Repository
Munin (master)
Last change
2018-08-17
Graph Categories
Family
contrib
Language
Shell
License
GPL-2.0-only
Authors

named

Name

named - Plugin to monitor named statistics

About

This is a bit experimental, we will have to see which statistics prove to have any meaning to get a feel with what happens on the nameserver.

Usage

In your named.conf you must have statistics-interval set:

options {
   ...
   statistics-interval 1;
   ...
};

The number is in minutes. At each interval just 3 lines is dumped. It can be desturbing if you usually read the logs yourself, but a 1 minute interval ensures very updated information to munin. 5 minutes is the maximum I’d say.

The name of the file where syslog puts daemon output - ie the named statistics output. On solaris this is /var/adm/messages, on most linuxes it is /var/log/messages. But on Debian it is /var/log/daemon.log which is read restricted so we have to run as a group or user with read rights, or remove the restrictions on the log file.

Configuration

Configuration parameters for /etc/munin/named, if you need to override the defaults below:

[named]
 env.logfile   - set which log file to use

To ensure read access to the log files, you will need to add something like:

[named]
 group adm

Default Configuration

[named]
 env.logfile /var/adm/messages or /var/log/daemon.log

Author

Nicolai Langfeldt (janl@linpro.no) 27.8.2003

License

GPLv2

Magic Markers

#%# family=contrib

#!/bin/sh

: << =cut

=head1 NAME

named - Plugin to monitor named statistics

=head1 ABOUT

This is a bit experimental, we will have to see which statistics prove to have
any meaning to get a feel with what happens on the nameserver.

=head1 USAGE

In your named.conf you must have statistics-interval set:

 options {
    ...
    statistics-interval 1;
    ...
 };

The number is in minutes.  At each interval just 3 lines is dumped.  It can be
desturbing if you usually read the logs yourself, but a 1 minute interval
ensures very updated information to munin.  5 minutes is the maximum I'd say.

The name of the file where syslog puts daemon output - ie the named statistics
output.  On solaris this is /var/adm/messages, on most linuxes it is
/var/log/messages.  But on Debian it is /var/log/daemon.log which is read
restricted so we have to run as a group or user with read rights, or remove the
restrictions on the log file.

=head1 CONFIGURATION

Configuration parameters for /etc/munin/named,
if you need to override the defaults below:

 [named]
  env.logfile   - set which log file to use

To ensure read access to the log files, you will need to add something like:

 [named]
  group adm

=head2 DEFAULT CONFIGURATION

 [named]
  env.logfile /var/adm/messages or /var/log/daemon.log

=head1 AUTHOR

Nicolai Langfeldt (janl@linpro.no) 27.8.2003

=head1 LICENSE

GPLv2

=head1 MAGIC MARKERS

=begin comment

These magic markers are used by munin-node-configure when installing
munin-node.

=end comment

 #%# family=contrib

=cut


if [ -n "${logfile:-}" ]; then
    SYSLOGFILE=$logfile
else
    if [ -f /var/adm/messages ]; then
        SYSLOGFILE=/var/adm/messages
    else
        SYSLOGFILE=/var/log/daemon.log
    fi
fi

# ----------------------------------------------------------------------

pick_stat () {
    ret=$(echo "$2" | sed 's/.* *'"$1"'=\([0-9]*\).*/\1/')
    if [ ! "$ret" ]; then
        echo 0
    else
        echo "$ret"
    fi
}

do_stats () {

    if [ ! -f "$SYSLOGFILE" ]; then
        echo "$SYSLOGFILE is unavailable to me" >&2
        exit 1
    fi

    # Get out the last XSTATS and NSTATS lines
    XSTATS=$(grep 'named.*XSTATS' "$SYSLOGFILE" | tail -1)
    # NSTATS=$(grep 'named.*NSTATS' "$SYSLOGFILE" | tail -1)

    # We concentrate on what clients communicate with us about
    # and counters that we suspect can indicate abuse or error conditions

    # Received Queries: Total volume of queries received.
    # This should be nice and smooth.
    echo "queries.value $(pick_stat RQ "$XSTATS")"

    # Sent Answers: This should be the same as RQ except when there are
    # errors.  May not be very interesting.
    echo "answers.value $(pick_stat SAns "$XSTATS")"

    # Sent and Forwarded queries, in a proxy setting this should be
    # the same as Received Queries (?)
    echo "forwarded.value $(pick_stat SFwdQ "$XSTATS")"

    # Received Zone Transfer queries - should be low.  High value could
    # indicate some odd error or some kind of abuse
    echo "axfr.value $(pick_stat RAXFR "$XSTATS")"  # Received AXFR Qs

    # Received TCP connections: These are used for zone transfers or
    # oversized (>512 byte) answers.  A high value here could indicate
    # that you need to trim down the size of your answers somehow (Do you
    # have a ton of MXes or NSes that gets reported back?), or this could
    # be due to an error.  Or it could be due to abuse.
    echo "tcp.value $(pick_stat RTCP "$XSTATS")"

    # Get a total of errors
    local error_value
    error_value=$(( $(pick_stat RNXD "$XSTATS")
                   + $(pick_stat RFail "$XSTATS")
                   + $(pick_stat RErr "$XSTATS")
                   + $(pick_stat SErr "$XSTATS")
                   + $(pick_stat RIQ "$XSTATS")
                   + $(pick_stat RFErr "$XSTATS") ))
    echo "errors.value $error_value"
}

case $1 in
    config)
        cat <<'EOF'
graph_title BIND DNS Query statistics
graph_vlabel Queries / ${graph_period}
graph_category dns
graph_scale no
queries.label Queries
queries.type DERIVE
queries.min 0
answers.label Answers
answers.type DERIVE
answers.min 0
forwarded.label Forwarded
forwarded.type DERIVE
forwarded.min 0
axfr.label AXFRs
axfr.type DERIVE
axfr.min 0
tcp.label Qs by TCP
tcp.type DERIVE
tcp.min 0
errors.label Errors
errors.type DERIVE
errors.min 0
EOF
        exit 0
        ;;
esac

do_stats