bind verbose logging

shawn wilson ag4ve.us at gmail.com
Fri May 10 03:45:35 UTC 2013


On May 9, 2013 11:27 PM, "Mike Hale" <eyeronic.design at gmail.com> wrote:
>
> I'll send over some info tomorrow.  Shoot me a reminder if you don't
> get it by the later afternoon.
>
> I wouldn't really call it a schema...it's just a simple field
> extraction bash script that then generates the sql inserts.  Like I
> said...quick and dirty.
>

Cool.

> Afte coding it from scratch, I'm starting to like the idea of using
> Splunk as a front-end to analyze the logs.  You may want to look at
> using that rather than coding one by hand.  The free version can index
> 500 megs a day...which is a *lot* of queries.
>

Thought about Splunk, then Graylog2, then LogStash. Now I'm just thinking
of continuing by hand and getting ElasticSearch going (got a perl Storable
going right now). But alternative thinking is always useful so...

> On Thu, May 9, 2013 at 8:14 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
> > Thanks, that's what I'm looking for.
> >
> > Mike, sure I wouldn't mind schema ideas.
> >
> > On Thu, May 9, 2013 at 10:56 PM, staticsafe <me at staticsafe.ca> wrote:
> >> On 5/9/2013 22:52, shawn wilson wrote:
> >>> In this log line, what is -EDC? I've also noticed +, -, -E, and -ED
> >>> but I have no Idea what they are (called/represent).
> >>>
> >>> 08-May-2013 08:04:49.751 client 1.2.3.4#48747 (ns2.example.com):
> >>> query: ns2.example.com IN AAAA -EDC (1.2.3.4)
> >>>
> >>> Also, I'm writing a parser and we're only loging 'queries' but if
> >>> someone has examples / schemas for the other categories, I'd like to
> >>> integrate that.
> >>> http://www.zytrax.com/books/dns/ch7/logging.html
> >>>
> >>
> >> "+EDC on a query indicates that it is:
> >>
> >> - Recursive (+) - it has come from a client or a server that is
> >> forwarding queries to your server
> >> - The sender is using EDNS0 (using larger UDP packet sizes and
> >> signalling the size that can be accepted)
> >> - The sender understands DNSSEC (D) - this is a request to your server
> >> to include any DNSSEC material associated with answer in the query
reply.
> >> - DNSSEC validation checking is disabled (C) - the sender wants the
> >> answer anyway, even if the validation checks fail."
> >>
> >> Source -
> >>
https://kb.isc.org/article/AA-00434/0/What-do-EDC-and-other-letters-I-see-in-my-query-log-mean.html
> >>
> >> Also see https://www.isc.org/software/bind/documentation for further
> >> documentation.
> >> --
> >> staticsafe
> >> O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
> >> Please don't top post - http://goo.gl/YrmAb
> >> Don't CC me! I'm subscribed to whatever list I just posted on.
> >>
> >
>
>
>
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0


More information about the NANOG mailing list