about dnstap
Here are trial and error logs when installing dnstap and unbound on ubuntu 13.04.
# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 13.04"
3.8.0-31-generic x86_64
|
[ install dnstap and unbound ]
Before installing dnstap and unbound, I installed following packages via apt-get
Commandline: apt-get install protobuf-c-compiler
Commandline: apt-get install git
Commandline: apt-get install build-essential
Commandline: apt-get install pkg-config
Commandline: apt-get install autoconf
Commandline: apt-get install libtool
Commandline: apt-get install ldnsutils libldns-dev
Commandline: apt-get install expat
Commandline: apt-get install libexpat-dev
|
install dnstap
$ sudo apt-get install protobuf-c-compiler
$ git clone git://github.com/dnstap/dnstap.git $ cd dnstap && ./autogen.sh && ./configure && make && sudo make install |
install unbound which supports dnstap
$ git clone git@github.com:dnstap/unbound.git
$ cd unbound && ./configure --enable-dnstap && make && sudo make install
# /usr/local/sbin/unbound -h
Version 1.4.21
linked libs: mini-event internal (it uses select), ldns 1.6.13, OpenSSL 1.0.1c 10 May 2012
linked modules: validator iterator
configured for x86_64-unknown-linux-gnu on Wed Oct 9 00:46:29 JST 2013 with options: '--enable-dnstap'
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl
|
[ install golang-dnstap to decode dnstap logs ]
# apt-get install golang
# go get -u github.com/dnstap/golang-dnstap/dnstap
# cd .; hg clone -U https://code.google.com/p/goprotobuf /usr/lib/go/src/pkg/code.google.com/p/goprotobuf
package github.com/dnstap/golang-dnstap/dnstap
imports code.google.com/p/goprotobuf/proto: exec: "hg": executable file not found in $PATH
# apt-get install mercurial
# go get -u github.com/dnstap/golang-dnstap/dnstap
# github.com/dnstap/golang-dnstap
/usr/lib/go/src/pkg/github.com/dnstap/golang-dnstap/quiettext.go:170: function ends without a return statement
/usr/lib/go/src/pkg/github.com/dnstap/golang-dnstap/writer.go:37: function ends without a return statement
/usr/lib/go/src/pkg/github.com/dnstap/golang-dnstap/yaml.go:134: function ends without a return statement
|
can’t compile..
go ver is old?
# go version
go version go1.0.2
# apt-get remove golang golang-doc golang-go golang-src
|
install go lang from source.
# tar -C /usr/local -xzf go1.1.2.linux-amd64.tar.gz
# tar -C /usr/local -xzf go1.1.2.linux-amd64.tar.gz
# echo "export PATH=$PATH:/usr/local/go/bin" >> /root/.profile
# which go
# source /root/.profile
# which go
/usr/local/go/bin/go
# go get -u github.com/dnstap/golang-dnstap/dnstap
package github.com/dnstap/golang-dnstap/dnstap: cannot download, $GOPATH not set. For more details see: go help gopath
root@ubuntu:~# go env
GOARCH="amd64"
GOBIN=""
GOCHAR="6"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH=""
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-g -O2 -fPIC -m64 -pthread"
CGO_ENABLED="1"
root@ubuntu:~# export GOPATH=/root/go_works
root@ubuntu:~#
root@ubuntu:~# go env
GOARCH="amd64"
GOBIN=""
GOCHAR="6"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go_works"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-g -O2 -fPIC -m64 -pthread"
CGO_ENABLED="1"
# go get -u github.com/dnstap/golang-dnstap/dnstap
root@ubuntu:~/go_works/bin# echo $GOPATH
/root/go_works
root@ubuntu:~/go_works/bin# pwd
/root/go_works/bin
root@ubuntu:~/go_works/bin# ./dnstap --help
Usage of ./dnstap:
-q=false: use quiet text output
-r="": read dnstap payloads from file
-s="": read dnstap payloads from unix socket
-w="": write output to file
-y=false: use verbose YAML output
|
[ configure unbound ]
before starting unbound, run dnstap command in advance.( ./dnstap -s /var/run/unbound/dnstap.sock )
# unbound-control-setup
# egrep -v "#" /usr/local/etc/unbound/unbound.conf | grep -v ^$
server:
dnstap-enable: yes
dnstap-socket-path: "/var/run/unbound/dnstap.sock"
dnstap-send-identity: yes
dnstap-send-version: yes
dnstap-log-resolver-response-messages: yes
dnstap-log-client-query-messages: yes
verbosity: 10
interface: 192.168.11.13
interface: 127.0.0.1
interface: 192.168.100.148
access-control: 0.0.0.0/0 allow
chroot: ""
username: "root"
directory: "/usr/local/etc/unbound"
python:
remote-control:
control-enable: yes
# ./dnstap -s /var/run/unbound/dnstap.sock
# /usr/local/sbin/unbound -c /usr/local/etc/unbound/unbound.conf
[1381252092] unbound[4130:0] debug: creating udp4 socket 192.168.11.13 53
[1381252092] unbound[4130:0] debug: creating tcp4 socket 192.168.11.13 53
[1381252092] unbound[4130:0] debug: creating udp4 socket 127.0.0.1 53
[1381252092] unbound[4130:0] debug: creating tcp4 socket 127.0.0.1 53
[1381252092] unbound[4130:0] debug: creating udp4 socket 192.168.100.148 53
[1381252092] unbound[4130:0] debug: creating tcp4 socket 192.168.100.148 53
[1381252092] unbound[4130:0] debug: creating tcp6 socket ::1 8953
[1381252092] unbound[4130:0] debug: creating tcp4 socket 127.0.0.1 8953
[1381252092] unbound[4130:0] debug: switching log to syslog
# egrep dnstap /var/log/syslog | grep 4131| head -10
Oct 9 02:08:12 ubuntu unbound: [4131:0] info: opening dnstap socket /var/run/unbound/dnstap.sock
Oct 9 02:08:12 ubuntu unbound: [4131:0] info: dnstap identity field set to "ubuntu"
Oct 9 02:08:12 ubuntu unbound: [4131:0] info: dnstap version field set to "unbound 1.4.21"
Oct 9 02:08:26 ubuntu unbound: [4131:0] debug: submitting 124 octet dnstap payload
Oct 9 02:09:33 ubuntu unbound: [4131:0] debug: submitting 124 octet dnstap payload
Oct 9 02:11:29 ubuntu unbound: [4131:0] debug: submitting 124 octet dnstap payload
Oct 9 02:13:37 ubuntu unbound: [4131:0] info: closing dnstap socket
|
read dnstap.sock with dnstap command.
# ./dnstap -s /var/run/unbound/dnstap.sock -
dnstap: opened input socket: /var/run/unbound/dnstap.sock
02:14:02.027918 CQ 192.168.100.1 UDP 43b "www.google.com." IN A
02:14:02.046467 RR 199.7.83.42 UDP 857b "." IN NS
02:14:02.079851 RR 202.12.27.33 UDP 107b "e.root-servers.net." IN AAAA
02:14:02.188021 RR 192.33.4.12 UDP 107b "c.root-servers.net." IN AAAA
02:14:02.246141 RR 199.7.91.13 UDP 738b "www.google.com." IN A
02:14:02.265228 RR 128.63.2.53 UDP 107b "g.root-servers.net." IN AAAA
02:14:02.265228 RR 128.63.2.53 UDP 107b "b.root-servers.net." IN AAAA
02:14:02.274215 RR 193.0.14.129 UDP 724b "h.gtld-servers.net." IN AAAA
02:14:02.281026 RR 192.112.36.4 UDP 724b "k.gtld-servers.net." IN AAAA
02:14:02.293092 RR 192.48.79.30 UDP 852b "g.gtld-servers.net." IN AAAA
|