Antwort: [Snort-users] DNS Query Logging?

holger.bumke at ...1216... holger.bumke at ...1216...
Fri May 11 03:22:13 EDT 2001


Try this small Shell-Skript:

--------------------------------------------------------------------------------
#!/bin/bash

# suite to your needs
NAMEDSTATS="/etc/named.stats"
PID="/var/run/named.pid"
LOG="/tmp/namedqueries.tmp"

# nothing to be changed below if you're using bash.
declare -i RR_new=0
declare -i RR_old=0

kill -SIGILL  `cat $PID`
RR_old=`tail -1 $LOG`
RR_new=`tail -3 $NAMEDSTATS | head -1 | awk '{print $1}'`
echo $RR_new >$LOG
echo "$[RR_new-${RR_old}]"
--------------------------------------------------------------------------------

Other stats could be get by changing the field-parameter.

Nice job for cron/MRTG. =:^)

Hope it helps....

Regards,
   Holger







"Richard, Jeff" <Jeff-Richard at ...562...> am 10.05.2001 22:47:34

An:   "'snort-users at lists.sourceforge.net'" <snort-users at lists.sourceforge.net>
Kopie:     (Blindkopie: Holger Bumke/nbg/DE)

Thema:    [Snort-users] DNS Query Logging?




I hope someone can give a hand on this.  I need to get a count of how many DNS queries my DNS servers are receiving.  What should a rule for DNS queries look like?  I'm not failure with DNS traffic, but realize that UDP 53, is the protocol/port, just not sure of any signature(s).

-Jeff








More information about the Snort-users mailing list