[dnsdist] High-fidelity timestamp in FrameStream logging
Remi Gacogne
remi.gacogne at powerdns.com
Fri Oct 11 15:59:03 UTC 2019
Hi Casey,
On 10/11/19 5:31 PM, Casey Deccio wrote:
> I am using the following to log queries:
>
> logger = newFrameStreamTcpLogger("127.0.0.1:4343")
> addAction(AllRule(), DnstapLogAction("foo", logger))
>
> Then I use this command line to read and produce yaml output:
>
> fstrm_capture -t protobuf:dnstap.Dnstap -a 127.0.0.1 -p 4343 -w - | dnstap-read -y -p /dev/stdin
>
> This seems to be working, for the most part. However, I'm getting only second level- granularity in my messages, e.g.:
>
> query_time: !!timestamp 2019-10-11T15:29:00Z
>
> I would really like to see at least milliseconds.
This seems to be a limitation of dnstap-read, we do export the
nanoseconds as defined in the dnstap format, and it looks like
dnstap-ldns [1] read them just fine:
type: MESSAGE
identity: "foo"
version: "dnsdist XX"
message:
type: CLIENT_QUERY
query_time: !!timestamp 2019-10-11 15:56:13.476117
socket_family: INET
socket_protocol: UDP
query_address: 127.0.0.1
response_address: 127.0.0.1
query_port: 52156
response_port: 53
query_message: |
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 8674
;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;powerdns.com. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; EDNS: version 0; flags: ; udp: 4096
[1]: https://github.com/dnstap/dnstap-ldns
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20191011/445c6dac/attachment.sig>
More information about the dnsdist
mailing list