Bind Queries log file format
Michael Dahlberg
olgamirth at gmail.com
Thu Feb 2 21:29:23 UTC 2017
.On Thu, Feb 2, 2017 at 2:24 PM, Paul Roberts <paul at callevanetworks.com>
wrote:
> I agree, there are an awful lot of systems and SIEM products that process
> querylogs. This one change will require a huge amount of re-engineering
> work in customer environments.
>
>
Exactly
Mukund: We use Splunk to analyze the querylogs and we use a regex to drop
unnecessary data. I had to make the change in our regexes to avoid
licensing issues. I did not file a bug report because now that I've made
the Splunk config changes, changing it back in the querylog format will
once again invalidate my regex.
My criticism was not with the addition of the new data, but rather it's
location. It seems to me that right after the word "client" should come
client data (like an IP address or host name), not the memory location for
the running process.
Thank you, though, for your work on a fantastic piece of software.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170202/6fdb58f8/attachment.html>
More information about the bind-users
mailing list