-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
71 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // network_observability/observing-network-traffic.adoc | ||
|
|
||
| :_content-type: CONCEPT | ||
| [id="network-observability-dns-overview_{context}"] | ||
| = DNS tracking | ||
| You can configure graphical representation of Domain Name System (DNS) tracking of network flows in the *Overview* view. Using DNS tracking with extended Berkeley Packet Filter (eBPF) tracepoint hooks can serve various purposes: | ||
|
|
||
| * Network Monitoring: Gain insights into DNS queries and responses, helping network administrators identify unusual patterns, potential bottlenecks, or performance issues. | ||
| * Security Analysis: Detect suspicious DNS activities, such as domain name generation algorithms (DGA) used by malware, or identify unauthorized DNS resolutions that might indicate a security breach. | ||
| * Troubleshooting: Debug DNS-related issues by tracing DNS resolution steps, tracking latency, and identifying misconfigurations. | ||
| When DNS tracking is enabled, you can see the following metrics represented in a chart in the *Overview*. See the _Additional Resources_ in this section for more information about enabling and working with this view. | ||
|
|
||
| * Top 5 average DNS latencies | ||
| * Top 5 DNS response code | ||
| * Top 5 DNS response code stacked with total | ||
| This feature is supported for IPv4 and IPv6 UDP protocol. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // network_observability/observing-network-traffic.adoc | ||
|
|
||
| :_content-type: PROCEDURE | ||
| [id="network-observability-dns-tracking_{context}"] | ||
| = Working with DNS tracking | ||
| Using DNS tracking, you can monitor your network, conduct security analysis, and troubleshoot DNS issues. You can track DNS by editing the `FlowCollector` to the specifications in the following YAML example. | ||
| + | ||
| [IMPORTANT] | ||
| ==== | ||
| CPU and memory usage increases are observed in the eBPF agent when this feature is enabled. | ||
| ==== | ||
| .Procedure | ||
| . In the web console, navigate to *Operators* -> *Installed Operators*. | ||
| . Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. | ||
| . Select *cluster* then select the *YAML* tab. | ||
| . Configure the `FlowCollector` custom resource. A sample configuration is as follows: | ||
| + | ||
| [id="network-observability-flowcollector-configuring-dns_{context}"] | ||
| .Configure `FlowCollector` for DNS tracking | ||
| [source, yaml] | ||
| ---- | ||
| apiVersion: flows.netobserv.io/v1alpha1 | ||
| kind: FlowCollector | ||
| metadata: | ||
| name: cluster | ||
| namespace: netobserv | ||
| deploymentModel: DIRECT | ||
| agent: | ||
| type: EBPF | ||
| ebpf: | ||
| features: | ||
| - DNSTracking <1> | ||
| privileged: true <2> | ||
| ---- | ||
| <1> You can set the `spec.agent.ebpf.features` parameter list to enable DNS tracking of each network flow in the web console. | ||
| <2> Note that the `spec.agent.ebpf.privileged` specification value must be `true` for packet drop tracking to be enabled. | ||
|
|
||
| . When you refresh the *Network Traffic* page, there are new DNS representations you can choose to view in the *Overview* and *Traffic Flow* views and new filters you can apply. | ||
| .. Select new DNS choices in *Manage panels* to display graphical visualizations and DNS metrics in the *Overview*. | ||
| .. Select new choices in *Manage columns* to add DNS columns to the *Traffic Flows* view. | ||
| .. Filter on specific DNS metrics, such as *DNS Id*, *DNS Latency* and *DNS Response Code*, and see more information from the side panel. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters