Please help separate IP addresses in BIND9 query log
I Have Installed BIND9 on my system.My log file (named_query) has the logs of each of the clients (192.168.2.1...10) in my network
But I want to see the logs of each client separately in files like /var/log/named_querylog.x.x.x.x where x.x.x.x is the ip address of the each client Can any one help me write a startup Script or some other way to do this? |
have you tried grep, awk, perl or something?
|
i am happy with your solution
please help me with a sample rsyslog.conf file |
I have no solution at all.
I can only to suggest you something, but actually I have a simple idea, you can grep out lines for every host: grep 192.168.2.1 logfile > log.192.168.2.1 |
Regex to find old-style (dotted quad) IPs
"([0-9]{1,3}\.){3}[0-9]{1,3}" This uses extended regex rules, so use with egrep, sed -r, etc. |
@all
thanks for the solution |
With syslog-ng it can be done to create a file per detected entry in the logged messages. In syslog-ng.conf you can define a custom parser:
Code:
parser foobar { Code:
<patterndb version='3' pub_date='2012-07-25'> Maybe this has an equivalent in rsyslogd. -- The above will scan all messages (it could be limited to named though) for entries: “from: 12.34.56.78” |
All times are GMT -5. The time now is 02:35 AM. |