doc/man1/djbdns-logparse.1

   1 .TH djbdns-logparse 1
   2
   3 .SH NAME
   4 djbdns-logparse \- Convert tinydns and dnscache logs to human-readable form
   5 .SH SYNOPSIS
   6 .SY djbdns-logparse
   7 .OP LOGFILE ...
   8 .YS
   9
  10 .SY djbdns-logparse
  11 .B \-h
  12 .SY djbdns-logparse
  13 .B \-\-help
  14 .YS
  15
  16 .SH INPUT
  17 .P
  18 Each \fILOGFILE\fR should be a tinydns or dnscache log file; if none
  19 are given, the program will read from stdin.
  20 .SH DESCRIPTION
  21 .P
  22 Both tinydns and dnscache (two daemons in the djbdns suite) keep logs
  23 of their activity, but only in an undocumented machine-oriented
  24 format. The goal of djbdns-logparse is to parse those logs and make
  25 them human-readable with a minimal amount of interference.
  26 .SH EXAMPLES
  27 .P
  28 Reading the current dnscache log from stdin:
  29
  30 .EX
  31 .I $ djbdns-logparse < /var/dnscache/log/main/current
  32 2022-09-19 10:47:12.953666500 starting
  33 2022-09-19 10:47:33.084125500 query #1 127.0.0.1:44339 (id 9929) a www.example.com.
  34 2022-09-19 10:47:33.084128500 tx g=0 a www.example.com. . 192.168.1.1
  35 2022-09-19 10:47:33.099298500 rr 192.168.1.1 TTL=40285 a www.example.com. 93.184.216.34
  36 2022-09-19 10:47:33.099300500 stats count=1 motion=43 udp-active=1 tcp-active=0
  37 2022-09-19 10:47:33.099377500 sent #1 49
  38 2022-09-19 10:47:37.913287500 query #2 127.0.0.1:47516 (id 14409) txt www.example.com.
  39 2022-09-19 10:47:37.913380500 tx g=0 txt www.example.com. . 192.168.1.1
  40 2022-09-19 10:47:37.931252500 rr 192.168.1.1 TTL=86400 txt www.example.com. 11:"v=spf1 -all"
  41 2022-09-19 10:47:37.931255500 rr 192.168.1.1 TTL=86400 txt www.example.com. 32:"wgyf8z8cgvm2qmxpnbnldrcltvk4xqf..."
  42 2022-09-19 10:47:37.931297500 stats count=2 motion=131 udp-active=1 tcp-active=0
  43 2022-09-19 10:47:37.931332500 sent #2 102
  44 .EE
  45 .SH OPTIONS
  46
  47 .TP
  48 .B \-\-help, \-h
  49 Display detailed program usage.
  50 .SH TRANSFORMATIONS
  51
  52 A number of transformations are applied to the raw logs. Some are
  53 specific to tinydns, others are specific to dnscache, and some apply
  54 to both. In explaining these, we borrow terminology from the following:
  55
  56 .IP \(bu 2
  57 .UR https://www.dqd.com/~mayoff/notes/djbdns/tinydns-log.html
  58 Rob Mayoff's notes on the tinydns log file format
  59 .UE
  60 .IP \(bu
  61 .UR https://www.dqd.com/~mayoff/notes/djbdns/dnscache-log.html
  62 Rob Mayoff's notes on the dnscache log file format
  63 .UE
  64
  65 .P
  66 The following transformations are common to  both daemons' logs:
  67 .IP \(bu 2
  68 The leading timestamps are piped through the
  69 \fBtai64nlocal\fR program.
  70 .IP \(bu
  71 IPv4 addresses are converted from hexadecimal strings to decimal
  72 dotted-quads; for example \(dq7f000001\(dq becomes \(dq127.0.0.1\(dq.
  73 IPv6 addresses simply have colons interspersed, so that
  74 \(dq00000000000000000000ffff7f000001\(dq would become
  75 \(dq0000:0000:0000:0000:0000:ffff:7f00:0001\(dq.
  76 .IP \(bu
  77 Port numbers are converted from hexedecimal to decimal.
  78 .P
  79 The following transformations are specific to tinydns:
  80 .IP \(bu 2
  81 The hexadecimal query type id (for example, \(dq001c\(dq) is converted
  82 first to decimal, and then to the corresponding RFC-defined type name,
  83 as in https://en.wikipedia.org/wiki/List_of_DNS_record_types
  84
  85
  86 .SH BUGS
  87
  88 Send bugs to
  89 .MT michael@orlitzky.com
  90 Michael Orlitzky
  91 .ME