DNS server response time slow-bluecoat-sgos

error
health-checks
sgos
bluecoat
DNS server response time slow-bluecoat-sgos
0
#1

DNS server response time slow-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
indeni will trigger an issue when a DNS server takes too long to respond.

Remediation Steps:
Identify any network and server issues which may be causing this.

How does this work?
Indeni logs on to the device and executes the command “show health-checks statistics”.

Why is this important?
Slow DNS lookups could impact production traffic negatively by causing delays for client requests.

Without Indeni how would you find this?
An administrator could login and manually run the command.

bluecoat-show-health-checks-statistics

#! META
name: bluecoat-show-health-checks-statistics
description: Get DNS servers states and response times
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: "bluecoat"
    os.name: "sgos"

#! COMMENTS
dns-server-state:
    why: |
        Even though DNS servers are configured, that does not guarantee that they work. Many products require a fully functional DNS server being set.
    how: |
        Using the built-in "dig" command, each configured DNS server on the device is sent a query to resolve www.indeni.com
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

dns-response-time:
    why: |
        Slow DNS lookups could impact production traffic negatively by causing delays for client requests.
    how: |
        Indeni logs on to the device and executes the command "show health-checks statistics".
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

dns-average-response-time:
    skip-documentation: true

bluecoat-process-state:
    why: |
        The ProxySG device is integrating with a variety of different services like ICAP and DTTR. It is important to monitor the current state of the services, otherwise the organization might suffer from security risks and unavailability of external resources.
    how: |
        Indeni logs in over SSH and executes "show health-checks statistics".  The output includes the current state of each service.
    without-indeni: |
        Login via HTTPS (Port 8082) to the Bluecoat ProxySG and go to the menu Statistics> Health Checks and review the state of each service.
    can-with-snmp: false
    can-with-syslog: true

identity-integration-connection-state:
    why: |
        It is important to make sure that the connectivity between the ProxySG and the authentication servers is up and running.
    how: |
        Indeni logs in over SSH and executes "show health-checks statistics".  The output includes the current state of each service.
    without-indeni: |
        Login via HTTPS (Port 8082) to the Bluecoat ProxySG and go to the menu Statistics -> Health Checks and review the state of the authentication services.
    can-with-snmp: false
    can-with-syslog: true

auth-response-time:
    why: |
        Slow authentication connectivity could impact production traffic negatively by causing delays for authenticated client requests.
    how: |
        Indeni logs on to the device and executes the command "show health-checks statistics".
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

auth-average-response-time
    skip-documentation: true

#! REMOTE::SSH
show health-checks statistics

#! PARSER::AWK

# This script collects metrics for the configured and enabled dns servers.

# DNS servers can be in an unknown state until the tests has finished.
# In these cases the state of the server is still used to avoid flapping alerts.

# Examples of the states that the script handles:
#    Enabled     Unknown         UP
#    Enabled     OK      UP
#    Enabled     Check failed    DOWN

# Disabled DNS servers are skipped.

#Authentication
#DNS Server
#External Services
#Content analysis services
#Forwarding
/^[^\s]/{
    check_type = $0
}

#  dns.1.1.1.1
/\s+dns\./ && check_type == "DNS Server" {

    ip = $1
    sub(/^.+?\./, "", ip)

    # This variable is used to indicate if the DNS server in question is in use
    # If it isn't the script won't write response time metrics to avoid false positives.
    dns_server_status = 0

    next

}


#DNS Server
/^\s+Enabled.+(DOWN|UP)$/ && check_type == "DNS Server" {


    if ($NF == "UP") {
        dns_server_status = 1
    }

    state_tags["name"] = ip
    writeDoubleMetricWithLiveConfig("dns-server-state", state_tags, "gauge", 300, dns_server_status, "DNS Servers - State", "state", "name")

    next

}

#    Last response time: 150256 ms       Average response time: 150252 ms
/^\s+Last response time: [0-9]+ ms/ && check_type == "DNS Server" {

    if (dns_server_status == 1) {
        dns_response_time_tags["dns-server"] = ip
        writeDoubleMetric("dns-response-time", dns_response_time_tags, "gauge", 300, $4)
        writeDoubleMetricWithLiveConfig("dns-average-response-time", dns_response_time_tags, "gauge", 300, $4, "DNS Servers - Average Response Time", "number", "dns-server")
    }

    next

}



#Checks the status of the ICAP services:
#  icap.proxyav
#    Enabled     OK      UP

/^\s+icap\.[^\s]+$/ && check_type == "Content analysis services" {

    icap_name = $1
    sub(/icap\./, "", icap_name)
    icap_tags["name"] = icap_name
    icap_tags["process-name"] = "icap-service"
    icap_tags["command"] = "show health-checks statistics"
    icap_tags["description"] = "ICAP Traffic might drop or not be fully monitored"

    next
}

#    Enabled     OK      UP
/^\s+(Enabled|Disabled)\s+/ && check_type == "Content analysis services" {
    status = $2

    if (status == "OK") {
        icap_service_status = 1
    } else {
        icap_service_status = 0
    }

    writeDoubleMetricWithLiveConfig("bluecoat-process-state", icap_tags, "gauge", 300, icap_service_status, "ICAP Services - State", "state", "name")
    next
}


#Checks the status of the drtr service:
#External Services
#  drtr.rating_service
/^\s+drtr\.[^\s]+$/ && check_type == "External Services" {

    extsrv_name = $1
    extsrv_tags["process-name"] = "external-rating-service"
    extsrv_tags["command"] = "show health-checks statistics"
    extsrv_tags["description"] = "The Dynamic Real Time Rating might not work"

    next
}

#      IP address: 185.2.196.215                 Enabled         Check failed    DOWN
#      IP address: 185.2.196.215           Enabled         OK      UP
/^\s+(IP)\s+address:\s+/ && check_type == "External Services" {
    status = $5
    extsrv_ipaddr = $3
    extsrv_tags["ip"] = extsrv_ipaddr
    extsrv_tags["name"] = extsrv_name " " extsrv_ipaddr
    if (status == "OK") {
        extsrv_service_status = 1
    } else {
        extsrv_service_status = 0
    }

    writeDoubleMetricWithLiveConfig("bluecoat-process-state", extsrv_tags, "gauge", 300, extsrv_service_status, "External Services - State", "state", "name")
    next
}


#Authentication
#  auth.auth

/^\s+auth\.[^\s]+$/ && check_type == "Authentication" {

    auth_name = $1
    sub(/auth\./, "", auth_name)
    auth_tags["name"] = auth_name

    next
}

#    Enabled     OK      UP
/^\s+(Enabled|Disabled)\s+/ && check_type == "Authentication" {
    status = $2

    if (status == "OK") {
        auth_service_status = 1
    } else {
        auth_service_status = 0
    }

    writeDoubleMetricWithLiveConfig("identity-integration-connection-state", auth_tags, "gauge", 300, auth_service_status, "Authentication Server - State", "state", "name")
    next

}

#    Last response time: 40 ms   Average response time: 53 ms
/^\s+Last response time: [0-9]+ ms/ && check_type == "Authentication" {
    auth_response_time_tags["auth-server"] = auth_name
    writeDoubleMetric("auth-response-time", auth_response_time_tags, "gauge", 300, $4)
    writeDoubleMetricWithLiveConfig("auth-average-response-time", auth_response_time_tags, "gauge", 300, $4, "Authentication Servers - Average Response Time", "number", "auth-server")
}

cross_vendor_dns_server_response_time

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/sync_core_rules/DnsServerTooSlowRule.scala
pinned #2