open-source tool for filter out stats from dns logs

Kumar, Naveen Naveen.Kumar at cw.com
Wed Jan 2 12:34:02 UTC 2013 

Hi Gaurav,

 

Try following code and change as per your requirement (I used it to
capture uniqued IP address)

Create empty file "/tmp/out_log" before starting, so that values will be
stored and can be used even after log rotation.

 

#!/usr/bin/perl

use File::Copy qw(copy);

#Search unique IP address for DNS queries from query log.

my @val;

my $i=0;

#Read previously read IPs from file.

open (iplog, "/tmp/out_log") or die "File doesn't exists";

while (my $ips = <iplog>)

{

push (@ip_addr, $ips);

}

close(iplog);

while ($i <20)

{

open (OUT_LOG, '>/tmp/out_log');

#Copy all the logs to a separate location

copy("/var/named/chroot/var/log/named.log.$i","/tmp/named.log.$i");

#Read them one by one and capture values

open(logs, "/tmp/Non-anycast/logs/named.log.$i") or die "File:
named.log.$i doesnot exist";

while (my $line = <logs>)

{

        chomp;

        ($dt,$tm,$clt, $ip_port,$query, $tt ) = split(/\ /,$line);

        ($ip,$port) = split(/\#/, $ip_port);

        push (@ip_addr, $ip);

        }

close (logs);

$i=$i+1;

}

#Get unique IPs from the array (previous logs and current logs)

my @unique_ip = do { my %seen; grep { !$seen{$_}++ } @ip_addr };

@val = sort (@unique_ip);

print "  " . $#val . "  \n" ;

#Write it to the file again for next time.

print OUT_LOG "@val ";

#end of script

 

Regards,

Naveen

From: bind-users-bounces+naveen.kumar=cw.com at lists.isc.org
[mailto:bind-users-bounces+naveen.kumar=cw.com at lists.isc.org] On Behalf
Of Mike Hale
Sent: Saturday, December 29, 2012 10:37 PM
To: Gaurav Kansal
Cc: bind-users at lists.isc.org
Subject: Re: open-source tool for filter out stats from dns logs

 

I looked for one a while back and couldn't find any good ones.  All the
ones I saw simply used the named.stats file, which wasn't enough.

 

I ended up exporting all query logs to a backend server and coding a
script that imported the queries into MySQL, which I then accessed with
a php app (which, after having 7 million queries in the db, takes a good
three minutes to load :/ ).  

 

 

On Sat, Dec 29, 2012 at 8:56 AM, Gaurav Kansal <gaurav.kansal at nic.in>
wrote:

Dear Team,

 

I want to collect some stats (such as most which zone has queried most,
which DNS Server queries us most and so on) based on my DNS Logs.

Is there any open-source tool available to filter out these statistics
using my dns logs. 

 

 

Thanks and Regards,

Gaurav Kansal

Mob - 9910118448

 

Happy New Year 2013.

IPv4 is Over,

Are your ready for new Network.

 

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 

This e-mail has been scanned for viruses by the Cable&Wireless Worldwide e-mail security system. For more information on a proactive 
managed e-mail secure service, visit http://www.cw.com/managed-exchange

The information contained in this e-mail is confidential and may also be subject to legal privilege. It is intended only for the recipient(s) named above. 
If you are not named above as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email. If you 
have received this e-mail in error, please notify the sender (whose contact details are above) immediately by reply e-mail and delete the message and any 
attachments without retaining any copies.

Cable & Wireless Worldwide plc 
Registered in England and Wales. Company Number 07029206
Registered office: Waterside House, Longshot Lane, Bracknell, Berkshire, RG12 1XL, England
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130102/ba3bb6cb/attachment.html>

More information about the bind-users mailing list