dnstab-read with detailed information
MAYER Hans
Hans.Mayer at iiasa.ac.at
Thu Mar 16 13:06:20 UTC 2023
Hi Peter,
many thanks for your swift feedback.
Are there some open source tools available to feed the data into a database ?
I couldn’t find anything.
Kind regards
Hans
—
> On 15.03.2023, at 23:37, Peter <pmc at citylink.dinoex.sub.org> wrote:
>
> On Wed, Mar 15, 2023 at 09:34:40PM +0000, MAYER Hans wrote:
> !
> !
> ! Dear All,
> !
> ! dnstab is a great feature to analyse the details what’s going on. But I think there is room for improvement.
> !
> ! I write the data to a file and once a day I do a log rotate.
> ! With "dnstab-read FILE | grep IP“ I get basic information about an IP which I am looking for.
> ! Now getting full information required options -p and -y
> ! In this case „grep“ing isn’t so easy. Options -A can help.
> ! What I do is, I redirect output to a file and open it with „vi“.
> ! You can imagine, that this file can become large.
> !
> ! Are there any other (better) possibilities ?
>
> Yes. Parse the YAML, feed it into a database. Or, use the dnstap
> libaries and parse that stuff directly, should be faster, but needs
> C coding.
>
> Database finds query and answer and pairs them back together.
>
> From there on everything is possible. You could do data mining
> for intrusion detection, i.e. search for anomalies, or whatever.
More information about the bind-users
mailing list