Parse DNS (Domain Name System) packets and export statistics to central log server.
Program parses DNS (Domain Name System) packets from pcap file or by sniffing interface and creates agregated statis‐tics that can be printed to stdout or sent to a syslog server. Program supports the following DNS types: A, MX, NS, CNAME, SOA, TXT, AAAA, DNSKEY, RRSIG, NSEC, DS.
dns-export [-r FILE] [-i INTERFACE] [-s SERVER] [-t INTERVAL]
-r=FILE
Parse packets from pcap file. When finished, print stats to stdout or send to syslog server if the
SERVER is set. Cannot be used both with -r or -t.
-i=INTERFACE
Sniff this network interface to get packets. Set "any" to sniff from all interfaces. Program will
periodically send stats to syslog server. To stop sniffing, send CTRL+C to the program. If you want
to print stats to stdout, send SIGUSR1 to the program. Cannot be used both with -i.
-s=SERVER
Specify hostname/ipv4/ipv6 address of syslog server to send statistics to that server. Stats will be
sent periodically when sniffing or after processing the whole pcap file.
-t=INTERVAL
Interval in seconds in which stats are sent to syslog server. Default value is 60. Can be used only
with SERVER option.
To write stats to the standard output from dump.pcap use command:
dns-export -r dump.pcap
To send stats from "ens33" network interface every 5 seconds to "syslog.fit.vutbr.cz" server use command:
dns-export -i ens33 -t 5 -s syslog.fit.vutbr.cz
- 0 program finished successfully
- 1 error when parsing arguments
- 2 input/output error
- 3 internal error
- 4 network error
At this moment the parser is able to handle only DNS packets over UTP, TCP packets are thrown out.
Written by Vladan Kudlac - kudlav.
This project is licensed under the Apache License 2.0.