 |
 |
LOG DNS requests
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2002
Location: Central Texas
Status:
Offline
|
|
I'd like to log all resolver requests going through our OS X Server by domain name and IP Address. So for example if I type in http://www.macnn.com/ in my web browser on my Mac here in the office - it asks the OS X Server that handles our NAT/DNS to resolve the domain. I'd then like the requested domain to be logged with the IP address of my Mac.
So how can I do this? Either through natd or BIND?
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jul 2004
Location: Seattle WA USA
Status:
Offline
|
|
thats easy if you are running your own internal DNS server to resolve names.
are you?
are you using the osx server as the gateway too? cuz its just as easy to log that too.
add to named.conf for DNS solution:
Code:
logging {
channel my_file {
file "/var/log/bind/bind9.log";
severity dynamic;
print-category yes;
print-severity yes;
};
if the natd/ipfw is the same as freebsd
just add a -log to the start up parameters
that should log everything 
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2002
Location: Central Texas
Status:
Offline
|
|
Awsome
As for natd - Panther Server has that on in the Server Admin and I can't find where it configures the nat server. I had it in Jaguar...but not in Panther.
But thanks - I'll get that in my named.conf file now
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jul 2004
Location: Seattle WA USA
Status:
Offline
|
|
obviously put your own path to the log file..
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jul 2004
Location: Seattle WA USA
Status:
Offline
|
|
also does osxserver have bind9 or 8?
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2002
Location: Central Texas
Status:
Offline
|
|
Bind 9.
Its working great - I did have to make a couple tiny changes, but they were tiny. Also got a good cron script to email the list daily to the admin.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jul 2004
Location: Seattle WA USA
Status:
Offline
|
|
well the problem with the way i said is it doesn't log time.. only the query ..
add this under the other print statments:
now your log files should look like:
Jul 29 21:41:38.076 queries: info: client 123.123.123.123#33701: query: www.domain.com IN A
so add this to your crontab to mail that days querrys
Code:
0 23 * * * grep "`date +%b\ %d`" /path/to/logfile | mail -s "`date +%b\ %d` dns querries" [email protected]
since its greps based on the date its run.. run it before midnight.. or it won't find that days log
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2002
Location: Central Texas
Status:
Offline
|
|
Yeah, already done  ALso added the ability to rotate logs so that the log file wouldn't get too big.
Next step is to write a script to analyze the file to get good data out of it. Its not just used for internal queries but external ones as well.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top