Antwort: [Snort-users] DNS Query Logging?

holger.bumke at ...1216... holger.bumke at ...1216...
Fri May 11 03:22:13 EDT 2001

Try this small Shell-Skript:


# suite to your needs

# nothing to be changed below if you're using bash.
declare -i RR_new=0
declare -i RR_old=0

kill -SIGILL  `cat $PID`
RR_old=`tail -1 $LOG`
RR_new=`tail -3 $NAMEDSTATS | head -1 | awk '{print $1}'`
echo $RR_new >$LOG
echo "$[RR_new-${RR_old}]"

Other stats could be get by changing the field-parameter.

Nice job for cron/MRTG. =:^)

Hope it helps....


"Richard, Jeff" <Jeff-Richard at ...562...> am 10.05.2001 22:47:34

An:   "'snort-users at'" <snort-users at>
Kopie:     (Blindkopie: Holger Bumke/nbg/DE)

Thema:    [Snort-users] DNS Query Logging?

I hope someone can give a hand on this.  I need to get a count of how many DNS queries my DNS servers are receiving.  What should a rule for DNS queries look like?  I'm not failure with DNS traffic, but realize that UDP 53, is the protocol/port, just not sure of any signature(s).


More information about the Snort-users mailing list