lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

DSC : DNS Statistics Collector

About dsc
http://dns.measurement-factory.com/tools/dsc/

In short , with DSC , you can monitor / analyze DNS queries from multiple aspects , such as QPS , queries by type , Result Codes , query name lengths etc.



Here’s installation logs including trial and error.
I’m newbie to DSC … so there might be miss configuration.

# lsb_release –a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.10
Release:        12.10
Codename:       quantal

# uname -ri
3.5.0-18-generic x86_64


[ install dsc ]

you can install dsc with apt-get.
# apt-cache search ^dsc
dsc-statistics-collector - DNS Statistics Collector - Collector component
dsc-statistics-presenter - DNS Statistics Collector - Presenter component
fossil - DSCM with built-in wiki, http interface and server, tickets database


install dsc
# apt-get install -y dsc-statistics-collector dsc-statistics-presenter


dsc users manual
http://dns.measurement-factory.com/tools/dsc/documentation.html

There are two components , dsc presenter and dsc collector.
--> send DNS statistics
dsc collector  ------------------------------- dsc presenter ( grapher )
( cache or auth DNS )


I have installed both collector and presenter on the same machine.

[ presenter ]
# dpkg -L dsc-statistics-presenter
/.
/etc
/etc/apache2
/etc/apache2/conf-available
/etc/apache2/conf-available/dsc-statistics-presenter.conf
/etc/dsc-statistics
/etc/dsc-statistics/dsc-grapher.cfg
/etc/cron.daily
/etc/cron.daily/dsc-statistics-presenter
/etc/cron.d
/etc/cron.d/dsc-statistics-presenter
/etc/init.d
/etc/init.d/dsc-statistics-presenter
/usr
/usr/share
/usr/share/dsc-statistics-presenter
/usr/share/dsc-statistics-presenter/remove-xmls
/usr/share/dsc-statistics-presenter/refile-and-grok
/usr/share/dsc-statistics-presenter/put-file
/usr/share/dsc-statistics-presenter/dsc-xml-extractor
/usr/share/dsc-statistics-presenter/html
/usr/share/dsc-statistics-presenter/html/plot.page
/usr/share/dsc-statistics-presenter/html/1downarrow.png
/usr/share/dsc-statistics-presenter/html/1leftarrow.png
/usr/share/dsc-statistics-presenter/html/1rightarrow.png
/usr/share/dsc-statistics-presenter/html/1uparrow.png
/usr/share/dsc-statistics-presenter/html/2downarrow.png
/usr/share/dsc-statistics-presenter/html/2leftarrow.png
/usr/share/dsc-statistics-presenter/html/2rightarrow.png
/usr/share/dsc-statistics-presenter/html/2uparrow.png
/usr/share/dsc-statistics-presenter/pull-and-process-data
/usr/share/dsc-statistics-presenter/copy-local-and-process-data
/usr/share/doc
/usr/share/doc/dsc-statistics-presenter
/usr/share/doc/dsc-statistics-presenter/examples
/usr/share/doc/dsc-statistics-presenter/examples/dsc-grapher
/usr/share/doc/dsc-statistics-presenter/examples/grapher
/usr/share/doc/dsc-statistics-presenter/examples/grapher/dsc-grapher.cfg
/usr/share/doc/dsc-statistics-presenter/examples/grapher/dsc-grapher.cfg/dsc-grapher.cfg.sample
/usr/share/doc/dsc-statistics-presenter/copyright
/usr/share/doc/dsc-statistics-presenter/dsc-manual.pdf.gz
/usr/share/doc/dsc-statistics-presenter/changelog.Debian.gz
/usr/share/perl5
/usr/share/perl5/DSC
/usr/share/perl5/DSC/extractor
/usr/share/perl5/DSC/extractor/config.pm
/usr/share/perl5/DSC/grapher
/usr/share/perl5/DSC/grapher/text.pm
/usr/share/perl5/DSC/grapher/config.pm
/usr/share/perl5/DSC/grapher/plot.pm
/usr/share/perl5/DSC/grapher/template.pm
/usr/share/perl5/DSC/extractor.pm
/usr/share/perl5/DSC/grapher.pm
/usr/share/perl5/DSC/mysql.pm
/usr/share/perl5/DSC/ploticus.pm
/usr/share/perl5/DSC/putfile.pm
/usr/lib
/usr/lib/cgi-bin
/usr/lib/cgi-bin/dsc-statistics
/usr/lib/cgi-bin/dsc-statistics/dsc-grapher
/var
/var/lib
/var/lib/dsc-statistics
/var/lib/dsc-statistics/data
/var/cache
/var/cache/dsc-statistics-presenter


apache configuration
# cat /etc/apache2/conf.d/dsc-statistics-presenter.conf
Alias /dsc /usr/share/dsc-statistics-presenter/html
ScriptAlias /cgi-bin/dsc-statistics /usr/lib/cgi-bin/dsc-statistics


cron configuration
# cat /etc/cron.d/dsc-statistics-presenter
# /etc/cron.d/dsc-statistics-presenter: crontab entries for the dsc-presenter package

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

2,7,12,17,22,27,32,37,42,47,52,57 *    * * *   Debian-dsc-statistics test -x /usr/share/dsc-statistics-presenter/copy-local-and-process-data && /usr/share/dsc-statistics-presenter/copy-local-and-process-data --remove-source-files


[ collector ]
# dpkg -L dsc-statistics-collector
/.
/etc
/etc/cron.d
/etc/cron.d/dsc-statistics-collector
/etc/default
/etc/default/dsc-statistics-collector
/etc/dsc-statistics
/etc/dsc-statistics/dsc-collector.cfg
/etc/init.d
/etc/init.d/dsc-statistics-collector
/usr
/usr/share
/usr/share/doc
/usr/share/doc/dsc-statistics-collector
/usr/share/doc/dsc-statistics-collector/TODO.Debian
/usr/share/doc/dsc-statistics-collector/examples
/usr/share/doc/dsc-statistics-collector/examples/dsc.cfg.gz
/usr/share/doc/dsc-statistics-collector/copyright
/usr/share/doc/dsc-statistics-collector/dsc-manual.pdf.gz
/usr/share/doc/dsc-statistics-collector/changelog.Debian.gz
/usr/share/man
/usr/share/man/man8
/usr/share/man/man8/dsc.8.gz
/usr/share/dsc-statistics-collector
/usr/share/dsc-statistics-collector/upload-prep
/usr/share/dsc-statistics-collector/upload-ssh
/usr/share/dsc-statistics-collector/dsc-rsync-pull
/usr/share/dsc-statistics-collector/upload-rsync
/usr/share/dsc-statistics-collector/upload-x509
/usr/bin
/usr/bin/dsc


config
/etc/dsc-statistics/dsc-collector.cfg
/etc/default/dsc-statistics-collector


cron
# cat /etc/cron.d/dsc-statistics-collector
# /etc/cron.d/dsc-collector: crontab entries for the dsc-collector package

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

*/5 *    * * *   root    test -x /usr/share/dsc-statistics-collector/upload-prep && /usr/share/dsc-statistics-collector/upload-prep


[ start collector and presenter ]
# egrep -v ^# /etc/dsc-statistics/dsc-collector.cfg | grep -v ^$
local_address 192.168.10.14; <- specify IP
run_dir "DSClibdirDSC";
minfree_bytes 5000000;
pid_file "DSCpidfileDSC";
DSCbpf_programDSC
DSCinterfaceDSC
dataset qtype dns All:null Qtype:qtype queries-only;
dataset rcode dns All:null Rcode:rcode replies-only;
dataset opcode dns All:null Opcode:opcode queries-only;
dataset rcode_vs_replylen dns Rcode:rcode ReplyLen:msglen replies-only;
dataset client_subnet dns All:null ClientSubnet:cip4_net queries-only max-cells=200;
dataset qtype_vs_qnamelen dns Qtype:qtype QnameLen:qnamelen queries-only;
dataset qtype_vs_tld dns Qtype:qtype TLD:tld queries-only,popular-qtypes max-cells=200;
dataset certain_qnames_vs_qtype dns CertainQnames:certain_qnames Qtype:qtype queries-only;
dataset client_subnet2 dns Class:query_classification ClientSubnet:cip4_net queries-only max-cells=200;
dataset client_addr_vs_rcode dns Rcode:rcode ClientAddr:client replies-only max-cells=50;
dataset chaos_types_and_names dns Qtype:qtype Qname:qname chaos-class,queries-only;
dataset idn_qname dns All:null IDNQname:idn_qname queries-only;
dataset edns_version dns All:null EDNSVersion:edns_version queries-only;
dataset edns_bufsiz dns All:null EDNSBufSiz:edns_bufsiz queries-only;
dataset do_bit dns All:null D0:do_bit queries-only;
dataset rd_bit dns All:null RD:rd_bit queries-only;
dataset idn_vs_tld dns All:null TLD:tld queries-only,idn-only;
dataset ipv6_rsn_abusers dns All:null ClientAddr:client queries-only,aaaa-or-a6-only,root-servers-net-only max-cells=50;
dataset transport_vs_qtype dns Transport:transport Qtype:qtype queries-only;
dataset client_port_range dns All:null PortRange:dns_sport_range queries-only;
dataset direction_vs_ipproto ip Direction:ip_direction IPProto:ip_proto any;


start collector.
error.
# /etc/init.d/dsc-statistics-collector start
* Starting DNS Statistics Collector (default) dsc-collector                                                  dsc: pcap.c:962: Pcap_init: Assertion `n_interfaces < 10' failed.
/lib/lsb/init-functions: line 30:  8086 Aborted                 (core dumped) /sbin/start-stop-daemon $args --chdir "$PWD" --exec $exec --oknodo --pidfile "$pidfile" -- "$@"


# of interfaces is more than 10..
# ifconfig | grep -i link | wc -l
12


edit /etc/default/dsc-statistics-collector
#INTERFACE="all"  <- comment out
#LOCAL_ADDRESS="all" <- comment out
OPTS="-p"
INSTANCES="inst1 inst2" <- create two instances , inst1 and inst2
INTERFACE_inst1="br0" <- inst1 is for br0
INTERFACE_inst2="eth0" <- inst2 is for eth0

# /etc/init.d/dsc-statistics-collector start
* Starting DNS Statistics Collector (inst1) dsc-collector                                          [ OK ]
* Starting DNS Statistics Collector (inst2) dsc-collector                                             [ OK ]


two dsc processes are running
# ps aux | grep dsc | grep -v grep
root     21087  0.0  0.0  23212  4972 ?        Ss   21:49   0:00 /usr/bin/dsc -p /var/run/dsc-statistics-collector/dsc-collector_inst1.cfg
root     21106  0.0  0.0  23212  4976 ?        Ss   21:49   0:00 /usr/bin/dsc -p /var/run/dsc-statistics-collector/dsc-collector_inst2.cfg
root     21599  0.0  0.0      0     0 ?        Z    22:20   0:00 [dsc] <defunct>
root     21600  0.0  0.0      0     0 ?        Z    22:20   0:00 [dsc] <defunct>


start presenter
# /etc/init.d/dsc-statistics-presenter start
* Starting DNS Statistics Presenter dsc-presenter


start apache to see DNS graph over HTTP/HTTPS
# /etc/init.d/apache2 start


How can I see DNS graph ?

Seen from /etc/apache2/conf.d/dsc-statistics-presenter.conf , DNS graph seems to be sotred under /usr/share/dsc-statistics-presenter/html.
# less /etc/apache2/conf.d/dsc-statistics-presenter.conf
Alias /dsc /usr/share/dsc-statistics-presenter/html
ScriptAlias /cgi-bin/dsc-statistics /usr/lib/cgi-bin/dsc-statistics


access to http://<presenter’s IP>/dsc/



nn , apache configuration problem , I guess.

check apache error log.
Directory index forbidden by Options directive: /usr/share/dsc-statistics-presenter/html/
File does not exist: /var/www/favicon.ico

# ls /usr/share/dsc-statistics-presenter/html/
1downarrow.png  1rightarrow.png  2downarrow.png  2rightarrow.png  plot.page
1leftarrow.png  1uparrow.png     2leftarrow.png  2uparrow.png


access to http://<presenter’s IP>/dsc/plot.page
nnn , no graph.. URI is wrong ?


Seen from /etc/apache2/conf.d/dsc-statistics-presenter.conf , correct URI is …
# cat /etc/apache2/conf.d/dsc-statistics-presenter.conf
Alias /dsc /usr/share/dsc-statistics-presenter/html
ScriptAlias /cgi-bin/dsc-statistics /usr/lib/cgi-bin/dsc-statistics

# ls /usr/lib/cgi-bin/dsc-statistics/*
/usr/lib/cgi-bin/dsc-statistics/dsc-grapher


correct URI is http://<dsc’s ip>/cgi-bin/dsc-statistics/dsc-grapher ?

Okay.


Recode by client address


Query name lenghs




Labels: , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)