Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Antwort: DNS Query Logging?

From: <holger.bumke () nbg net>
Date: Fri, 11 May 2001 09:22:13 +0200


Try this small Shell-Skript:

--------------------------------------------------------------------------------
#!/bin/bash

# suite to your needs
NAMEDSTATS="/etc/named.stats"
PID="/var/run/named.pid"
LOG="/tmp/namedqueries.tmp"

# nothing to be changed below if you're using bash.
declare -i RR_new=0
declare -i RR_old=0

kill -SIGILL  `cat $PID`
RR_old=`tail -1 $LOG`
RR_new=`tail -3 $NAMEDSTATS | head -1 | awk '{print $1}'`
echo $RR_new >$LOG
echo "$[RR_new-${RR_old}]"
--------------------------------------------------------------------------------

Other stats could be get by changing the field-parameter.

Nice job for cron/MRTG. =:^)

Hope it helps....

Regards,
   Holger







"Richard, Jeff" <Jeff-Richard () forum-financial com> am 10.05.2001 22:47:34

An:   "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>
Kopie:     (Blindkopie: Holger Bumke/nbg/DE)

Thema:    [Snort-users] DNS Query Logging?




I hope someone can give a hand on this.  I need to get a count of how many DNS queries my DNS servers are receiving.  
What should a rule for DNS queries look like?  I'm not failure with DNS traffic, but realize that UDP 53, is the 
protocol/port, just not sure of any signature(s).

-Jeff





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: