[SURBL-Zones] Lowering TTLs Mike Atkinson mikea at kconline.com Mon Aug 16 12:00:12 CEST 2004 Ok, first, rbldnsd needs some command line flags to cause it to dump some stats to a file. Normally the stats are logged at the same interval that the daemon checks for zone file updates and the stats are cumulative rather than per interval. So I inserted the following into my startup command line for rbldnsd: -c 300 -s +rbldnsd.stat ('-c 300' sets the zone file update check and therefore the logging interval to 300 seconds. '-s +rbldnsd.stat' is the name of the log file that will be created in the rbldnsd directory, it won't take a path for some reason; the + at the beginning of the file name causes the output to be since the last output rather than cumulative since the program started.) Some perl that could be more elegant to parse out the numbers we want; named 'rbldnsdstat.pl': --------- #!/usr/bin/perl #Put the location your RBLDNSD stats file next $logfile = "/usr/local/etc/rbldnsd/rbldnsd.stat"; if (!@ARGV[0]) { print "nUsage: rbldnsdstat.pl number_of_list_to_parsen"; exit(1); } $rbl_list = @ARGV[0]; # Some systems might need the full path for 'tail $line = `tail -1 $logfile`; @rbldnsd_data = split(/:/,$line); #Get the data for the 1st list, or 2nd list, etc. if ($rbl_list eq 1) { print "@rbldnsd_data[2]n at rbldnsd_data[1]n"; } elsif ($rbl_list eq 2) { print "@rbldnsd_data[7]n at rbldnsd_data[6]n"; } elsif ($rbl_list eq 3) { print "@rbldnsd_data[12]n at rbldnsd_data[11]n"; } elsif ($rbl_list eq 4) { print "@rbldnsd_data[17]n at rbldnsd_data[16]n"; } elsif ($rbl_list eq 5) { print "@rbldnsd_data[22]n at rbldnsd_data[21]n"; } elsif ($rbl_list eq 6) { print "@rbldnsd_data[27]n at rbldnsd_data[26]n"; } elsif ($rbl_list eq 7) { print "@rbldnsd_data[32]n at rbldnsd_data[31]n"; } elsif ($rbl_list eq 8) { print "@rbldnsd_data[37]n at rbldnsd_data[36]n"; } elsif ($rbl_list eq 9) { print "@rbldnsd_data[42]n at rbldnsd_data[41]n"; } elsif ($rbl_list eq 10) { print "@rbldnsd_data[47]n at rbldnsd_data[46]n"; } else { print "nInput argument out of range..n"; print "Edit the script if more than 9 (plus totals) lists to check...nn"; } exit(0); ---- ----- The MRTG conf file (The stats will be in the stats file in the same order that you have them listed in your startup command line with the overall totals being the last listing. You will have to edit the following Target, Titel, PageTop to match the names of the rbldns lists as you have them configured in your setup): ---- ----- ### Global Config Options # for UNIX WorkDir: /www/rbldnsd ### Global Defaults options[_]: gauge,growright,integer,noinfo,nopercent,nolegend,dorelpercent RunAsDaemon: Yes Interval: 5 # WithPeak[_]: ymw PageTop[^]: YLegend[_]:RBLDNSD Queries ShortLegend[_]:Queries / 5 Minute LegendI[_]:Positive: LegendO[_]:All Reqs: ##################### Target[ws.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 1` # The MaxBytes value is extra big to avoid problems.. MaxBytes[ws.surbl.org]: 4800000 Title[ws.surbl.org]: RBLDNSD - ws.surbl.org PageTop[ws.surbl.org]: ws.surbl.org dns requests
##################### Target[sc.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 2` MaxBytes[sc.surbl.org]: 4800000 Title[sc.surbl.org]: RBLDNSD - sc.surbl.org PageTop[sc.surbl.org]:sc.surbl.org dns requests
##################### Target[be.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 3` MaxBytes[be.surbl.org]: 4800000 Title[be.surbl.org]: RBLDNSD - be.surbl.org PageTop[be.surbl.org]:be.surbl.org dns requests
##################### Target[ob.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 4` MaxBytes[ob.surbl.org]: 4800000 Title[ob.surbl.org]: RBLDNSD - ob.surbl.org PageTop[ob.surbl.org]:ob.surbl.org dns requests
##################### Target[ab.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 5` MaxBytes[ab.surbl.org]: 4800000 Title[ab.surbl.org]: RBLDNSD - ab.surbl.org PageTop[ab.surbl.org]:ab.surbl.org dns requests
##################### Target[multi.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 6` MaxBytes[multi.surbl.org]: 4800000 Title[multi.surbl.org]: RBLDNSD - multi.surbl.org PageTop[multi.surbl.org]:multi.surbl.org dns requests
##################### Target[kc-cbl.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 7` MaxBytes[kc-cbl.surbl.org]: 4800000 Title[kc-cbl.surbl.org]: RBLDNSD - kc-cbl.surbl.org PageTop[kc-cbl.surbl.org]:kc-cbl.surbl.org dns requests
##################### Target[total.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 8` MaxBytes[total.surbl.org]: 4800000 Title[total.surbl.org]: RBLDNSD - total.surbl.org PageTop[total.surbl.org]:total.surbl.org dns requests
--------- -- Mike Atkinson - mikea at kconline.com
Data Feed Request
Our Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.
The main data set is available in different formats:
Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.
For more information, please contact your reseller or see the references in Links.
Sign up for Data Feed Access.
Sign up for data feed access
Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for Data Feed Access.
Supported Applications
Learn more ...