[packages/djbdns.git] / tinydns-log

#!/usr/bin/perl -pw

# tinydns log formatting utility
# based on Faried Nawaz's logfile formatter for dnscache
# by Kenji Rikitake <kenji.rikitake@acm.org> 29-JUL-2000
# please put this on djbdns.org ftp site.
# modified 24-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
# to add tinydns response flag "C" and more DNS RR type codes
# modified 26-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
# to support axfrdns logs as well as tinydns logs

# convert addresses in hex to dotted decimal notation.
s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;

### clean up some messages
# convert stuff like 127.0.0.2:0422:05be to something more descriptive.
# query tai64n host:port:qid flag qtype thing
# keep tai64n header as is - use tai64nlocal to convert it to TAI

s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CI\/]?)\s?\b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;

### subs

sub printQueryLine {
  my ($host, $port, $query_id, $flag, $query_type, $query) = @_;

  # pad hostname

  my $ret = "$host:";
  $ret .= hex($port);
  $ret .= ":" . hex($query_id);
  $ret .= " " . $flag if $flag;
  $ret .= " " . queryType(hex($query_type)) . " $query";
  
  return $ret;
}

# DNS query type codes from the following RFCs:
# 1035,1183,1348,1876,1995,2065,2163,2230,2535,2538,2845,2874,2915,2930,3123
%QTYPE = (
	1, "a", 2, "ns", 5, "cname", 6, "soa", 11, "wks", 12, "ptr",
	13, "hinfo", 14, "minfo", 15, "mx", 16, "txt", 17, "rp",
	18, "afsdb", 20, "isdn", 21, "rt", 22, "nsap", 23, "nsap-ptr",
	24, "sig", 25, "key", 26, "px", 28, "aaaa", 29, "loc", 30, "nxt",
	33, "srv", 35, "naptr", 36, "kx", 37, "cert", 38, "a6", 42, "apl",
	249, "tkey", 250, "tsig", 251, "ixfr", 252, "axfr", 255, "any"
);

sub queryType {
  my ($type) = shift;
  return $QTYPE{$type} || $type;
}
Commit	Line	Data
512bf1e6 ER	1	#!/usr/bin/perl -pw
	2
	3	# tinydns log formatting utility
	4	# based on Faried Nawaz's logfile formatter for dnscache
	5	# by Kenji Rikitake <kenji.rikitake@acm.org> 29-JUL-2000
	6	# please put this on djbdns.org ftp site.
	7	# modified 24-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
	8	# to add tinydns response flag "C" and more DNS RR type codes
	9	# modified 26-AUG-2002 by Andrew Pam <xanni@sericyb.com.au>
	10	# to support axfrdns logs as well as tinydns logs
	11
	12	# convert addresses in hex to dotted decimal notation.
	13	s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;
	14
	15	### clean up some messages
	16	# convert stuff like 127.0.0.2:0422:05be to something more descriptive.
	17	# query tai64n host:port:qid flag qtype thing
	18	# keep tai64n header as is - use tai64nlocal to convert it to TAI
	19
	20	s/^(@[a-f0-9]+) \b([\d.]+):(\w+):(\w+) ([\+\-CI\/]?)\s?\b([a-f0-9]+) \b([-.\w]+)/$1." ".printQueryLine($2,$3,$4,$5,$6,$7)/e;
	21
	22	### subs
	23
	24	sub printQueryLine {
	25	my ($host, $port, $query_id, $flag, $query_type, $query) = @_;
	26
	27	# pad hostname
	28
	29	my $ret = "$host:";
	30	$ret .= hex($port);
	31	$ret .= ":" . hex($query_id);
	32	$ret .= " " . $flag if $flag;
	33	$ret .= " " . queryType(hex($query_type)) . " $query";
	34
	35	return $ret;
	36	}
	37
	38	# DNS query type codes from the following RFCs:
	39	# 1035,1183,1348,1876,1995,2065,2163,2230,2535,2538,2845,2874,2915,2930,3123
	40	%QTYPE = (
	41	1, "a", 2, "ns", 5, "cname", 6, "soa", 11, "wks", 12, "ptr",
	42	13, "hinfo", 14, "minfo", 15, "mx", 16, "txt", 17, "rp",
	43	18, "afsdb", 20, "isdn", 21, "rt", 22, "nsap", 23, "nsap-ptr",
	44	24, "sig", 25, "key", 26, "px", 28, "aaaa", 29, "loc", 30, "nxt",
	45	33, "srv", 35, "naptr", 36, "kx", 37, "cert", 38, "a6", 42, "apl",
	46	249, "tkey", 250, "tsig", 251, "ixfr", 252, "axfr", 255, "any"
	47	);
	48
	49	sub queryType {
	50	my ($type) = shift;
	51	return $QTYPE{$type} \|\| $type;
	52	}
	53