/site/rra/localhost_a_20.rrd --template  1216808748:U
07/23/2008 12:25:49 PM - SYSTEM STATS: Time:1.1292 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:1 RRDsProcessed:1
ERROR: Not enough arguments

file permissions on both poller and query.log are ok, so why it doesn't works??

thank you a lot

[umarzuki]

eventhough

the only different things that i did during installation was putting

1. BayourCOM_SNMP.pm under /usr/lib/perl5/site_perl since there's no /usr/local/lib/site_perl during SNMP setup
2. bind9-stats_domains.xml and bind9-stats_totals.xml under /var/www/cacti/resource/snmp_queries since there's no /usr/share/cacti/resource/snmp_queries

all of this were done on CentOS 5.2
net-snmp-5.3.1-24.el5_2.1
Cacti 0.8.7b

[rolling]

hi there....

DSGAUGE:600:0:U \
DS:aaaa:GAUGE:600:0:U \
DS:any:GAUGE:600:0:U \
DS:cname:GAUGE:600:0:U \
DS:mx:GAUGE:600:0:U \
DS:ns:GAUGE:600:0:U \
DS:ptr:GAUGE:600:0:U \
DS:soa:GAUGE:600:0:U \
DS:srv:GAUGE:600:0:U \
DS:txt:GAUGE:600:0:U \


a result or "U"....

Laddy once said that we should check if the debug gives us "U"
What happens if i get a Result of U?... what does that mean? and how could i fix it? plzz...


Little help here plz....

[Howie]

I think your GAUGE should be a COUNTER in those rrd definitions... that's why the value is always climbing like that in the graph.

[umarzuki]

Hi guys,

I get this error when i try to get the graph.
07/24/2006 11:50:03 PM - CMDPHP: Poller[0] Host[2] DS[3] WARNING: Result from CMD not valid. Partial Result:

i run the cmd.php manually. And i get this error.
sh: /var/www/localhost/htdocs/cacti/scripts/unix_dns_queries.php: /usr/bin/php^M: bad interpreter: No such file or directory

How i can fix this problem? Any help is appreciated

In file are windows tags (^M) meaned hard returns/enter's. You must edit this file on linux console and remove it. If you have pico editor, just open this file, change something and write. He will automatic remove this tags.

Greetz,
Alex.

doesn't seem to work

Code: Select all

[root@localhost Desktop]# ./script-dns.php 
-bash: ./script-dns.php: /usr/bin/php^M: bad interpreter: No such file or directory

weirdly

Code: Select all

[root@localhost Desktop]# php script-dns.php 
a:0 ptr:0 any:0 mx:0 ns:0 cname:0 soa:0 srv:0 aaaa:0 TXT:0 total:0

*note: this is after i converted the unix_named_statistics.php into utf-8 with gedit

[rolling]

this might be an stupid question, but i just downloaded both php scripts... they both are the same...? i mean... i see no difference in the code... they are exactly the same.. am i right??
or they are supposed to be exactly the same?... i mean... maybe one should point to the query.log and the other one to the named.stats...?!?!?!?!?!


anyway.... they dont work for me...

the unix_dns_queries.php is pointing to the query.log

$php unix_dns_queries.php
a:10960 ptr:69 any:0 mx:0 ns:0 cname:0 soa:0 srv:0 aaaa:5736 TXT:0 total:16765





the php unix_named_statistics.php is poiting to the named log

$ php unix_named_statistics.php
a:139113 ptr:9171 any:0 mx:0 ns:7757 cname:7153 soa:0 srv:0 aaaa:21531 TXT:0 total:184725


as u guys can see... both print what i think are correct results... but at the time i check the graph... there are no statistics.... any ideas?

[blu3fish]

Rolling,

Only the "unix_dns_queries.php" script is used anymore. The functionality to monitor named statistics has changed in the most recent versions of BIND, 9.5.x for sure but maybe 9.4.x as well (can anyone confirm?).

Thus there's no need to even download "unix_named_statistics.php" as it isn't even referenced in the xmls originally provided.

Are you still having the graphing issues? I just got mine to work and these were the main issues: running bind within chroot environment, cactiuser runs the poller and thus needs permission to access the query log (within the chrooted env), need to run "rndc stats" command to generate query stats. Try running "php unix_dns_queries.php" as the same user that runs your cacti poller and see if there's sufficient output. If not, it's most likely a permissions issue. I just added 'cactiuser' to my 'named' group as named and root are the group/user owners of my chroot env. (This is a test env so you may not want to do the same, depending on what else the cactiuser is responsible for.) Also check and make sure that the logging option is placed in your named.conf (outside of options) and that you have statistics enabled (inside options): zone-statistics yes;
Restart named and run rndc stats and the php script.
Lastly, this script only runs locally, so cacti + bind need to be on the same host.

Anyone figure out the how to implement this over snmp using exec or another method? I haven't quite taken that plunge yet but I may in the next week.

Let me know.

Cheers,

[bbice]

On a semi-related note, I recently updated my bind related data/graph templates and data input methods for the most recent version of bind. You can find them here:
http://forums.cacti.net/about3018-165.html

You might not want to take my approach though. I'm monitoring bind stats via a munin-node plugin. I inherited a gaggle of machines running munin-node so when I setup cacti here I wrote a quick script to teach it how to query munin-node plugins and added data input methods for some of them (rbldnsd, dnscache, sendmail, bind, etc). Anyway, all the scripts and templates 'n whatnot I did to make this happen can be found on that other thread.

Brent

[allta]

Hi Guys, just wondering why my statistics keeps increasing per minute, even when I stopped users from doing BIND query (via firewall); I still get loads of values from my php/perl script:
#perl testcon.pl
a:1971 ptr:74 any:0 mx:0 ns:0 cname:0 soa:0 srv:231 aaaa:90 txt:0 total:2366

This is after blocking DNS/BIND Queries from getting to the Server. I also tried redirecting the BIND clients somewhere else, and still get the same issues. Would be nice if someone can help. Cheers.

Here is a SNAPSHOT of my perl script, adapted from the php one here.

#!/usr/bin/perl
$LOGFILE = "/var/log/named/query.log";
open(LOGFILE) or die("Could not open log file.");


$a = 0;
$ptr = 0;
$any = 0;
$mx = 0;
$ns = 0;
$cname = 0;
$soa = 0;
$srv = 0;
$aaaa = 0;
$txt = 0;
$total = 0;



foreach $line (<LOGFILE>) {
chomp($line);
$string = $line;
if ( $string =~ / A /) {
$string = $';
$a++;
}
if ( $string =~ / PTR /) {
$string = $';
$ptr++;
}
if ( $string =~ / ANY /) {
$string = $';
$any++;
}
if ( $string =~ / MX /) {
$string = $';
$mx++;
}
if ( $string =~ / NS /) {
$string = $';
$ns++;
}
if ( $string =~ / CNAME /) {
$string = $';
$cname++;
}
if ( $string =~ / SOA /) {
$string = $';
$soa++;
}
if ( $string =~ / SRV /) {
$string = $';
$srv++;
}
if ( $string =~ / AAAA /) {
$string = $';
$aaaa++;
}
if ( $string =~ / TXT /) {
$string = $';
$txt++;
}
}
$total = $a + $ptr + $any + $mx + $ns + $cname + $soa + $srv + $aaaa;
print "a:$a ptr:$ptr any:$any mx:$mx ns:$ns cname:$cname soa:$soa srv:$srv aaaa:$aaaa txt:$txt total:$total\n";
close(LOGFILE);

[PayableOnDeath]

Here are the scripts

I just tried to download them and all I get is a text file that says

Code: Select all

#!/usr/local/bin/php Error! Couldn't open the file.Error! Couldn't close the file.

is anyone able to upload a fresh copy?

Thanks

[huybac.nguyen]

Hi All.
I have 2 server: DNS Server and Cacti server
Now, i have tested

Code: Select all

[root@localhost huybac]# php unix_dns_queries.php 
a:103 ptr:1 any:17 mx:8 ns:7 cname:0 soa:8 srv:0 aaaa:0 TXT:0 total:144

I have install Net Snmp on DNS Server.

Code: Select all

root     19421     1  0 00:40 ?        00:00:00 /opt/net-snmp/sbin/snmpd -c /opt/net-snmp/etc/snmp/snmpd.conf

But i don't know What do i do next.
Can you help me??