[SURBL-Zones] Lowering TTLs
Mike Atkinson mikea at kconline.com
Mon Aug 16 12:00:12 CEST 2004
Ok, first, rbldnsd needs some command line flags to cause it to dump
some stats to a file. Normally the stats are logged at the same
interval that the daemon checks for zone file updates and the stats are
cumulative rather than per interval. So I inserted the following into
my startup command line for rbldnsd:
-c 300 -s +rbldnsd.stat
('-c 300' sets the zone file update check and therefore the logging
interval to 300 seconds. '-s +rbldnsd.stat' is the name of the log file
that will be created in the rbldnsd directory, it won't take a path for
some reason; the + at the beginning of the file name causes the output
to be since the last output rather than cumulative since the program
started.)
Some perl that could be more elegant to parse out the numbers we
want; named 'rbldnsdstat.pl':
---------
#!/usr/bin/perl
#Put the location your RBLDNSD stats file next
$logfile = "/usr/local/etc/rbldnsd/rbldnsd.stat";
if (!@ARGV[0])
{
print "nUsage: rbldnsdstat.pl number_of_list_to_parsen";
exit(1);
}
$rbl_list = @ARGV[0];
# Some systems might need the full path for 'tail
$line = `tail -1 $logfile`;
@rbldnsd_data = split(/:/,$line);
#Get the data for the 1st list, or 2nd list, etc.
if ($rbl_list eq 1)
{
print "@rbldnsd_data[2]n at rbldnsd_data[1]n";
}
elsif ($rbl_list eq 2)
{
print "@rbldnsd_data[7]n at rbldnsd_data[6]n";
}
elsif ($rbl_list eq 3)
{
print "@rbldnsd_data[12]n at rbldnsd_data[11]n";
}
elsif ($rbl_list eq 4)
{
print "@rbldnsd_data[17]n at rbldnsd_data[16]n";
}
elsif ($rbl_list eq 5)
{
print "@rbldnsd_data[22]n at rbldnsd_data[21]n";
}
elsif ($rbl_list eq 6)
{
print "@rbldnsd_data[27]n at rbldnsd_data[26]n";
}
elsif ($rbl_list eq 7)
{
print "@rbldnsd_data[32]n at rbldnsd_data[31]n";
}
elsif ($rbl_list eq 8)
{
print "@rbldnsd_data[37]n at rbldnsd_data[36]n";
}
elsif ($rbl_list eq 9)
{
print "@rbldnsd_data[42]n at rbldnsd_data[41]n";
}
elsif ($rbl_list eq 10)
{
print "@rbldnsd_data[47]n at rbldnsd_data[46]n";
}
else
{
print "nInput argument out of range..n";
print "Edit the script if more than 9 (plus totals) lists to check...nn";
}
exit(0);
---------
The MRTG conf file (The stats will be in the stats file in the same
order that you have them listed in your startup command line with the
overall totals being the last listing. You will have to edit the
following Target, Titel, PageTop to match the names of the rbldns lists
as you have them configured in your setup):
---------
### Global Config Options
# for UNIX
WorkDir: /www/rbldnsd
### Global Defaults
options[_]: gauge,growright,integer,noinfo,nopercent,nolegend,dorelpercent
RunAsDaemon: Yes
Interval: 5
# WithPeak[_]: ymw
PageTop[^]:
YLegend[_]:RBLDNSD Queries
ShortLegend[_]:Queries / 5 Minute
LegendI[_]:Positive:
LegendO[_]:All Reqs:
#####################
Target[ws.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 1`
# The MaxBytes value is extra big to avoid problems..
MaxBytes[ws.surbl.org]: 4800000
Title[ws.surbl.org]: RBLDNSD - ws.surbl.org
PageTop[ws.surbl.org]:
ws.surbl.org dns requests
#####################
Target[sc.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 2`
MaxBytes[sc.surbl.org]: 4800000
Title[sc.surbl.org]: RBLDNSD - sc.surbl.org
PageTop[sc.surbl.org]:
sc.surbl.org dns requests
#####################
Target[be.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 3`
MaxBytes[be.surbl.org]: 4800000
Title[be.surbl.org]: RBLDNSD - be.surbl.org
PageTop[be.surbl.org]:
be.surbl.org dns requests
#####################
Target[ob.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 4`
MaxBytes[ob.surbl.org]: 4800000
Title[ob.surbl.org]: RBLDNSD - ob.surbl.org
PageTop[ob.surbl.org]:
ob.surbl.org dns requests
#####################
Target[ab.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 5`
MaxBytes[ab.surbl.org]: 4800000
Title[ab.surbl.org]: RBLDNSD - ab.surbl.org
PageTop[ab.surbl.org]:
ab.surbl.org dns requests
#####################
Target[multi.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 6`
MaxBytes[multi.surbl.org]: 4800000
Title[multi.surbl.org]: RBLDNSD - multi.surbl.org
PageTop[multi.surbl.org]:
multi.surbl.org dns requests
#####################
Target[kc-cbl.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 7`
MaxBytes[kc-cbl.surbl.org]: 4800000
Title[kc-cbl.surbl.org]: RBLDNSD - kc-cbl.surbl.org
PageTop[kc-cbl.surbl.org]:
kc-cbl.surbl.org dns requests
#####################
Target[total.surbl.org]: `perl /etc/mrtg/rbldnsdstat.pl 8`
MaxBytes[total.surbl.org]: 4800000
Title[total.surbl.org]: RBLDNSD - total.surbl.org
PageTop[total.surbl.org]:
total.surbl.org dns requests
---------
--
Mike Atkinson - mikea at kconline.com
SURBL Data Feed Request
SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.
The main data set is available in different formats:
Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.
For more information, please contact your SURBL reseller or see the references in Links.
Sign up for SURBL Data Feed Access.
Sign up for data feed access
Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.
Applications supporting SURBL
Learn about SURBL lists