On 12. 09. 22 15:49, Peter wrote:
On Mon, Sep 12, 2022 at 03:01:38PM +0200, Petr Špaček wrote: ! My testing did not uncover anything problematic. ! ! Versions: ! fstrm 0.6.1-1 ! protobuf 21.5-1 ! protobuf-c 1.4.1-1 ! ! ! A procedure which works: ! - start BIND configured with ! options { ! dnstap { all; }; ! dnstap-output unix "/tmp/unix"; ! }; ! ! - after BIND starts run fstrm_capture -t protobuf:dnstap.Dnstap -u /tmp/unix ! -w /tmp/capture ! ! - fire couple queries: sleep 6 && dig bla example ! ! - check content of /tmp/capture with dnstap-read: dnstap-read -y /tmp/catureNegative. Does not work here: /tmp # ls -la capture -rw-r--r-- 1 root wheel 42 Sep 12 15:42 capture /tmp # dnstap-read -y /tmp/capture /tmp # named -V BIND 9.16.30 (Extended Support Version) <id:61fdb40> running on FreeBSD amd64 13.1-RELEASE-p2 FreeBSD 13.1-RELEASE-p2 n250182-0c5ca3f87266[0c5ca3f87266=752f813d6ccc+24] C6R13V1
Unfortunately neither me on Linux or my colleague who testing on FreeBSD are able to reproduce the problem you describe.
There is a caveat, though: Without the --split interval option one has to terminate fstrm_capture to get data for dnstap-read to consume. That's probably by design and outside of our control (in libfstrm).
Have you terminated fstrm_capture before reading the file? -- Petr Špaček -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
