Need help on DNS reporter

babu dheen babudheen at yahoo.co.in
Mon Mar 21 15:42:14 UTC 2011 

Hi,
 
Actually i am looking for open source software which can be installed on redhat linux BIND server to geneerate report from the DNS logs.
 
Regards
Papdheen M

--- On Sun, 20/3/11, Warren Kumari <warren at kumari.net> wrote:


From: Warren Kumari <warren at kumari.net>
Subject: Re: Need help on DNS reporter
To: "babu dheen" <babudheen at yahoo.co.in>
Cc: "terry" <terry at list.dnsbed.com>, bind-users at lists.isc.org
Date: Sunday, 20 March, 2011, 8:10 PM


Enable query logging, then:

cat  queries.log | grep 'query: example.com'  | awk '{print $6}' | sed 's/#.*//' | sort -n | uniq -c | sort -rn | head -100 | more


or something similar? 

W

On Mar 20, 2011, at 10:09 AM, babu dheen wrote:

> Hi,
> 
> I am getting below status on this command.. Only internal DNS servers are allowed to query our gateway DNS server as client.
> 
> number of zones: 12
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is ON
> recursive clients: 1/1000
> tcp clients: 0/100
> server is up and running
> 
> 
> --- On Sun, 20/3/11, terry <terry at list.dnsbed.com> wrote:
> 
> From: terry <terry at list.dnsbed.com>
> Subject: Re: Need help on DNS reporter
> To: "babu dheen" <babudheen at yahoo.co.in>
> Cc: bind-users at lists.isc.org
> Date: Sunday, 20 March, 2011, 12:42 PM
> 
> How will "rndc status" take something good for you?
> 
> 
> 
> 2011/3/20 babu dheen <babudheen at yahoo.co.in>
> Hi,
>  
> Can anyone let me know is there any open source software available to generate report for DNS service based on DNS BIND query logs.
>  
> We have BIND DNS running RHEL 5.0. Would like to generate report based on its logs so that we can identify list of clients quering external domains and its query count.
>  
> Many clients in our company infected with malware which thus send unnecessary query to remote external domain (non available domain). So if we have any software which can generate the report from DNS BIND logs, will be very helpful.
>  
>  
> Regards
> Babu
> 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> -- 
> www.DNSbed.com
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110321/a618e1d8/attachment.html>

More information about the bind-users mailing list