[Dnsmasq-discuss] Separate logging facilities for dns queries and "standard" logs

Simon Kelley simon at thekelleys.org.uk
Thu Dec 12 21:43:45 GMT 2019


On 12/11/2019 20:04, Diane wrote:
> Hello,
> 
> I have a need regarding Dnsmasq:
> 
> I want to have "standard" (i.e. logs that are enabled by defualt) logs
> in syslog, and I also want to retrieve every DNS query / config /
> response, as to be able to build some stats on them.
> 
> I have the following constraints that make using the current
> implementation unusable for this need:
> 
> - I don't want to pollute syslog with DNS query logs *at all*, but
> journald still doesn't provide a way to propery filter / redirect logs;
> - I still want to have my standard dnsmasq logs in the syslog;
> - I don't want to depend on the underlying syslog implementation (being
> rsyslog, syslog-ng, or anything else), partly due to the fact that this
> need is encountered on multiple linux distros with their own syslog
> choice;
> - Some of those log facilities may not support log dropping (i.e.
> keeping "standard" logs, and drop every redirected logs).
> 
> Now, I'm trying to find some solutions.
> 
> Would the best way really be to have a small log facility daemon
> running for this specific process? That seems cumbersome.
> 
> The configuration key `log-queries` exists, wouldn't it be possible to
> add the following behaviour?
> 
> - If `log-queries=` is defined but has an empty value, use the current
> behaviour;
> - If `log-queries=` points towards a filesystem path, exclusively write
> query logs into the given file;
> - If `log-queries=` is equal to, let's say "syslog", or a non-
> filesystem value (e.g. a syslog id), write query logs into the used
> syslog, but with *a different process key*, as to defer log handling,
> but as to avoid mixing both logs.
> 
> Any idea or solution for this issue?
> 
> 

One possibility would be to ignore the logging facility entirely, and
use the packet-dump options to write the queries and/or answers in pcap
format to a file which you could then run through tcpdump or a DNS
packet analyser of your choice, see the --dumpfile option for details.


Simon.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191212/52af41e3/attachment-0001.sig>


More information about the Dnsmasq-discuss mailing list