man bind8_query2dlf (Commandes) - convert BIND8 querylogs to dlf
NAME
bind8_query2dlf - convert BIND8 querylogs to dlf
SYNOPSIS
bind8_query2dlf
DESCRIPTION
This script converts each line in a bind8 querylog to a dns dlf record.
BIND generates these logs when something like
logging { channel query_logging { file "/var/log/named_querylog" versions 3 size 100M; print-time yes; // timestamp log entries };
category queries { query_logging; }; };
is in bind's named.conf. This will save up to three logfiles of maximum 100 megabytes in the directory /var/log.
These logfiles look like:
10-Apr-2000 00:01:20.307 XX /10.2.3.4/1.2.3.in-addr.arpa/SOA/IN 10-Apr-2000 00:01:20.308 XX+/10.4.3.2/host.foo.com/A/IN
EXAMPLES
To process a log as produced by bind8:
$ bind8_query2dlf < dns-query
bind8_query2dlf will be rarely used on its own, but is more likely called by lr_log2report:
$ cat /var/log/dns-query | lr_run lr_log2report bind8_query
SEE ALSO
http://www.logreport.org/doc/gen/dns/bind8.php
VERSION
$Id: bind8_query2dlf.in,v 1.4 2004/01/21 07:23:00 wsourdeau Exp $
COPYRIGHT
Copyright (C) 2000-2001 Stichting LogReport Foundation LogReport@LogReport.org
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
AUTHOR
Edwin Groothuis, now maintained by Joost van Baal