Accumuli Security DNS and DHCP Activity Monitor (DDAM) enables network administrators to gain visibility of core DDI (DNS, DHCP & IP Address Management) network services by efficiently collecting DNS and DHCP activity and presenting the information within an intuitive web-based user interface. A number of built-in reports provide details such as the busiest DNS or DHCP clients, the most common DNS lookups, and DNS or DHCP server throughput. Especially useful are the garbage collection reports; a series of reports that identify which DNS resource records within a zone file are NOT being queried, or which DHCP scopes within a DHCP configuration are not being used. These will help administrators identify junk that can be removed from the DNS/DHCP configurations, thus improving efficiency. Reports can be run on-demand or scheduled to run at regular intervals (e.g. produce a report at 8am every Monday morning listing the most common DNS lookup the previous week). Recent DNS and DHCP activity can be searched within the GUI to help troubleshoot specific issues, and alerts can be configured that are triggered whenever a certain condition is met, i.e. a specific DNS query is seen (e.g. version.bind), or the DNS/DHCP packet rate increases by an abnormal amount (eg. DDoS attack). DNS and DHCP activity can be archived for long periods by regularly uploading the collected data to a FTP/SFTP server. Additionally the data can be formatted so that it can be uploaded into a 3rd party solution, such as a SIEM (Security Information and Event Management) product in order to complement other network related information. By utilising a mixture of agent-based and agent-less technologies, DDAM is compatible with all major DDI platforms. For example, server based DDI solutions running Unix/Linux/Windows and n3k runIP appliances benefit from the ability to support an agent that performs protocol capture, thus requiring no further configuration of the DDI services. Appliance based platforms, such as Infoblox, can be supported by configuring syslog to redirect messages to a DDAM collector. BIND DNS servers can then be configured to send querylogs via syslog and ISC DHCP servers will send output to syslog by default. DDAM supports syslog collection over both UDP and TCP protocols to support the highest throughput available with no dropped packets.
Free to try
Windows Server 2008