I am looking for scripts that can be used to parse and monitor the DNS logs for suspicious activity. I have enabled full logging and am currently using the DNSAnomalyDetection script written by Dr. Johannes Ulrich. This script gives me the daily top 10 requests based on the query logs. Does anyone have other scripts they are willing to share? I do not have Splunk.
Thanks, Don
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
