[Dnsmasq-discuss] selecting log queries
John Pearson
johnpearson555 at gmail.com
Thu Mar 8 02:09:21 GMT 2018
A shot in the dark:
Is there anyway to differentiate or only log domains that are directly
queried? Example:
when I go to github.com from the browser, this is the dnsmasq log file:
Mar 7 18:06:04 dnsmasq[29158]: query[A] github.com from 10.1.0.163
Mar 7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.4.4
Mar 7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.8.8
Mar 7 18:06:04 dnsmasq[29158]: forwarded github.com to 127.0.0.53
Mar 7 18:06:04 dnsmasq[29158]: query[A] github.com from 127.0.0.1
Mar 7 18:06:04 dnsmasq[29158]: forwarded github.com to 8.8.4.4
Mar 7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.113
Mar 7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.112
Mar 7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.113
Mar 7 18:06:04 dnsmasq[29158]: reply github.com is 192.30.255.112
Mar 7 18:06:07 dnsmasq[29158]: query[A] collector.githubapp.com from
10.1.0.163
Mar 7 18:06:07 dnsmasq[29158]: forwarded collector.githubapp.com to 8.8.4.4
Mar 7 18:06:07 dnsmasq[29158]: reply collector.githubapp.com is <CNAME>
Mar 7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 52.206.98.11
Mar 7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 54.210.59.237
Mar 7 18:06:07 dnsmasq[29158]: reply
analytics-collector-28944298.us-east-1.elb.amazonaws.com is 34.228.249.31
Mar 7 18:06:07 dnsmasq[29158]: query[A] api.github.com from 10.1.0.163
Mar 7 18:06:07 dnsmasq[29158]: forwarded api.github.com to 8.8.4.4
Mar 7 18:06:07 dnsmasq[29158]: reply api.github.com is 192.30.255.116
Mar 7 18:06:07 dnsmasq[29158]: reply api.github.com is 192.30.255.117
Is there anyway to log or filter only github.com? Instead of queries for
github, collector.githubapp.com, api.github.com.
What I'm trying to do: grep log files for domains intentionally asked for.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180307/0f9eca85/attachment.html>
More information about the Dnsmasq-discuss
mailing list