diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..79de871
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+src/**.swp
+src/**.log
diff --git a/dns-trace b/dns-trace
index 3721228..b27ca85 100755
Binary files a/dns-trace and b/dns-trace differ
diff --git a/dns-trace_2025-02-08.log b/dns-trace_2025-02-08.log
index 82cbda1..6ff2ade 100644
--- a/dns-trace_2025-02-08.log
+++ b/dns-trace_2025-02-08.log
@@ -1,22 +1,30 @@
-Feb 08 13:24:15 pc-geoffrey dns-trace: <info> Query;tid=671c;192.168.1.37:53;class=IN;type=AAAA;
-Feb 08 13:24:16 pc-geoffrey dns-trace: <info> Query;tid=c537;192.168.1.37:53;class=IN;type=A;
-Feb 08 13:24:17 pc-geoffrey dns-trace: <info> Query;tid=12ba;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:17:10 pc-geoffrey dns-trace: <info> Query;tid=fa8f;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:17:20 pc-geoffrey dns-trace: <info> Query;tid=a417;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:21:36 pc-geoffrey dns-trace: <info> Query;tid=34f;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:23:23 pc-geoffrey dns-trace: <info> Query;tid=23c8;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:25:11 pc-geoffrey dns-trace: <info> Query;tid=e74;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:25:21 pc-geoffrey dns-trace: <info> Query;tid=3844;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:25:28 pc-geoffrey dns-trace: <info> Query;tid=de58;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:27:39 pc-geoffrey dns-trace: <info> Query;tid=4600;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:28:04 pc-geoffrey dns-trace: <info> Query;tid=1f5a;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:29:20 pc-geoffrey dns-trace: <info> Query;tid=3cc6;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:35:12 pc-geoffrey dns-trace: <info> Query;tid=a8d2;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:35:12 pc-geoffrey dns-trace: <info> Query;tid=e7ae;192.168.1.37:53;class=IN;type=AAAA;
-Feb 08 14:35:16 pc-geoffrey dns-trace: <info> Query;tid=ed16;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:35:31 pc-geoffrey dns-trace: <info> Query;tid=28a6;192.168.1.37:53;class=IN;type=A;
-Feb 08 14:50:39 pc-geoffrey dns-trace: <info> Query;tid=b19f;192.168.1.37:53;class=IN;type=AAAA;
-Feb 08 15:05:03 pc-geoffrey dns-trace: <info> Query;tid=cf01;192.168.1.37:53;class=IN;type=AAAA;
-Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=be09;192.168.1.37:53;class=IN;type=A;
-Feb 08 15:05:25 pc-geoffrey dns-trace: <info> Query;tid=67d8;192.168.1.37:53;class=IN;type=A;
-Feb 08 15:10:50 pc-geoffrey dns-trace: <info> Query;tid=acaf;192.168.1.37:53;class=IN;type=A;
+Feb 08 16:03:16 pc-geoffrey dns-trace: <info> Query;tid=68;192.168.1.37:53;class=IN;type=AAAA;
+Feb 08 16:03:16 pc-geoffrey dns-trace: <info> Answer;tid=68;
+Feb 08 16:03:23 pc-geoffrey dns-trace: <info> Query;tid=2da6;192.168.1.37:53;class=IN;type=AAAA;
+Feb 08 16:03:23 pc-geoffrey dns-trace: <info> Answer;tid=2da6;
+Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Query;tid=4f3a;192.168.1.37:53;class=IN;type=A;
+Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Query;tid=af42;192.168.1.37:53;class=IN;type=AAAA;
+Feb 08 16:17:34 pc-geoffrey dns-trace: <info> Answer;tid=4f3a;
+Feb 08 16:18:25 pc-geoffrey dns-trace: <info> Query;tid=e29b;192.168.1.37:53;class=IN;type=A;
+Feb 08 16:18:25 pc-geoffrey dns-trace: <info> Answer;tid=e29b;192.168.1.37:45247;
+Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Query;tid=a9ff;192.168.1.37:53;class=IN;type=AAAA;
+Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
+Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
+Feb 08 16:19:52 pc-geoffrey dns-trace: <info> Answer;tid=a9ff;192.168.1.37:40040;
+Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Query;tid=b7c2;192.168.1.37:53;class=IN;type=AAAA;www.fortinet.com;
+Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
+Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
+Feb 08 16:21:16 pc-geoffrey dns-trace: <info> Answer;tid=b7c2;192.168.1.37:51591;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Query;tid=9f64;192.168.1.37:53;class=IN;type=A;domain=safebrowsing.googleapis.com;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=9f64;192.168.1.37:52355;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Query;tid=473f;192.168.1.37:53;class=IN;type=AAAA;domain=www.fortinet.com;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
+Feb 08 16:21:44 pc-geoffrey dns-trace: <info> Answer;tid=473f;192.168.1.37:59032;
+Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Query;tid=22c8;192.168.1.37:53;class=IN;type=AAAA;domain=www.fortinet.com;
+Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
+Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
+Feb 08 16:21:51 pc-geoffrey dns-trace: <info> Answer;tid=22c8;192.168.1.37:40059;
+Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Query;tid=57f3;192.168.1.37:53;class=IN;type=A;domain=www.bucchino.org;
+Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Answer;tid=57f3;192.168.1.37:53594;
+Feb 08 16:21:52 pc-geoffrey dns-trace: <info> Answer;tid=57f3;192.168.1.37:53594;
diff --git a/src/.dns-trace.c.swp b/src/.dns-trace.c.swp
deleted file mode 100644
index 6ea0155..0000000
Binary files a/src/.dns-trace.c.swp and /dev/null differ
diff --git a/src/dns-trace.c b/src/dns-trace.c
index 8b52883..03fba55 100644
--- a/src/dns-trace.c
+++ b/src/dns-trace.c
@@ -282,16 +282,14 @@ static void print_query(struct event *s_event){
     printf("\n");
 }
 /*
- * This function save to log file the query section in rsylog format
- * <time> <hostname> <procname>: <info> <data>
+ * This function save to rsyslog file the common information
  */
-static void query_to_log(struct event *s_event){
+static void header_to_log(struct event *s_event){
     char t[32];
-    time_t ts = time(NULL);
-    char *req_type, *class, *type;
     char tid[12];
     char src[40];
-    char s_class[16], s_type[16];
+    char *req_type;
+    time_t ts = time(NULL);
 
     if (syslog_time(ts, t, sizeof(t)) == 0)
         fwrite(t, strlen(t), 1, f);
@@ -312,6 +310,17 @@ static void query_to_log(struct event *s_event){
 
     snprintf(src, 40, "%s:%d;", inet_ntoa(*(struct in_addr*)&s_event->client), s_event->dport);
     fwrite(src, strlen(src), 1, f);
+}
+/*
+ * This function save to log file the query section in rsylog format
+ * <time> <hostname> <procname>: <info> <data>
+ */
+static void query_to_log(struct event *s_event){
+    char *class, *type;
+    char s_class[16], s_type[16];
+
+    header_to_log(s_event);
+
 
     class = mapClass(s_event->class);
     snprintf(s_class, 16, "class=%s;", class);
@@ -323,7 +332,10 @@ static void query_to_log(struct event *s_event){
     fwrite(s_type, strlen(s_type), 1, f);
     free(type);
 
-    fwrite("\n", 1, 1, f);
+    fwrite("domain=", 7, 1, f);
+    fwrite(s_event->qname, strlen(s_event->qname), 1, f);
+
+    fwrite(";\n", 2, 1, f);
 }
 /*
  * This function get labels from DNS answer
@@ -345,7 +357,11 @@ static void get_labels(unsigned char *buf, char *qname){
  * This function save to rsyslog format the answer section
  */
 static void answer_to_log(struct event *s_event){
+    for (int i = 0; i < s_event->numAns; i++){
+        header_to_log(s_event);
 
+        fwrite("\n", 1, 1, f);
+    }
 }
 /*
  * This function print to the stdout the answer section