On Fri, 2011-12-16 at 21:33 +0000, Stuart Henderson wrote: > On 2011-12-16, James Shupe <jsh...@osre.org> wrote: > > Reporting shouldn't be done on your production servers. Set up a > > centralized syslog server and send your query logs there for analysis. > > sending dns query logs via syslog to a remote server? oh man... > > how about mirror ports & https://www.dns-oarc.net/tools/dsc >
Nice looking tool... I was unaware of it. I mentioned the remote syslog option because one of the educational institutions I work for logs all DNS queries to a central server for monitoring student internet usage. Works fine. I reckon the tool you linked is a better fit for the op's use, but assume that they have their own in house software written in Java that uses either pcap or log entries... -- James Shupe
