Bind DNS queries extractor

the NEW Marketplace Other Solutions
1

Bind DNS queries extractor

@ozalpmurat

View on Github
Open Issues
Stargazers

Example log

06-Mar-2021 13:34:44.911 queries: info: client 10.9.9.3#35510 (www.bilecik.edu.tr): query: www.bilecik.edu.tr IN A -EDC (192.168.1.1)

Grok pattern

%{MONTHDAY}-%{MONTH}-%{YEAR} %{TIME} queries: info: client %{IPV4:client_ip}%{DATA} \(%{DATA:query}\)

Extracted fields

  • MONTHDAY
  • MONTH
  • YEAR
  • TIME
  • HOUR
  • MINUTE
  • SECOND
  • client_ip
  • query