Back to Community Threads
Clickable IP look-up links in IDS reports
Idea shared by AWRData - 9/25/2024 at 9:28 PM
Proposed
I find it helpful when troubleshooting customer connection issues to perform a "whois" look-up on IP addresses in the IDS.  Many times, this process has helped determine that a customer's device has triggered account lock-out for bad passwords, among other problems.

In SmarterMail's IDS reports, a clickable link, or just a link which can be copied, to look up an IP address would be of the form

http://whois.arin.net/ui/query.do?q={ip-address}

I use this link in my internal RBL report pages.
+100

Or just a resolve of the hostname and country ID would be great.
J
We've found ipinfo.io and their API to be a viable solution for our usage.

Their free tier for API usage is even quite generous.

We've also run into many situations where SmarterMail GeoIP data does not match what online sources have. This database should have an internal update mechanism.
MailEnable survivor / convert --
Can you elaborate on how you installed the API to ipinfo?
J
We use a 3rd party log monitor that triggers on denials and handles most of our IDS blocks thanks - we're less tolerant than SM's rules permit and we trigger on different conditions than SM allows.  

Our monitors lookup all IPs they see using ipinfo's CLI  (available on github) tools.

Our current issue with this setup is SM's sensitivity to log writing. Our monitor monitors with no locks, yet SM trips claiming it can't open log files or gets caught up only keeping the last 2 hours worth of logs and deleting the rest.  We're still tracking it to see which side is causing the full issue.

I will work up some more detailed data and send you a DM in the next little while :)
MailEnable survivor / convert --
Kyle Kerst Replied
9/26/2024 at 5:00 PM
Employee Post
One thing that might help with your log reading locks is adjusting your reader so it creates then monitors a shadowcopy version of the log file rather than the original. You could update the shadow copy every few minutes without causing issues in the VSS Writers, possibly even more often depending on your disks and other environmental details. 
Kyle Kerst
Lead Internal Network/System Administrator
SmarterTools Inc.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Translation Files for Older VersionsGeneral Topics
Error Using the Embed Video ButtonSmarterTrack > Troubleshooting
Key Feature and Version Milestones in SmarterMailSmarterMail
Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
SmarterTools Licensing InformationGeneral Topics