core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Allow Exporting Unbound DNS Reporting

Open FieldofClay opened this issue 1 year ago • 2 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

Currently, there is no method to export the detailed Unbound reporting data from OPNsense to external services like Splunk or Grafana for more advanced analysis and reporting.

Describe the solution you like

Dumping the contents of Reporting: Unbound DNS>Details to syslog would be a suitable solution. Alternatively being able to query it via the API could also work.

Describe alternatives you considered

There doesn't appear to be any method to extract the contents that are captured for the reporting pages. The current Unbound logging does not include all of the details provided by the reporting page (eg action, blocklist), nor does it seem like this can be configured.

Additional context

FieldofClay avatar Mar 14 '24 06:03 FieldofClay

There is /api/unbound/overview/searchQueries/. The optional parameters are https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/OverviewController.php#L91-L93

The controller does put a limit of 1000 on the amount of queries to return (https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/OverviewController.php#L102).

swhite2 avatar Mar 23 '24 13:03 swhite2

Thanks for that. I must've overlooked that endpoint when I was browsing the API. While being able to dump it into syslog as it's generated would be a nice to have, I can get what I need from the API.

FieldofClay avatar Apr 02 '24 03:04 FieldofClay

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Sep 10 '24 04:09 OPNsense-bot