.On Thu, Feb 2, 2017 at 2:24 PM, Paul Roberts <p...@callevanetworks.com> wrote:
> I agree, there are an awful lot of systems and SIEM products that process > querylogs. This one change will require a huge amount of re-engineering > work in customer environments. > > Exactly Mukund: We use Splunk to analyze the querylogs and we use a regex to drop unnecessary data. I had to make the change in our regexes to avoid licensing issues. I did not file a bug report because now that I've made the Splunk config changes, changing it back in the querylog format will once again invalidate my regex. My criticism was not with the addition of the new data, but rather it's location. It seems to me that right after the word "client" should come client data (like an IP address or host name), not the memory location for the running process. Thank you, though, for your work on a fantastic piece of software. Mike
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
