Apart from things tunnelled elsewhere, the granularity of logging depends on your requirements. By iptables outbound -j LOG logging of TCP/UDP requests to destination port 53 you could get the IP addresses of the remote servers queried. By configuring your system to run a caching DNS and running 'dnstop' you could intercept domainnames queried for. By running tcpdump or wireshark with a BPF filter you could get complete requests.
|