Splunk DB Connector 3 + MySQL driver

Vadim

Splunk DB Connector 2 install on ubuntu + mysql connector

http://docs.splunk.com/Documentation/DBX/2.2.0/DeployDBX/Checklist

Vadim

OSX local dictionary

OSX local dictionary is located in this file:
~/Library/Spelling/LocalDictionary

So if you by mistake added some misspelled word you can delete it from this file.
Vadim

RPZ qname-wait-recurse no

No DNS records are needed for a QNAME or Client-IP trigger. The name or IP address itself is sufficient, so in principle the query name need not be recursively resolved. However, not resolving the requested name can leak the fact that response policy rewriting is in use and that the name is listed in a policy zone to operators of servers for listed names. To prevent that information leak, by default any recursion needed for a request is done before any policy triggers are considered. Because listed domains often have slow authoritative servers, this default behavior can cost significant time. The qname-wait-recurse no option overrides that default behavior when recursion cannot change a non-error response. The option does not affect QNAME or client-IP triggers in policy zones listed after other zones containing IP, NSIP and NSDNAME triggers, because those may depend on the A, AAAA, and NS records that would be found during recursive resolution. It also does not affect DNSSEC requests (DO=1) unless break-dnssec yes is in use, because the response would depend on whether or not RRSIG records were found during resolution. Using this option can cause error responses such as SERVFAIL to appear to be rewritten, since no recursion is being done to discover problems at the authoritative server.

https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/Bv9ARM.ch06.html

wkhtmltopdf vs maximum pages

wkhtmltopdf use 2 file descriptor per page (one each for header and footer) which are required for generating the per-page custom variables.
By default Linux allows users to open up to 1024 files. So in case if your document contains more than 512 pages you have to change this limit up to a higher value.
In Ubuntu you can change the parameter (no files) in /etc/security/limits.conf. Just add these lines to the file.

Vadim

Infoblox Reporting. DNS Top RPZ Hits with Discovered Name.

This is a custom version of “DNS Top RPZ Hits” report with added Discovered Name/Network View fields and removed Time field.

Continue reading ‘Infoblox Reporting. DNS Top RPZ Hits with Discovered Name.’ »

Infoblox Reporting. IPAM Statistic Used/Unused IPs per a subnet

This simple search shows IPAM network usage statistic.

Continue reading ‘Infoblox Reporting. IPAM Statistic Used/Unused IPs per a subnet’ »

Infoblox Reporting. IPAM Discovered Device History by Network

 This is a custom version of this dashboard. I’ve added networks filter. The query for the filter is not an optimal in terms of performance but anyway will work good for small IPAM databases.

Continue reading ‘Infoblox Reporting. IPAM Discovered Device History by Network’ »

Infoblox Reporting. Inactive MAC Addresses

This report is a custom version of “Inactive IP Addresses” report and provide information about MAC addresses that were not connected to a network for a while.

Continue reading ‘Infoblox Reporting. Inactive MAC Addresses’ »

How to determine Splunk version

This search shows Splunk’s version.

Vadim