git clone https://gitweb.michael.orlitzky.com/djbdns-logparse.git
A fork of Greg Ward's parse_djbdns_log program that has been documented and updated to modern python standards.
djbdns is Daniel
J. Bernstein's suite of DNS software. Two of its daemons, tinydns and dnscache, resolve
DNS queries while simultaneously logging obscure gibberish to a
file. For example, this is what tinydns logs if I request the
A record for www.example.com:
djbdns-logparse converts these into something that you can actually read. The line above gets turned into,
2022-09-14 21:04:40.206516500 dropped query (no authority) from 127.0.0.1:40289 (id 48745): a www.example.comand surely you agree that this is preferable.
It's a python setuptools-based package, so the easiest way to install it is probably to download & extract the tarball, and then run
user $ python setup.py install --user
from within the directory that was extracted. If you know some pip command or whatever that works better, feel free to use it.
There are only two:
PATH
Feed it tinydns or dnscache log files, either via
stdin…
user $ djbdns-logparse < /var/dnscache/log/main/current
2022-09-19 10:47:12.953666500 starting
2022-09-19 10:47:33.084125500 query #1 127.0.0.1:44339 (id 9929) a www.example.com.
2022-09-19 10:47:33.084128500 tx g=0 a www.example.com. . 192.168.1.1
2022-09-19 10:47:33.099298500 rr 192.168.1.1 TTL=40285 a www.example.com. 93.184.216.34
2022-09-19 10:47:33.099300500 stats count=1 motion=43 udp-active=1 tcp-active=0
2022-09-19 10:47:33.099377500 sent #1 49
2022-09-19 10:47:37.913287500 query #2 127.0.0.1:47516 (id 14409) txt www.example.com.
2022-09-19 10:47:37.913380500 tx g=0 txt www.example.com. . 192.168.1.1
2022-09-19 10:47:37.931252500 rr 192.168.1.1 TTL=86400 txt www.example.com. 11:"v=spf1 -all"
2022-09-19 10:47:37.931255500 rr 192.168.1.1 TTL=86400 txt www.example.com. 32:"wgyf8z8cgvm2qmxpnbnldrcltvk4xqf..."
2022-09-19 10:47:37.931297500 stats count=2 motion=131 udp-active=1 tcp-active=0
2022-09-19 10:47:37.931332500 sent #2 102
or on the command-line:
user $ djbdns-logparse /var/tinydns/log/main/*.s | head -n 10
2022-09-14 19:26:41.300364500 sent response to 192.168.0.46:53969 (id 35830): aaaa ipv6.example.com
2022-09-14 19:26:41.487751500 sent response to 192.168.1.71:20039 (id 1659): a example.net
2022-09-14 19:26:41.508978500 sent response to 192.168.1.71:48252 (id 21909): aaaa example.net
2022-09-14 19:26:41.627669500 sent response to 192.168.0.139:30527 (id 43254): a dns3.example.com
2022-09-14 19:26:41.668888500 sent response to 192.168.0.139:64880 (id 33302): a dns.example.com
2022-09-14 19:26:41.882769500 sent response to 10.0.1.194:51020 (id 5411): aaaa example.org
2022-09-14 19:26:42.135118500 dropped query (no authority) from 10.10.10.48:53220 (id 41583): a www.invalid
2022-09-14 19:26:42.254312500 sent response to 172.17.29.1:3079 (id 54381): aaaa mail2.example.com
2022-09-14 19:26:42.268802500 sent response to 172.17.30.135:38498 (id 57389): a dns2.example.com
2022-09-14 19:26:42.686389500 dropped query (no authority) from 172.20.0.57:20491 (id 43936): any localhost
For more details, see the included man page.
Email them to me at michael@orlitzky.com.