[COMMIT LOGREPORT] service/dns/script bind9_query2dlf.in,1.5,1.6

Wytze van der Raay wraay at users.sourceforge.net
Tue Aug 16 11:58:05 CEST 2005 

Update of /cvsroot/logreport/service/dns/script
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2565

Modified Files:
	bind9_query2dlf.in 
Log Message:
Add support for new features found in BIND 9.3 logs:
- the client address can be in IPv4 or IPv6 format;
- a view name will be present when the configuration uses the views feature;
- separate flags 'S' or 'E' will be appended to the recursion indicator '+-'
  when signer or EDNS format is present in the query.
The 'view', 'S' and 'E' information in the logs will be ignored,
as there are no matching fields for these in the DLF.
Update the comments about pre-9.3 and post-9.3 BIND log formats with
respect to the recursion indicator to match the present situation.


Index: bind9_query2dlf.in
===================================================================
RCS file: /cvsroot/logreport/service/dns/script/bind9_query2dlf.in,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- bind9_query2dlf.in	13 Oct 2004 10:17:27 -0000	1.5
+++ bind9_query2dlf.in	16 Aug 2005 09:58:02 -0000	1.6
@@ -45,12 +45,13 @@
 		  (?:queries:\s)?
 		  (?:info:\s)?
 		  client\s
-		  ([\d.]+)\#\d+:\s  # Client
+		  ([\d.]+|[\da-f:]+)\#\d+:\s  # Client (IPv4 | IPv6)
+		  (?:view\s\w+:\s)? # View optionally present since BIND 9.3
 		  query:\s
 		  ([^ ]+)\s	    # Request
 		  \w+\s		    # Protocol, e.g. IN
 		  (\w+?)\s?	    # Type, e.g. SOA, NS, AAAA, AXFR, TXT...
-		  ([-+])?           # rec or not : as patched by Wytze
+		  ([-+])?S?E?	    # -+: recursive, S: signer, E: EDNS
 		  $/x
 		    or die "bind9 lexer failed\n";
 
@@ -199,9 +200,9 @@
 
 =head1 NOTES
 
-Bind9 doesn't log wether the query was recursive, therefore the last
-dlf field (DLF_RESOLVER) is a '-'.  However, applying this patch by Wytze
-van der Raay:
+Bind9 versions before 9.3 did not log wether the query was recursive,
+therefore the last dlf field (DLF_RESOLVER) is a '-'.  However,
+applying this patch by Wytze van der Raay:
 
  # patch bin/named/query.c to log recursive/non-recursive query indication
  SRC=bin/named/query.c
@@ -233,22 +234,23 @@
    query: 6.example.com.nl IN A+
 
 A '+' indicates a recursive query, - indicates a non-recursive query,
-the lack of + or - indicates a non-patched bind9.  See Wytze's message
+the lack of + or - indicates a non-patched pre-9.3 bind9.  See Wytze's message
 of Fri, 28 Dec 2001 16:56:30 +0100 on bind9-workers at isc.org , archived
 at http://www.mail-archive.com/bind9-workers@isc.org/msg00501.html .
 
 This type of logfiles is recognised by the script.
 
-If you're running cutting edge bind, the code might be integrated in BIND.
-BIND 9.3 will very likely offer support for this logging feature.
+BIND 9.3 or later does offer full support for this logging feature.
+In addition, it logs view, signer and EDNS information, all of which
+will be ignored by this version of the script.
 
 In a private discussion on Thu, 18 Jul 2002 07:55:22 +0200, Wytze wrote:
 
- This contains the "ICS-blessed" version of  the patch for getting a
+ This contains the "ISC-compatible" version of  the patch for getting a
  recursive/non-recursive request logged. ISC decided there should be a space
  between the type and the recursion indicator in the logfile, so be it.
 
-If you want to have your BIND 9.2.1 to log in the ISC-blessed 9.3 style,
+If you want to have your BIND 9.2.1 to log in the ISC-compatible 9.3 style,
 apply this patch to your BIND sources:
 
  --- bin/named/query.c.org       Thu Mar 28 06:10:09 2002

-- 
To UNSUBSCRIBE, email to commit-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
commit-request at logreport.org

More information about the Commit mailing list