[Dnsmasq-discuss] selecting log queries

John Pearson johnpearson555 at gmail.com
Thu Mar 8 02:09:21 GMT 2018


A shot in the dark:

Is there anyway to differentiate or only log domains that are directly
queried? Example:

when I go to github.com from the browser, this is the dnsmasq log file:

Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
Mar  7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.4.4
Mar  7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.8.8
Mar  7 18:06:04 dnsmasq[29158]: forwarded github.com to 127.0.0.53
Mar  7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
Mar  7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.4.4
Mar  7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.113
Mar  7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.112
Mar  7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.113
Mar  7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.112
Mar  7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from
10.1.0.163
Mar  7 18:06:07 dnsmasq[29158]: forwarded collector.githubapp.com to 8.8.4.4
Mar  7 18:06:07 dnsmasq[29158]: reply collector.githubapp.com is <CNAME>
Mar  7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 52.206.98.11
Mar  7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 54.210.59.237
Mar  7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 34.228.249.31
Mar  7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163
Mar  7 18:06:07 dnsmasq[29158]: forwarded api.github.com to 8.8.4.4
Mar  7 18:06:07 dnsmasq[29158]: reply api.github.com is 192.30.255.116
Mar  7 18:06:07 dnsmasq[29158]: reply api.github.com is 192.30.255.117


Is there anyway to log or filter only github.com? Instead of queries for
github, collector.githubapp.com, api.github.com.

What I'm trying to do: grep log files for domains intentionally asked for.

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180307/0f9eca85/attachment.html>


More information about the Dnsmasq-discuss mailing list