On Wed, Mar 15, 2023 at 09:34:40PM +0000, MAYER Hans wrote: ! ! ! Dear All, ! ! dnstab is a great feature to analyse the details what’s going on. But I think there is room for improvement. ! ! I write the data to a file and once a day I do a log rotate. ! With "dnstab-read FILE | grep IP“ I get basic information about an IP which I am looking for. ! Now getting full information required options -p and -y ! In this case „grep“ing isn’t so easy. Options -A can help. ! What I do is, I redirect output to a file and open it with „vi“. ! You can imagine, that this file can become large. ! ! Are there any other (better) possibilities ?
Yes. Parse the YAML, feed it into a database. Or, use the dnstap libaries and parse that stuff directly, should be faster, but needs C coding. Database finds query and answer and pairs them back together. From there on everything is possible. You could do data mining for intrusion detection, i.e. search for anomalies, or whatever. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
