[Request] Whois integration

smilebasti / npmGrafStats

This project exports NginxProxyManager Logs to InfluxDB for displaying them in a Grafana Dashboard.

GNU General Public License v3.0

149 stars 10 forks source link

[Request] Whois integration #32

Closed maxdd closed 11 months ago

maxdd commented 11 months ago

Hello, as an enchancement/feature what do you think about improving Getipinfo.py with whois? Ideally i would love to have a map showing also who is the "registrant" of the ip e.g. google/ISP/mobile carrier here an example of whois data

https://www.geeksforgeeks.org/how-to-use-the-whois-command-on-ubuntu-linux/

if im not wrong there is a python wrapper as well

smilebasti commented 11 months ago

Hi, this seems to be a great addition. I think the problem would be a rate limit of the whois service. I have about 10-20 Hits per Minute (monitoring and internal calls deactivated) and that seems to much for many api's. Maybe a cache server could be implemented for that. Maybe someone is able to build this or has thoughts on the performance impact?

You can also query the database maybe with a separate program.

maxdd commented 11 months ago

Are you concerned that spamming whois command will result in a rate limit on the regional internet registry server? Maybe something like this can help? https://github.com/rioncarter/whois-caching-proxy

My simple idea was to have a python dict or an sql in which I save the ip - registrant pair and search for it before issuing a whois, then push it to influx

maxdd commented 11 months ago

Actually based on this https://pypi.org/project/geoip2/ it would be sufficient to do

response.autonomous_system_organization

on the ASN database and send it over to influxdb

I'm wondering what added value are giving

response.isp
response.organization
response.domain

smilebasti commented 11 months ago

Actually based on this https://pypi.org/project/geoip2/ it would be sufficient to do
response.autonomous_system_organization
on the ASN database and send it over to influxdb

The ASN database is freely available. Not sure if the returned information is the one you want:

 response.autonomous_system_organization = 'Telstra Pty Ltd'

I'm wondering what added value are giving

response.isp
response.organization
response.domain

The ISP and Domain information is not freely available.

maxdd commented 11 months ago

Yeah, i've update the docker image with the ASN database as well. I must say that i was expecting a little bit more accuracy, ofc the Lite version is free for a reason.

smilebasti commented 11 months ago

Thanks for testing. As you closed this issue the ASN doesn't add value to implement it as optional addition?

Would the whois approach be more accurate?

maxdd commented 11 months ago

Thanks for testing. As you closed this issue the ASN doesn't add value to implement it as optional addition?

Would the whois approach be more accurate?

For me it add values because i know from which entity the request comes in so i would definitely keep it and add it every if you don't plan to integrate the ASN. Regarding the whois approach im struggling to find a service which is more accurate than maxmind although it still lacks unless one uses the non-lite version

smilebasti commented 11 months ago

I have no problem with integrating the ASN database as optional feature.

Would you mind opening a pull request and sharing your implementation?

smilebasti commented 11 months ago

I just pushed v2.4.0 with the ASN function.

Thanks for you push request. Enjoy :)