dnstab-read with detailed information
Peter
pmc at citylink.dinoex.sub.org
Wed Mar 15 22:37:56 UTC 2023
On Wed, Mar 15, 2023 at 09:34:40PM +0000, MAYER Hans wrote:
!
!
! Dear All,
!
! dnstab is a great feature to analyse the details what’s going on. But I think there is room for improvement.
!
! I write the data to a file and once a day I do a log rotate.
! With "dnstab-read FILE | grep IP“ I get basic information about an IP which I am looking for.
! Now getting full information required options -p and -y
! In this case „grep“ing isn’t so easy. Options -A can help.
! What I do is, I redirect output to a file and open it with „vi“.
! You can imagine, that this file can become large.
!
! Are there any other (better) possibilities ?
Yes. Parse the YAML, feed it into a database. Or, use the dnstap
libaries and parse that stuff directly, should be faster, but needs
C coding.
Database finds query and answer and pairs them back together.
From there on everything is possible. You could do data mining
for intrusion detection, i.e. search for anomalies, or whatever.
More information about the bind-users
mailing list