lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

dnstap: example usage

please check an URL as below about how to install dnstap and unboud.
# ./dnstap -q -s /var/run/unbound/dnstap.sock -w /root/file01.dnstap
dnstap: opened input socket: /var/run/unbound/dnstap.sock

# /usr/local/sbin/unbound -c /usr/local/etc/unbound/unbound.conf

# ls -l /root/file01.dnstap
-rw-r--r-- 1 root root 16384 10月 10 00:44 /root/file01.dnstap

root@ubuntu:~# file /root/file01.dnstap
/root/file01.dnstap: data
outputs dnstap logs  to stdout as YAML format.
# ./dnstap -y -r /root/file01.dnstap | head -50
type: MESSAGE
identity: "ubuntu"
version: "unbound 1.4.21"
message:
 type: CLIENT_QUERY
 query_time: !!timestamp 2013-10-09 15:44:22.390449
 socket_family: INET
 socket_protocol: UDP
 query_address: 127.0.0.1
 query_port: 40209
 query_name: "www.google.com."
 query_class: IN
 query_type: A
 query_message: |
   ;; opcode: QUERY, status: NOERROR, id: 61531
   ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
   
   ;; QUESTION SECTION:
   ;www.google.com. IN A
   
   ;; ADDITIONAL SECTION:
   
   ;; OPT PSEUDOSECTION:
   ; EDNS: version 0; flags: ; udp: 4096
---
type: MESSAGE
identity: "ubuntu"
version: "unbound 1.4.21"
message:
 type: CLIENT_QUERY
 query_time: !!timestamp 2013-10-09 15:44:22.910591
 socket_family: INET
 socket_protocol: UDP
 query_address: 127.0.0.1
 query_port: 47765
 query_name: "www.google.com."
 query_class: IN
 query_type: A
 query_message: |
   ;; opcode: QUERY, status: NOERROR, id: 20757
   ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
   
   ;; QUESTION SECTION:
   ;www.google.com. IN A
   
   ;; ADDITIONAL SECTION:
   
   ;; OPT PSEUDOSECTION:
   ; EDNS: version 0; flags: ; udp: 4096
---
read dnstap log and writes the logs to a file
# ./dnstap -y -r /root/file01.dnstap -w /root/file01.yaml

# head -25 /root/file01.yaml
type: MESSAGE
identity: "ubuntu"
version: "unbound 1.4.21"
message:
 type: CLIENT_QUERY
 query_time: !!timestamp 2013-10-09 15:44:22.390449
 socket_family: INET
 socket_protocol: UDP
 query_address: 127.0.0.1
 query_port: 40209
 query_name: "www.google.com."
 query_class: IN
 query_type: A
 query_message: |
   ;; opcode: QUERY, status: NOERROR, id: 61531
   ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
   
   ;; QUESTION SECTION:
   ;www.google.com. IN A
   
   ;; ADDITIONAL SECTION:
   
   ;; OPT PSEUDOSECTION:
   ; EDNS: version 0; flags: ; udp: 4096
---

Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)