[dnsdist] Logging

Jonathan Reed jreed777 at gmail.com
Tue Mar 19 20:19:30 UTC 2019 

Winfried provided some help to me a few months back by pointing out that
the Protobuf example code is located in the pdns repo.
https://github.com/PowerDNS/pdns/blob/master/contrib/ProtobufLogger.py

I was able to customize that to format the logs into something we were
happy with. Only thing I didn't get working was showing the response name, (
rr.name) in the log  file.

On Tue, Mar 19, 2019 at 3:49 PM Casey Deccio <casey at deccio.net> wrote:

> Hello!
>
> I'm new to dnsdist, and we're setting it up to use for some experimental
> measurements, so we can use its flexibility to send queries to different
> backends, based on different options.  Our previous setup was almost
> exclusively BIND, so all of our logging was using BIND's logging mechanism,
> sending our query log entries to syslog.  Obviously, with dnsdist now
> sitting in front of our servers, we can still log with our backend servers,
> but we don't get the original source IP address.  My wish would be to have
> a result very similar to what we had before with our logging, so we can
> change very little with our data analysis.  I've read up on dndist's
> logging capabilities, with protobuf or dnstap, but I have yet to find a
> good, solid example of how we might use it effectively in the same way we
> were before with our BIND logs to syslog.  The closest I got was to have
> something like this:
>
> - dnsdist outputs dnstap to a UNIX domain socket.
> - Some dnstap reader simply reads on the socket and then writes it to a
> file in whatever format I want (e.g., BIND query log format).  dnstap (the
> command-line tool) can do this in part, but, as I understand it, it's
> output is yaml, which would require further formatting for our purposes,
> not to mention, it's one more process that I have to have running, and if
> it stops, I lose data.  Finally, I would need to it to handle log file
> rotation (e.g., similar to how logrotate does it), so I don't end up with
> one huge file.
>
> I could also capture pcap on the interface and process it offline, but
> that seems silly.
>
> So, my questions for the group are: how are you doing your logging, and
> how would you recommend I do mine, based on what I've given you of my
> requirements?
>
> Thanks!
> Casey
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190319/049608eb/attachment.html>

More information about the dnsdist mailing list