update
This commit is contained in:
parent
8abce2236f
commit
65a0f2447d
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
src/**.swp
|
||||
src/**.log
|
||||
BIN
dns-trace
BIN
dns-trace
Binary file not shown.
@ -1,22 +1,30 @@
|
||||
Feb 08 13:24:15 pc-geoffrey dns-trace: <info> Query;tid=671c;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 13:24:16 pc-geoffrey dns-trace: <info> Query;tid=c537;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 13:24:17 pc-geoffrey dns-trace: <info> Query;tid=12ba;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:17:10 pc-geoffrey dns-trace: <info> Query;tid=fa8f;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:17:20 pc-geoffrey dns-trace: <info> Query;tid=a417;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:21:36 pc-geoffrey dns-trace: <info> Query;tid=34f;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:23:23 pc-geoffrey dns-trace: <info> Query;tid=23c8;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:25:11 pc-geoffrey dns-trace: <info> Query;tid=e74;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:25:21 pc-geoffrey dns-trace: <info> Query;tid=3844;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:25:28 pc-geoffrey dns-trace: <info> Query;tid=de58;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:27:39 pc-geoffrey dns-trace: <info> Query;tid=4600;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:28:04 pc-geoffrey dns-trace: <info> Query;tid=1f5a;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:29:20 pc-geoffrey dns-trace: <info> Query;tid=3cc6;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:35:12 pc-geoffrey dns-trace: <info> Query;tid=a8d2;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:35:12 pc-geoffrey dns-trace: <info> Query;tid=e7ae;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 14:35:16 pc-geoffrey dns-trace: <info> Query;tid=ed16;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:35:31 pc-geoffrey dns-trace: <info> Query;tid=28a6;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 14:50:39 pc-geoffrey dns-trace: <info> Query;tid=b19f;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 15:05:03 pc-geoffrey dns-trace: <info> Query;tid=cf01;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=be09;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=67d8;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 15:10:50 pc-geoffrey dns-trace: <info> Query;tid=acaf;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 16:03:16 pc-geoffrey dns-trace: <info> Query;tid=68;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 16:03:16 pc-geoffrey dns-trace: <info> Answer;tid=68;
|
||||
Feb 08 16:03:23 pc-geoffrey dns-trace: <info> Query;tid=2da6;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 16:03:23 pc-geoffrey dns-trace: <info> Answer;tid=2da6;
|
||||
Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Query;tid=4f3a;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Query;tid=af42;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Answer;tid=4f3a;
|
||||
Feb 08 16:18:25 pc-geoffrey dns-trace: <info> Query;tid=e29b;192.168.1.37:53;class=IN;type=A;
|
||||
Feb 08 16:18:25 pc-geoffrey dns-trace: <info> Answer;tid=e29b;192.168.1.37:45247;
|
||||
Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Query;tid=a9ff;192.168.1.37:53;class=IN;type=AAAA;
|
||||
Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
|
||||
Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
|
||||
Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
|
||||
Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Query;tid=b7c2;192.168.1.37:53;class=IN;type=AAAA;www.fortinet.com;
|
||||
Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
|
||||
Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
|
||||
Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Query;tid=9f64;192.168.1.37:53;class=IN;type=A;domain=safebrowsing.googleapis.com;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=9f64;192.168.1.37:52355;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Query;tid=473f;192.168.1.37:53;class=IN;type=AAAA;domain=www.fortinet.com;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
|
||||
Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
|
||||
Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Query;tid=22c8;192.168.1.37:53;class=IN;type=AAAA;domain=www.fortinet.com;
|
||||
Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
|
||||
Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
|
||||
Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
|
||||
Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Query;tid=57f3;192.168.1.37:53;class=IN;type=A;domain=www.bucchino.org;
|
||||
Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Answer;tid=57f3;192.168.1.37:53594;
|
||||
Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Answer;tid=57f3;192.168.1.37:53594;
|
||||
|
||||
Binary file not shown.
@ -282,16 +282,14 @@ static void print_query(struct event *s_event){
|
||||
printf("\n");
|
||||
}
|
||||
/*
|
||||
* This function save to log file the query section in rsylog format
|
||||
* <time> <hostname> <procname>: <info> <data>
|
||||
* This function save to rsyslog file the common information
|
||||
*/
|
||||
static void query_to_log(struct event *s_event){
|
||||
static void header_to_log(struct event *s_event){
|
||||
char t[32];
|
||||
time_t ts = time(NULL);
|
||||
char *req_type, *class, *type;
|
||||
char tid[12];
|
||||
char src[40];
|
||||
char s_class[16], s_type[16];
|
||||
char *req_type;
|
||||
time_t ts = time(NULL);
|
||||
|
||||
if (syslog_time(ts, t, sizeof(t)) == 0)
|
||||
fwrite(t, strlen(t), 1, f);
|
||||
@ -312,6 +310,17 @@ static void query_to_log(struct event *s_event){
|
||||
|
||||
snprintf(src, 40, "%s:%d;", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
|
||||
fwrite(src, strlen(src), 1, f);
|
||||
}
|
||||
/*
|
||||
* This function save to log file the query section in rsylog format
|
||||
* <time> <hostname> <procname>: <info> <data>
|
||||
*/
|
||||
static void query_to_log(struct event *s_event){
|
||||
char *class, *type;
|
||||
char s_class[16], s_type[16];
|
||||
|
||||
header_to_log(s_event);
|
||||
|
||||
|
||||
class = mapClass(s_event->class);
|
||||
snprintf(s_class, 16, "class=%s;", class);
|
||||
@ -323,7 +332,10 @@ static void query_to_log(struct event *s_event){
|
||||
fwrite(s_type, strlen(s_type), 1, f);
|
||||
free(type);
|
||||
|
||||
fwrite("\n", 1, 1, f);
|
||||
fwrite("domain=", 7, 1, f);
|
||||
fwrite(s_event->qname, strlen(s_event->qname), 1, f);
|
||||
|
||||
fwrite(";\n", 2, 1, f);
|
||||
}
|
||||
/*
|
||||
* This function get labels from DNS answer
|
||||
@ -345,7 +357,11 @@ static void get_labels(unsigned char *buf, char *qname){
|
||||
* This function save to rsyslog format the answer section
|
||||
*/
|
||||
static void answer_to_log(struct event *s_event){
|
||||
for (int i = 0; i < s_event->numAns; i++){
|
||||
header_to_log(s_event);
|
||||
|
||||
fwrite("\n", 1, 1, f);
|
||||
}
|
||||
}
|
||||
/*
|
||||
* This function print to the stdout the answer section
|
||||
|
||||
Loading…
Reference in New Issue
Block a user