script/tinydns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
tinydns/tinydns-log_ckubu.pl
Christoph d06a79e353 Initial import
2017-02-21 02:35:57 +01:00

140 lines
5.7 KiB
Raku
Executable File
Raw Permalink Blame History

#!/usr/bin/perl -p
use Sys::Hostname;
$myhost = hostname;
#$myhost =~ s/^([^.]+).*/$1/ ;
# tinydns log formatting utility
# based on Faried Nawaz's logfile formatter for dnscache
# by Kenji Rikitake <kenji.rikitake@acm.org> 29-JUL-2000
# please put this on dnscache.com ftp site.
# convert addresses in hex to dotted decimal notation.
## - wthout ipv6 patch
## -
#s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;
## - within ipv6
## -
s/[a-f0-9]{24}([a-f0-9]{8})/join(".", unpack("C*", pack("H8", $1)))/eg;
### clean up some messages
# convert stuff like 127.0.0.2:0422:05be to something more descriptive.
# query tai64n host:port:qid flag qtype thing
# keep tai64n header as is - use tai64nlocal to convert it to TAI
#s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-\I\/]) \b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;
#s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CIX\/]?)\s?\b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;
## - if original logfile will be parsed
## -
#s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CIX\/]?)\s?\b([a-f0-9]+) ([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;
## - if logfile is tai65nlocal konverted
## -
#s/^([^\.]+).([0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-\ICX\/]?)\s?\b([a-f0-9]+) ([-.\w]+)/$1." ".printQueryLine($3,$4,$5,$6,$7,$8)/e;
## - additional print (short) hostname
## -
s/^([^\.]+).([0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-\ICX\/]?)\s?\b([a-f0-9]+) ([-.\w]+)/"[$myhost] ".$1." ".printQueryLine($3,$4,$5,$6,$7,$8)/e;
### subs
sub printQueryLine {
my ($host, $port, $query_id, $flag, $query_type, $query) = @_;
# pad hostname
#my $ret = "$host:";
#$ret .= hex($port);
#$ret .= ":" . hex($query_id);
#$ret .= " " . $flag;
my $ret = queryHandle($host, hex($port), hex($query_id), $flag);
$ret .= " " . queryType(hex($query_type)) . " $query";
return $ret;
}
## -sub queryType {
## - my ($type) = shift;
## -
## - my $ret = "";
## -
## - # i only list the ones that are in dnscache's dns.h.
## - SWITCH: {
## - ($type == 1) && do { $ret = "A"; last SWITCH; };
## - ($type == 2) && do { $ret = "NS"; last SWITCH; };
## - ($type == 5) && do { $ret = "CNAME"; last SWITCH; };
## - ($type == 6) && do { $ret = "SOA"; last SWITCH; };
## - ($type == 11) && do { $ret = "WKS"; last SWITCH; };
## - ($type == 12) && do { $ret = "PTR"; last SWITCH; };
## - ($type == 13) && do { $ret = "HINFO"; last SWITCH; };
## - ($type == 14) && do { $ret = "MINFo"; last SWITCH; };
## - ($type == 15) && do { $ret = "MX"; last SWITCH; };
## - ($type == 16) && do { $ret = "TXT"; last SWITCH; };
## - ($type == 17) && do { $ret = "RP"; last SWITCH; };
## - ($type == 18) && do { $ret = "AFSDB"; last SWITCH; };
## - ($type == 20) && do { $ret = "ISDN"; last SWITCH; };
## - ($type == 21) && do { $ret = "RT"; last SWITCH; };
## - ($type == 22) && do { $ret = "NSAP"; last SWITCH; };
## - ($type == 23) && do { $ret = "NSAP-PTR"; last SWITCH; };
## - ($type == 24) && do { $ret = "SIG"; last SWITCH; };
## - ($type == 25) && do { $ret = "KEY"; last SWITCH; };
## - ($type == 26) && do { $ret = "PX"; last SWITCH; };
## - ($type == 28) && do { $ret = "AAAA"; last SWITCH; };
## - ($type == 29) && do { $ret = "LOC"; last SWITCH; };
## - ($type == 30) && do { $ret = "NXT"; last SWITCH; };
## - ($type == 33) && do { $ret = "SRV"; last SWITCH; };
## - ($type == 35) && do { $ret = "NAPTR"; last SWITCH; };
## - ($type == 36) && do { $ret = "KX"; last SWITCH; };
## - ($type == 37) && do { $ret = "CERT"; last SWITCH; };
## - ($type == 38) && do { $ret = "A6"; last SWITCH; };
## - ($type == 42) && do { $ret = "APL"; last SWITCH; };
## - ($type == 249) && do { $ret = "TKEY"; last SWITCH; };
## - ($type == 250) && do { $ret = "TSIG"; last SWITCH; };
## - ($type == 251) && do { $ret = "IXFR"; last SWITCH; };
## - ($type == 252) && do { $ret = "AXFR"; last SWITCH; };
## - ($type == 255) && do { $ret = "ANY"; last SWITCH; };
## - do { $ret .= "$type "; last SWITCH; };
## - }
## - return $ret;
## -}
# DNS query type codes from the following RFCs:
# 1035,1183,1348,1876,1995,2065,2163,2230,2535,2538,2845,2874,2915,2930,3123
%QTYPE = (
1, "A", 2, "NS", 5, "CNAME", 6, "SOA", 11, "WKS", 12, "PTR",
13, "HINFO", 14, "MINFO", 15, "MX", 16, "TXT", 17, "RP",
18, "AFSDB", 20, "ISDN", 21, "RT", 22, "NSAP", 23, "NSAP-PTR",
24, "SIG", 25, "KEY", 26, "PX", 28, "AAAA", 29, "LOC", 30, "NXT",
33, "SRV", 35, "NAPTR", 36, "KX", 37, "CERT", 38, "A6", 42, "APL",
249, "TKEY", 250, "TSIG", 251, "IXFR", 252, "AXFR", 255, "ANY"
);
sub queryType {
my ($type) = shift;
return $QTYPE{$type} || $type;
}
sub queryHandle {
my ($q_host, $q_port, $q_id, $q_flag) = @_;
my $ret = "";
# i only list the ones that are in dnscache's dns.h.
SWITCH: {
($q_flag =~ m/\+/) && do { $ret = "sent response to $q_host:$q_port (id $q_id): "; last SWITCH; };
($q_flag =~ m/-/) && do { $ret = "dropped query (no authority) from $q_host:$q_port (id $q_id): "; last SWITCH; };
($q_flag =~ m#/#) && do { $ret = "dropped query (couldn't parse) from $q_host:$q_port (id $q_id): "; last SWITCH; };
($q_flag =~ m#I#) && do { $ret = "[WARN] sent RCODE of 4 (NOTIMP) to $q_host:$q_port (id $q_id): "; last SWITCH; };
($q_flag =~ m#C#) && do { $ret = "[WARN] sent RCODE of 1 (FORMERR) to $q_host:$q_port (id $q_id): "; last SWITCH; };
do { $ret .= "[??] $q_host:$q_port (id $q_id): $q_flag "; last SWITCH; };
}
return $ret;
}
Reference in New Issue View Git Blame Copy Permalink