doc/man1/djbdns-logparse.1

   1 .TH djbdns-logparse 1
   2
   3 .SH NAME
   4 djbdns-logparse \- Convert tinydns and dnscache logs to human-readable form
   5 .SH SYNOPSIS
   6
   7 \fBdjbdns-logparse\fR [\fBLOGFILE\fR [\fBLOGFILE\fR...]]
   8 .SH INPUT
   9 .P
  10 Each \fILOGFILE\fR should be a tinydns or dnscache log file; if none
  11 are given, the program will read from stdin.
  12 .SH DESCRIPTION
  13 .P
  14 Both tinydns and dnscache (two daemons in the djbdns suite) keep logs
  15 of their activity, but only in an undocumented machine-oriented
  16 format. The goal of djbdns-logparse is to parse those logs and make
  17 them human-readable with a minimal amount of interference.
  18 .SH EXAMPLES
  19 .P
  20 Reading the current dnscache log from stdin:
  21
  22 .nf
  23 .I $ djbdns-logparse < /var/dnscache/log/main/current
  24 2022-09-19 10:47:12.953666500 starting
  25 2022-09-19 10:47:33.084125500 query #1 127.0.0.1:44339 (id 9929) a www.example.com.
  26 2022-09-19 10:47:33.084128500 tx g=0 a www.example.com. . 192.168.1.1
  27 2022-09-19 10:47:33.099298500 rr 192.168.1.1 TTL=40285 a www.example.com. 93.184.216.34
  28 2022-09-19 10:47:33.099300500 stats count=1 motion=43 udp-active=1 tcp-active=0
  29 2022-09-19 10:47:33.099377500 sent #1 49
  30 2022-09-19 10:47:37.913287500 query #2 127.0.0.1:47516 (id 14409) txt www.example.com.
  31 2022-09-19 10:47:37.913380500 tx g=0 txt www.example.com. . 192.168.1.1
  32 2022-09-19 10:47:37.931252500 rr 192.168.1.1 TTL=86400 txt www.example.com. 11:"v=spf1 -all"
  33 2022-09-19 10:47:37.931255500 rr 192.168.1.1 TTL=86400 txt www.example.com. 32:"wgyf8z8cgvm2qmxpnbnldrcltvk4xqf..."
  34 2022-09-19 10:47:37.931297500 stats count=2 motion=131 udp-active=1 tcp-active=0
  35 2022-09-19 10:47:37.931332500 sent #2 102
  36 .fi
  37 .SH OPTIONS
  38
  39 .IP \fB\-\-help\fR,\ \fB\-h\fR
  40 Display detailed program usage.
  41 .SH TRANSFORMATIONS
  42
  43 The following transformations are common to  both daemons' logs:
  44 .IP \(bu 2
  45 The leading timestamps are piped through the
  46 \fBtai64nlocal\fR program.
  47 .IP \(bu
  48 IPv4 addresses are converted from hexadecimal strings to decimal
  49 dotted-quads; for example \(dq7f000001\(dq becomes \(dq127.0.0.1\(dq.
  50 IPv6 addresses simply have colons interspersed, so that
  51 \(dq00000000000000000000ffff7f000001\(dq would become
  52 \(dq0000:0000:0000:0000:0000:ffff:7f00:0001\(dq.
  53 .IP \(bu
  54 Port numbers are converted from hexedecimal to decimal.
  55 .P
  56 The following transformations are specific to tinydns:
  57 .IP \(bu 2
  58 The hexadecimal query type id (for example, \(dq001c\(dq) is converted
  59 first to decimal, and then to the corresponding RFC-defined type name,
  60 as in https://en.wikipedia.org/wiki/List_of_DNS_record_types
  61
  62
  63 .SH BUGS
  64
  65 Send bugs to michael@orlitzky.com.