|
Parsing The Entries of a BIND log Query file
I have installed BIND9 on my Debian system
we are in a network having local ips as 192.168.2.1 to 192.168.2.100 our bind log file sends its query details to a file called named_querylog It has a sample entry like 12-Jul-2012 10:39:09.256 client 192.168.2.4#50151: query: www.godogle.com IN A + (192.168.2.4) now we want to parse the local ip i.e. 192.168.2.4 into another file and this would be for each local ip between 192.168.2.1 to 192.168.2.100. As we wan't to see the logs details of each client in the network for security purposes Can any one help to generate the automated script for it script may be in bash or perl |
There are several ways to approach this, though all of them have some degree of similarity. The ultimate key to the problem lies in what are called regular expressions and this would be a good place for you to begin your research. Regular expressions are a pattern matching language and in your particular case you are looking to pattern match an IP address.
The approach that I would take would be to loop through the range of IP addresses, which runs from .1 to .100 (noting that you can use this number range as a loop variable. Then match the pattern of the IP address created based upon this variable to your file and PRINT the desired field (words or items separated by space). The first tool that comes to mind to do this is AWK (thought SED would probably work just as well, effectively acting as an advanced grep). See this page for some basic instructions on how to use AWK, along with some examples at the bottom: http://www.manpagez.com/man/1/awk/ As a starter example: given tfile below, which would be your log file: Code:
192.168.2.1 10000Code:
#! /bin/bashCode:
looking for 192.168.2.1 |
thanks for reply
|
| All times are GMT -5. The time now is 09:18 AM. |