Query-log analysis
x_bind-users_x at nospam.pz.podzone.net
x_bind-users_x at nospam.pz.podzone.net
Sat Dec 30 18:41:46 UTC 2006
On Sat, Dec 30, 2006 at 12:07:47PM +0100, someone wrote:
> Hi,
>
> how does your own script work on analysing queries on the bind
> nameserver? I'm interested in such a thing as well.
Well I don't have a script, yet, not wanting to reinvent the wheel...
However, I did hack this command line together just to get a feel for
things:
F=/var/log/bind/queries.log; sed 's/^.* query: \(.*\)$/\1/' $F | sort -u | while read X; do echo "$(cat
+$F | grep -hc "^.* ${X/./\.}\$"): $X"; done | sort -rn | less
And this is the config I'm using to get the log files in the first
place.
logging {
// NOTE: the log directory must be created manually:
// mkdir /var/log/bind
// chgrp bind /var/log/bind
// chmod 2775 /var/log/bind
// ls -ld /var/log/bind
channel "queries_channel" {
file "/var/log/bind/queries.log" versions 5 size 1m;
severity info;
print-time yes;
print-category no;
print-severity yes;
};
category "queries" { "queries_channel"; };
};
Actually, if someone knows how to log queries one file per-zone, or
per-domain, that should suffice for my immediate needs. But how do
others keep tabs on the domains they admin, or perhaps you don't care
much?
-pz.
More information about the bind-users
mailing list