Hi Peter, many thanks for your swift feedback. Are there some open source tools available to feed the data into a database ? I couldn’t find anything.
Kind regards Hans — > On 15.03.2023, at 23:37, Peter <p...@citylink.dinoex.sub.org> wrote: > > On Wed, Mar 15, 2023 at 09:34:40PM +0000, MAYER Hans wrote: > ! > ! > ! Dear All, > ! > ! dnstab is a great feature to analyse the details what’s going on. But I > think there is room for improvement. > ! > ! I write the data to a file and once a day I do a log rotate. > ! With "dnstab-read FILE | grep IP“ I get basic information about an IP which > I am looking for. > ! Now getting full information required options -p and -y > ! In this case „grep“ing isn’t so easy. Options -A can help. > ! What I do is, I redirect output to a file and open it with „vi“. > ! You can imagine, that this file can become large. > ! > ! Are there any other (better) possibilities ? > > Yes. Parse the YAML, feed it into a database. Or, use the dnstap > libaries and parse that stuff directly, should be faster, but needs > C coding. > > Database finds query and answer and pairs them back together. > > From there on everything is possible. You could do data mining > for intrusion detection, i.e. search for anomalies, or whatever. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
