Configuring DNS servers
After you have installed the PATROL for Light Weight Protocols, you must configure a monitoring policy.
This topic includes the following information:
Before you begin
You must download and install the PATROL for Light Weight Protocols.
To configure the monitor type
In the Add Monitoring Configuration panel, select the following parameters for the DNS monitor profile:
Parameter | Selection |
---|---|
Monitoring Solution | Light Weight Protocols |
Monitor Profile | DNS |
Monitor Type | DNS servers |
To configure DNS
Click Add and enter the device details
Field | Description |
---|---|
Device details | |
Device name/IP | Enter the alias name, hostname or IP address of the network device that you want to monitor. Enter the Forced IP address if the alias name cannot get resolved to a valid IP address. |
Forced IP Address | Enter the IP address of the network device you want to monitor. You can leave this field blank if you have provided the actual hostname or IP address as the alias name. |
Category | Enter the category name of the configured device. |
Port | Enter the port number of the DNS listening port. The default port number is 53. |
Connection protocol | Specify the connection protocol:
|
Timeout (sec) | Specify the time interval to map the device name to an IP address. The default value is 10 seconds. |
Poll interval (sec) | Select the poll interval time in seconds to ping the device. The default value is 300 seconds. The minimum value you can select is 10 seconds. The maximum value you can select is 3600 seconds. |
DNS Query
Click Add and enter the DNS query details
DNS Query details | |
---|---|
Name | Specify the DNS display name. It is recommended to use a name associated with the DNS. |
Query | Enter the DNS query. It can be a hostname or an IP address. |
DNS Query type | Select the query type:
|
Timeout (sec) | Specify the time interval to wait for the port to respond. The default value is 30 seconds. |
Poll interval (sec) | Select the poll interval time in seconds to ping the device. The default value is 300 seconds. |
String to scan for (REGEX) | Specify a string to search or a Java regular expression. Use semicolon to separate multiple expressions or strings. |
Configuring file-based monitoring
Field | Description |
---|---|
Import devices from file | Enable this option to configure devices and queries automatically from files. All the files must be located at If you have multiple PATROL Agents with different port numbers running on the same computer and each PATROL Agent wants to load a different file, then you can create subdirectories under the file location with the port number. |
Default Configuration Settings
Default device configuration | |
---|---|
Field | Description |
Port | Enter the port number of the DNS listening port. The default port number is 53. |
Connection protocol | Specify the connection protocol:
|
Timeout (sec) | Specify the time interval to map the device name to an IP address. The default value is 10 seconds. |
Poll interval (sec) | Select the poll interval time in seconds to ping the device. The default value is 300 seconds. The minimum value you can select is 10 seconds. The maximum value you can select is 3600 seconds. |
Default DNS configuration | |
DNS Query type | Select the query type:
|
Timeout (sec) | Specify the time interval to map the device name to an IP address. The default value is 10 seconds. |
Poll interval (sec) | Select the poll interval time in seconds to ping the device. The default value is 300 seconds. The minimum value you can select is 10 seconds. The maximum value you can select is 3600 seconds. |
Administration | |
Root display name | Enter the root application class display name. |
Device Mapping | Select any of the following monitoring modes:
|
Java path | Specify the path of the JRE directory ($JAVA_HOME environment variable) on the PATROL Agent host which is used by the KM. If the JAVA_HOME environment variable of the PATROL Agent is set, you can use the default value $JAVA_HOME as the Java path. If the feild is left blank, the KM uses the Java path installed on the PATROL Agent home directory in the following format: $PATROL_HOME/openjdk or $PATROL_HOME/jre64. For example: Windows - C:\Program Files\Java\jdk-11. |
Enable logging | Select this option to enable logging. The log files are created at %PATROL_HOME%\KDN\logs. By default, this option is disabled. |
After entering all the required details, click OK and Close button and save the policy.
Comments
Would it be possible to get an example of a legal and successful content match?
EG: If I make an A record query to ns1.contoso.com for somehost.contoso.com using a command line tool, I expect to get a response of 12.34.56.78.
If I put 12.34.56.78 into the content-match field, the match fails. If I put *12.34.56.78 into the content match field, the match succeeds. However if I modify the content to read *12.34.56.78.90ABCDEF, the content match STILL succeeds.
Hi,
Once you setup a string to scan and the KM find such occurrences in the DNS query response then the content match parameter report on the value 1 (Not KM) with the exact message on which of the configured string to scan founds within the records.
Based on your example, if the record contains the text "12.34.56.78" and you setup a string to scan as "12.34.56.78" then there suppose to be a match of course.
If that is not the behavior, as explained by you, then please consider to open a BMC ticket and we will investigate it farther.
Thanks,
Yossi
Log in or register to comment.