[packages/djbdns.git] / tinydns-log

#!/usr/bin/perl -pw

# tinydns log formatting utility
# based on Faried Nawaz's logfile formatter for dnscache
# by Kenji Rikitake <kenji.rikitake@acm.org> 29-JUL-2000
# please put this on djbdns.org ftp site.
# modified 24-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
# to add tinydns response flag "C" and more DNS RR type codes
# modified 26-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
# to support axfrdns logs as well as tinydns logs
# modified 11-OCT-2006 by Andrew Pam <xanni@sericyb.com.au>
# to enable autoflush and support new "X" NXDOMAIN responses

$| = 1; # enable autoflush

# convert addresses in hex to dotted decimal notation.
s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;

### clean up some messages
# convert stuff like 127.0.0.2:0422:05be to something more descriptive.
# query tai64n host:port:qid flag qtype thing
# keep tai64n header as is - use tai64nlocal to convert it to TAI

s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CIX\/]?)\s?\b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;

### subs

sub printQueryLine {
  my ($host, $port, $query_id, $flag, $query_type, $query) = @_;

  # pad hostname

  my $ret = "$host:";
  $ret .= hex($port);
  $ret .= ":" . hex($query_id);
  $ret .= " " . $flag if $flag;
  $ret .= " " . queryType(hex($query_type)) . " $query";
  
  return $ret;
}

# DNS query type codes from the following RFCs:
# 1035,1183,1348,1876,1995,2065,2163,2230,2535,2538,2845,2874,2915,2930,3123
%QTYPE = (
	1, "a", 2, "ns", 5, "cname", 6, "soa", 11, "wks", 12, "ptr",
	13, "hinfo", 14, "minfo", 15, "mx", 16, "txt", 17, "rp",
	18, "afsdb", 20, "isdn", 21, "rt", 22, "nsap", 23, "nsap-ptr",
	24, "sig", 25, "key", 26, "px", 28, "aaaa", 29, "loc", 30, "nxt",
	33, "srv", 35, "naptr", 36, "kx", 37, "cert", 38, "a6", 42, "apl",
	249, "tkey", 250, "tsig", 251, "ixfr", 252, "axfr", 255, "any"
);

sub queryType {
  my ($type) = shift;
  return $QTYPE{$type} || $type;
}
Commit	Line	Data
512bf1e6 ER	1	#!/usr/bin/perl -pw
	2
	3	# tinydns log formatting utility
	4	# based on Faried Nawaz's logfile formatter for dnscache
	5	# by Kenji Rikitake <kenji.rikitake@acm.org> 29-JUL-2000
	6	# please put this on djbdns.org ftp site.
	7	# modified 24-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
	8	# to add tinydns response flag "C" and more DNS RR type codes
	9	# modified 26-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
	10	# to support axfrdns logs as well as tinydns logs
5ad90ddb ER	11	# modified 11-OCT-2006 by Andrew Pam <xanni@sericyb.com.au>
	12	# to enable autoflush and support new "X" NXDOMAIN responses
	13
	14	$\| = 1; # enable autoflush
512bf1e6 ER	15
	16	# convert addresses in hex to dotted decimal notation.
	17	s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;
	18
	19	### clean up some messages
	20	# convert stuff like 127.0.0.2:0422:05be to something more descriptive.
	21	# query tai64n host:port:qid flag qtype thing
	22	# keep tai64n header as is - use tai64nlocal to convert it to TAI
	23
5ad90ddb	24	s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CIX\/]?)\s?\b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;
512bf1e6 ER	25
	26	### subs
	27
	28	sub printQueryLine {
	29	my ($host, $port, $query_id, $flag, $query_type, $query) = @_;
	30
	31	# pad hostname
	32
	33	my $ret = "$host:";
	34	$ret .= hex($port);
	35	$ret .= ":" . hex($query_id);
	36	$ret .= " " . $flag if $flag;
	37	$ret .= " " . queryType(hex($query_type)) . " $query";
	38
	39	return $ret;
	40	}
	41
	42	# DNS query type codes from the following RFCs:
	43	# 1035,1183,1348,1876,1995,2065,2163,2230,2535,2538,2845,2874,2915,2930,3123
	44	%QTYPE = (
	45	1, "a", 2, "ns", 5, "cname", 6, "soa", 11, "wks", 12, "ptr",
	46	13, "hinfo", 14, "minfo", 15, "mx", 16, "txt", 17, "rp",
	47	18, "afsdb", 20, "isdn", 21, "rt", 22, "nsap", 23, "nsap-ptr",
	48	24, "sig", 25, "key", 26, "px", 28, "aaaa", 29, "loc", 30, "nxt",
	49	33, "srv", 35, "naptr", 36, "kx", 37, "cert", 38, "a6", 42, "apl",
	50	249, "tkey", 250, "tsig", 251, "ixfr", 252, "axfr", 255, "any"
	51	);
	52
	53	sub queryType {
	54	my ($type) = shift;
	55	return $QTYPE{$type} \|\| $type;
	56	}
	57