Skip to main content

Submit Queries

This is the place you go to generate IPDR reports when the agencies request information.

To view Trisul IPDR Query form,

Navigation

👉 Login as User name: dotuser and

Password: ipdr@@123 (💡 remember to change the default)

Form Structure​

Trisul IPDR Query Form allows you to query on one or more of the following fields.

Here is the snapshot of Trisul IPDR Query Form.

Figure: The IPDR Query form

Form fields​

info

Multiple fields are AND-ed.

FieldsInputDescription
IP AddressEnter the IPv4 or IPv6 address.Enter one or more IPv4 or IPv6 addresses. Example: 209.168.1.20 or 2404:5440:3::a. For multiple IP queries, enter IPs separated by commas (,). Example: 209.168.1.20,209.168.3.20,2404:5440:3::a, Recommended limit: up to 20 IPs per query.
Time FrameSelect from a list of time frames (Last 1 hour, this month etc) or click custom to specify a time periodThe time range for which you want to retrieve IPDR data.
PortThe TCP or UDP Port numberThe port number
NAT IPThe private IP AddressWhen NAT or CGNAT is used , enter the private IP you want to query in this field. This would be in the 100.64.0.0/10, 10.0.0.0/8, or other private ranges
User NameThe user name from syslogs or from static customer inventoryThe user name from NAT syslogs or from the customer static IP inventory. If you want to query the RADIUS/AAA user then fill in the AAA User Name field instead. See
Device IPRouter IP Example: 10.2.2.1 or 2404:5440:3::aThe IP Address of the device generating the IPDR Data. Typically the router.
Bulk IP Query File(.txt file)A .txt file containing multiple IP addresses or subnets for bulk IPDR queries.
AAA User NameRADIUS/AAA user nameThe AAA RADIUS user name that you would find in AAA logs.

Usage Guidelines​

  • Fill in these fields with desired query parameters

  • Click Submit

This will create a targeted query to retrieve specific IPDR data. The result statistics and IPDR logs can be viewed on the IPDR Dashboard right away!

Full database dump​

Some jurisdictions have this requirement where ISPs are asked to provide a full database dump of all records to the agency. Obviously this is going to be gigantic, hence they can be capped at 1 Million records or such.

To request a full dump leave all the form fields blank and press the split submit button as shown below.

press to request full database dump

Figure: Request full database dump. A compliance tick mark

As a safety mechanism, the Full Database Dump is capped to 250,000 records. This is controlled by the IPDR > MaxRecords option in the Trisul Hub Configuration file.

User Name​

To add User ID from customer inventory database to flows.

Go to Trisul Apps and download and install IPDR Tagger app to enable tagging of group of IPs to a user ID.


Figure: Showing IPDR Tagger App from Trisul Apps

Once enabled, you can query the user ID associated with a particular group of IPs. This allows for efficient querying of IP groups based on user ID.

Command Line Bulk Query Capability​

The ipdr_bulkquery.sh script is a utility provided with the Trisul Hub IPDR package. It enables users to query thousands of IPs at once, eliminating the need for tedious individual IP entries into the IPDR Web Form.

Prerequisites​

  • The ipdr_bulkquery.sh script is located in the /usr/local/share/trisul-hub directory.
  • Create a text file (e.g., iplist1.txt) containing the list of IPs to query, one per line. For example (One per line), 203.43.23.1 22.23.44.55 87.23.55.123 78.178.21.139

Running the Script​

  • Place the ipdr_bulkquery.sh script and the IP list file (e.g., iplist1.txt) in a desired directory (e.g., /root).
  • Execute the script using the following command format:

/ipdr_bulkquery.sh -f <start_date> -t <end_date> -i <ip_list_file>

  • <start_date>: Specify the start date and time in the format 1-8-2024-13:00.
  • <end_date>: Specify the end date and time in the format 1-8-2024-13:30.
  • <ip_list_file>: Specify the path to the IP list file (e.g., /root/iplist1.txt).

Example Command

./ipdr_bulkquery.sh  -f 1-8-2024-13:00 -t 1-8-2024-13:30   -i /root/iplist1.txt

Output​

The script generates output files containing the IPDR query results. By default, these files are saved in a subdirectory within the /tmp directory. The subdirectory name follows the format ipdrresults-<timestamp> (For example, ipdrresults-1722851578 ). To specify a different output directory, use the -o option followed by the desired directory path.

Output File Structure​

The output subdirectory contains files named queryresults. <IP_address> and queryresults. <IP_address>.csv, where <IP_address> represents the IP address queried. These files contain the IPDR query results in both plain text and CSV formats.

root@ipdradmin:/usr/local/share/trisul-hub# ls -l /tmp/ipdrresults-1722851578
total 40880
-rw-r--r-- 1 root root      230 Aug  5 15:22 queryresults.103.84.86.10
-rw-r--r-- 1 root root        0 Aug  5 15:22 queryresults.103.84.86.10.csv
-rw-r--r-- 1 root root      230 Aug  5 15:23 queryresults.7.7.7.7
-rw-r--r-- 1 root root        0 Aug  5 15:23 queryresults.7.7.7.7.csv
-rw-r--r-- 1 root root 26485607 Aug  5 15:23 queryresults.8.8.4.4
-rw-r--r-- 1 root root 15360273 Aug  5 15:23 queryresults.8.8.4.4.csv
root@ipdradmin:/usr/local/share/trisul-hub#