[syslog-ng] logic and duplicate suppression

Balazs Scheidler bazsi at balabit.hu
Fri Sep 3 13:35:12 CEST 2010


Hi,

On Thu, 2010-08-19 at 18:17 -0500, John Kristoff wrote:
> On Sun, 15 Aug 2010 07:55:58 +0200
> Balazs Scheidler <bazsi at balabit.hu> wrote:
> 
> > Now that I think of it, the DNS query portion is quite simple: it logs
> > the contents of the DNS query and probably the same parameters would
> > probably be present in all DNS server logs, thus I just have to decide
> > the naming policy to be used on "transaction logs in general".
> 
> There are various types of logs a DNS server could generate depending
> on how granular you want your parser to be.  The lame delegation logs
> for example are reasonably different than the query log and a zone
> transfer log message in turn would be different from each of those.
> 
> > I guess "smtptxn" for SMTP transaction would be a good name, right? In
> > that way your DNS transactions (= query logs) would need to be called
> > "dnstxn", how does that sound to you?
> 
> Doesn't really matter to me.  Some purists might not like referring to
> them as transactions, but I could care less.  :-)  If you want an
> alternative, I would suggest dnsquery.

Agreed, I don't mind dnsquery. :)

> 
> > Also, lame delegation is not a query, right? (I'd really need to
> 
> Correct, but the log message is only generated as a result of a query
> that probably didn't go so well.

I'm adding your patterns then, and create a schema for DNS related stuff
then.

-- 
Bazsi



More information about the syslog-ng mailing list