Skip to content

Latest commit

 

History

History
107 lines (79 loc) · 3.11 KB

logger_file.md

File metadata and controls

107 lines (79 loc) · 3.11 KB
Raw

Logger: File

Enable this logger if you want to log your DNS traffic to a file in plain text mode or binary mode.

  • with rotation file support
  • supported format: text, jinja, json and flat json, pcap or dnstap
  • gzip compression
  • execute external command after each rotation
  • custom text format

For config examples, take a look to the following links:

Options:

  • file-path (string)

    output logfile name

  • max-size: (integer)

    maximum size in megabytes of the file before rotation, A minimum of max-size*max-files megabytes of space disk must be available.

  • max-files (integer)

    maximum number of files to retain. Set to zero if you want to disable this feature

  • flush-interval (integer)

    flush buffer to log file every X seconds

  • compress (boolean)

    compress log file

  • compress-interval (integer)

    checking every X seconds if new log files must be compressed

  • compress-postcommand (string)

    run external script after file compress step

  • mode (string)

    output format: text, jinja, json, flat-json, pcap or dnstap

  • text-format (string)

    output text format, please refer to the default text format to see all available directives, use this parameter if you want a specific format.

  • postrotate-command (string)

    run external script after file rotation

  • postrotate-delete-success (boolean)

    delete file on script success

  • chan-buffer-size (integer)

    Specifies the maximum number of packets that can be buffered before discard additional packets. Set to zero to use the default global value.

Default values:

logfile:
  file-path: null
  max-size: 100
  max-files: 10
  flush-interval: 10
  compress: false
  compress-interval: 5
  compress-postcommand: null
  mode: text
  text-format: ""
  postrotate-command: null
  postrotate-delete-success: false
  chan-buffer-size: 0

The postrotate-command can be used to execute a script after each file rotation. Your script will take in argument the path file of the latest log file and then you will can do what you want on it. If the compression is enabled then the postrotate command will be executed after that too.

Basic example to use the postrotate command:

logfile:
  postrotate-command: "/home/dnscollector/postrotate.sh"

Script to move the log file to a specific folder

#!/bin/bash

DNSCOLLECTOR=/var/dnscollector/
BACKUP_FOLDER=$DNSCOLLECTOR/$(date +%Y-%m-%d)
mkdir -p $BACKUP_FOLDER

mv $1 $BACKUP_FOLDER

For the PCAP mode, currently the DNS protocol over UDP is used to log the traffic, the following translations are done.

Origin protocol Translated to
DNS/53 over UDP DNS UDP/53
DNS/53 over TCP DNS TCP/53
DoH/443 DNS UDP/443 (no cipher)
DoT/853 DNS UDP/853 (no cipher)
DoQ Not yet supported