jreed777 at gmail.com
Tue Mar 19 20:19:30 UTC 2019
Winfried provided some help to me a few months back by pointing out that
the Protobuf example code is located in the pdns repo.
I was able to customize that to format the logs into something we were
happy with. Only thing I didn't get working was showing the response name, (
rr.name) in the log file.
On Tue, Mar 19, 2019 at 3:49 PM Casey Deccio <casey at deccio.net> wrote:
> I'm new to dnsdist, and we're setting it up to use for some experimental
> measurements, so we can use its flexibility to send queries to different
> backends, based on different options. Our previous setup was almost
> exclusively BIND, so all of our logging was using BIND's logging mechanism,
> sending our query log entries to syslog. Obviously, with dnsdist now
> sitting in front of our servers, we can still log with our backend servers,
> but we don't get the original source IP address. My wish would be to have
> a result very similar to what we had before with our logging, so we can
> change very little with our data analysis. I've read up on dndist's
> logging capabilities, with protobuf or dnstap, but I have yet to find a
> good, solid example of how we might use it effectively in the same way we
> were before with our BIND logs to syslog. The closest I got was to have
> something like this:
> - dnsdist outputs dnstap to a UNIX domain socket.
> - Some dnstap reader simply reads on the socket and then writes it to a
> file in whatever format I want (e.g., BIND query log format). dnstap (the
> command-line tool) can do this in part, but, as I understand it, it's
> output is yaml, which would require further formatting for our purposes,
> not to mention, it's one more process that I have to have running, and if
> it stops, I lose data. Finally, I would need to it to handle log file
> rotation (e.g., similar to how logrotate does it), so I don't end up with
> one huge file.
> I could also capture pcap on the interface and process it offline, but
> that seems silly.
> So, my questions for the group are: how are you doing your logging, and
> how would you recommend I do mine, based on what I've given you of my
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dnsdist