LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-20-2012, 02:49 AM   #1
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Rep: Reputation: Disabled
Please help separate IP addresses in BIND9 query log


I Have Installed BIND9 on my system.My log file (named_query) has the logs of each of the clients (192.168.2.1...10) in my network
But I want to see the logs of each client separately in files like /var/log/named_querylog.x.x.x.x where x.x.x.x is the ip address of the each client
Can any one help me write a startup Script or some other way to do this?
 
Old 07-20-2012, 02:21 PM   #2
pan64
Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 5,013

Rep: Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323
have you tried grep, awk, perl or something?
 
Old 07-23-2012, 03:07 AM   #3
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
i am happy with your solution
please help me with a sample rsyslog.conf file
 
Old 07-23-2012, 06:19 AM   #4
pan64
Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 5,013

Rep: Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323Reputation: 1323
I have no solution at all.
I can only to suggest you something, but actually I have a simple idea, you can grep out lines for every host:
grep 192.168.2.1 logfile > log.192.168.2.1
 
Old 07-23-2012, 06:43 AM   #5
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Regex to find old-style (dotted quad) IPs
"([0-9]{1,3}\.){3}[0-9]{1,3}"

This uses extended regex rules, so use with egrep, sed -r, etc.
 
Old 07-25-2012, 04:59 AM   #6
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
@all
thanks for the solution
 
Old 07-25-2012, 12:10 PM   #7
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
With syslog-ng it can be done to create a file per detected entry in the logged messages. In syslog-ng.conf you can define a custom parser:
Code:
parser foobar {
            db_parser(file("/root/patterns/rules.xml")); };

options { create_dirs(yes); dir_perm(0755); };

destination baz { file("/var/log/collection/$FOO_ADDRESS.log"); };
log { source(src); parser(foobar); destination(baz); };
with an XML entry like:
Code:
<patterndb version='3' pub_date='2012-07-25'>
  <ruleset name='get_adress' id='5010'>
    <rules>
      <rule id='5010001' class='system' provider='reuti'>
        <patterns>
          <pattern>from: @IPv4:FOO_ADDRESS@</pattern>
        </patterns>
      </rule>
    </rules>
  </ruleset>
</patterndb>
and use $FOO_ADDRESS for the file destination entry like outlined above.

Maybe this has an equivalent in rsyslogd.

--

The above will scan all messages (it could be limited to named though) for entries: “from: 12.34.56.78”

Last edited by Reuti; 07-25-2012 at 12:13 PM. Reason: Clarification of the target of the scan
 
  


Reply

Tags
bind9, logs, script


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] bind9 log full of localhost queries meridius Linux - Server 6 04-05-2011 02:54 PM
[SOLVED] bind9 config problem serving internal and external addresses eco Linux - Server 2 05-14-2010 07:34 AM
how to separate access log of squidproxy cheesewizz Linux - Newbie 2 08-06-2009 08:33 AM
Two Separate Hostnames and IP Addresses on two NIC cards kaplan71 Suse/Novell 3 04-21-2006 06:24 PM
Log failures to a separate file nielchiano Linux - General 0 02-17-2004 04:59 PM


All times are GMT -5. The time now is 09:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration