DNS servers used do not match across cluster members-cisco-asa

DNS servers used do not match across cluster members-cisco-asa
0

DNS servers used do not match across cluster members-cisco-asa

Vendor: cisco

OS: asa

Description:
Indeni will identify when two devices are part of a cluster and alert if the DNS servers they are using are different.

Remediation Steps:
Review the DNS configuration on each device to ensure they match.

How does this work?
This script login into the ASA using SSH and retrieves the DNS servers configuration by using the output of the “show running-config dns” command. The output includes the list of the device’s DNS configured servers.

Why is this important?
This metric shows the list of the configured DNS servers. DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP’s and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.

Without Indeni how would you find this?
An administrator would need to login into the device and use the “show running-config dns” command to identify if the DNS servers are configured.

cisco-asa-dns-servers

name: cisco-asa-dns-servers
description: ASA dns configured servers
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: cisco
    os.name: asa

comments:
  dns-servers:
    why: |
        This metric shows the list of the configured DNS servers. DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP's and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.
    how: |
        This script login into the ASA using SSH and retrieves the DNS servers configuration by using the output of the "show running-config dns" command. The output includes the list of the device's DNS configured servers.
    without-indeni: |
        An administrator would need to login into the device and use the "show running-config dns" command to identify if the DNS servers are configured.
    can-with-snmp: false
    can-with-syslog: false

steps:
-   run:
      type: SSH
      command: show running-config dns
    parse:
      type: AWK
      file: asa-dns-servers.parser.1.awk

cross_vendor_dns_servers_comparison

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class cross_vendor_dns_servers_comparison() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_dns_servers_comparison",
  ruleFriendlyName = "Clustered Devices: DNS servers used do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the DNS servers they are using are different.",
  severity = AlertSeverity.WARN,
  metricName = "dns-servers",
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same DNS servers used. Review the differences below.",
  baseRemediationText = "Review the DNS configuration on each device to ensure they match.")()