Forum Discussion

Kirby_Timm's avatar
9 months ago

Programmatic Ping Alert

We currently lack the ability to white list domain names on our firewall, so I have to do everything via IP.  Recently I’ve come across an issue where a company won’t give me their external IP’s because they can change, or so they say.  For several weeks I’ve pinged the IP’s and it has always been 1 of 4 IPs.  Has anyone created some kind of ping alert that does something like “ping easypost.com and api.easypost.com if the IP’s returned are not in 169.62.110.130-169.62.110.133, alert me”  I’m not much of a programmer myself so I’d need something pretty “plug and play”.

TIA!

  • Anonymous's avatar
    Anonymous
    9 months ago

    plug-n-play, not likely for this use case. 

    It seems like you need to monitor the DNS resolution and update your synthetic check based on the IP that the DNS resolves to. Does that about sum it up?

    If so, this is definitely not going to be something that’s just plug-n-play. You’ll need to write a microservice to monitor the DNS and whenever the resolved IP address changes, hit the LM API to patch the synthetic check to update the IP address. All of this is doable, but depending on your level of comfort, you may want to pursue other avenues (start preaching the we-need-to-be-able-to-whitelist-domains argument).

  • Anonymous's avatar
    Anonymous

    plug-n-play, not likely for this use case. 

    It seems like you need to monitor the DNS resolution and update your synthetic check based on the IP that the DNS resolves to. Does that about sum it up?

    If so, this is definitely not going to be something that’s just plug-n-play. You’ll need to write a microservice to monitor the DNS and whenever the resolved IP address changes, hit the LM API to patch the synthetic check to update the IP address. All of this is doable, but depending on your level of comfort, you may want to pursue other avenues (start preaching the we-need-to-be-able-to-whitelist-domains argument).

  • Anonymous's avatar
    Anonymous

    ChatGPT is your friend.

    Taking this a step further, you could expand this to run every N seconds and update LM when there’s a change. This makes use of my lmwrapper and the SDK to make the code simple. You could run this on one of your collectors assuming python is installed. You’ll need to get the website_id of the website that needs to be updated. This can be found by going to the website in UIv4 (shock!) and getting the URL when the desired website is selected. My URL looks like this:

    /santaba/uiv4/websites/treeNodes#websiteGroups-1*,websiteGroups-60,websiteGroups-174,websites-113

    Where 113 is the ID of the website I am looking at in the UI.

    import socket
    from time import sleep
    from lm import lm

    # this is the number of seconds between checks of the DNS record
    n = 30

    # this is the ID of the website in LM to update
    website_id = 123456789

    # this is the FQDN of the target
    fqdn = "easypost.com"

    existing_ip = ""
    # start an infinite loop (Ctrl+C to exit)
    while True:

    # resolve the DNS name to IP
    try: current_ip = socket.gethostbyname(fqdn)
    # do this if there's an issue resolving the DNS
    except socket.gaierror as e: print(f"Error resolving the DNS for {fqdn}: {e}")

    # if the IP we got during the last cycle is different from the IP we got on the previous line, we need to update LM
    if existing_ip != current_ip:

    # update LM
    response = lm.patch_website_by_id(website_id, {"host": current_ip})

    # as long as the update was successful, remember the new IP as the current IP
    if response: existing_ip = current_ip
    # what to do if there's an error updating LM
    else: print("There was an error updating the website.")

    # wait N seconds before doing it all again
    sleep(n)

    That’s about as plug and play as you’re going to get.

  • Yeah, already preaching the “we need a new firewall” and it should be happening this year.  I was just hoping for something I might be able to do in the meantime.  My programming skills consist of 
    10 print “hello”
    20 goto 10
    So not likely to be something I’ll be programming anytime soon.  Oh well.  Thanks for the reply!

  • Kirby_Timm   Most functional programming isn't much more complicated than that.  data in... evaluate... do something with it... data out.  I have a post here from a couple of months ago that addresses learning Powershell... but the five elements in the articles are universal to everything from Assembly through to Applescript.  Input (get or ##LM Properties##), output (write or print), storage (variables), loops (for, foreach, while), decisions (if... then)... everything else is fluff and you won't tend to use it for 90% of what you need to write... and you won't need to use all five for that 90% either.

    For this one, setting a property with the expected address space can be pulled into the script using the property variables ##property.name.here##.  In a dataSource, that can be compared against the  returned address... and if it matches, return a 1... if not, a 0.  That can then be set as a threshold to raise an alert.

    Or... in a configSource, the change is a built in alert evaluation.  Have the 'Source grab the info, then write it as the text/string output for the config.