Forum Discussion

SM-Fuj's avatar
2 months ago

Is there a way for LM to monitor and alert on Blacklist public IPs?

Looking to alert on when a mailing public IP or domain is blacklisted. Currently using online tools to facilitate this.

2 Replies

  • Man, I had a reply all written out and clicked save right after the community went RO for the migration. Oh well.

    You have a list of IPs/FQDNs that you want to check to see if they are blacklisted. Each IP/FQDN would be an instance and its presence/absence on the blacklist is your datapoint. 

    This means you need a multi-instance datasource. You create those instances one of two ways, manually or automatically. Why would anyone want to do it manually? So, here's how you'd do it automatically:

    First you need to store your list of FQDNs in LM. Do this on a property on the device where you want this data to show up. You could do it on one of your collectors or you could do it on a new resource with IP="" and display name="MX Toolbox". Create a property containing the list of FQDNs, separated by commas. It might look like this:

    blacklist_check_subjects =,,

    To make things a little prettier, it might be good to add display names to each one of these. We'll do that by prepending the FQDN with the display name and separating the display name from the FQDN with a pipe character like this:

    blacklist_check_subjects = Google|,Bing|,LM|

    Now we're ready to get the DS started.

    1. Start your datasource in Settings >> LogicModules >> DataSources >> Add >> Datasource.
    2. Make the applies to "blacklist_check_subjects" (or whatever name you decide to use for the name of the property.
    3. Select "script or batchscript" (I'll explain which in a second). 
    4. Check "Multi-instance?"
    5. Check "Use Wildvalue as Unique Identifier" (LM should make this the default)
    6. Check the "Enable Active Discovery"
    7. The write a script like this:
      hostProps.get("blacklist_check_subjects").tokenize(",").each{subject ->
        (wildalias,wildvalue) = subject.tokenize("|")
      return 0

       This script takes the value of the property, splits it along the commas and prints out the wildvalue and wildalias of each subject, splitting those by the pipe character.

    8. Now you'll have discovery done. The next bit depends on how you'll get the data from MXToolbox. 
      1. If MXToolbox has a way of requesting the status of multiple FQDNs at once, you should use batchscript. You'll write a script to make this one call and return all the data at once.
      2. If MXToolbox forces you to make one call per FQDN you want to test, you should use script. You'll write a script that makes one call per FQDN. You'll pull the current FQDN into your script using fqdn = instanceProps.get("wildvalue")

    Since the rest of the task relies on how MXToolbox allows you to query the data, I'll stop there until you need more help.

  • Which online tool?

    The first thing to consider is how you would get at this data programmatically. Does your online tool have an API? Do you have access to that API? 

    Are you looking to see if certain IPs or domains exist in a larger list?