Bind Queries log file format
Phil Mayers
p.mayers at imperial.ac.uk
Sat Feb 4 09:27:07 UTC 2017
On 03/02/17 16:45, Mukund Sivaraman wrote:
> The query log is getting more fields at the end of it such as
> CLIENT-SUBNET logging.
Although it would be super-disruptive, has any thought been given to
moving to an entirely new log format, for example k/v or JSON? They're a
lot more extendable going forward and most SIEM/ML systems will read
them with no additional configuration.
Adding the query log hex/ptr thing just inconvenienced me. Strangely,
changing the entire format to k/v would have massively helped me. This
applies across all logs (RPZ in particular).
Obviously one sample isn't enough but it's maybe something to consider?
More information about the bind-users
mailing list