Addons / Dodatki
Narzędzia Systemowe
Narzędzia Sieciowe
DBTools
CONTENT
  • CHANGES
Szukaj
counter

#top namedlogsumm


#top DESCRIPTION


Named Log Summ jak sama nazwa wskazuje jest to narzędzie generujące statystyki z logu serwera DNS Named/Bind.
Jest to analogiczne narzędzie do pflogsumm http://jimsun.linxnet.com/postfix_contrib.html, które analizuje mail.log serwera pocztowego Postfix.



#top Download


Download:



#top SYNOPSIS


SYNOPSIS
Usage: namedlogsumm.pl [-d <today|yesterday|date>] [-t <cnt>] [-n <cnt>] [-s <cnt>] [-d <cnt>] [file1[, fileN]]

namedlogsumm.pl --help
### namedlogsumm.pl --version
Usage: /usr/sbin/namedlogsumm.pl -t 25 -n 25 -a 25 -s 25 -d yesterday /var/log/named/named.log /var/log/named/queries.log



#top OPTIONS


OPTIONS
-h <cnt>
count

-u <cnt>
count

-d <today|yesterday|date>
This



#top Examples


Examples:
namedlogsumm.pl -u 25 -h 25 -d yesterday /var/log/named/named.log /var/log/named/queries.log
Rezultat:
Named/Bind log summaries for 28-Apr-2017 (2017/04/28)

Grand Totals
============
queries: types
--------------
   22054   A
       0   IPv4
      25   NS
       0   CNAME
      62   SOA
       0   NULL
    7786   PTR
       0   HINFO
       0   MINFO
      96   MX
     763   TXT
       0   RP
   10409   AAAA
       0   IPv6
       0   SRV
       0   NAPTR
       0   A6
       0   AXFR
       7   ANY
       0   A6
       0   SPF

     252   queries from unique hosts from WAN
      15   queries from unique hosts from LAN
     910   queries for unique names
       8   queries unique types



Status Information Running Server
=================================
category/type: lame-servers: / info:
------------------------------------
24 time(s): error (unexpected RCODE REFUSED) resolving 'bluray.96.lt/A/IN': 31.220.23.1#53
24 time(s): error (unexpected RCODE REFUSED) resolving 'bluray.96.lt/A/IN': 31.170.164.249#53
24 time(s): error (unexpected RCODE REFUSED) resolving 'bluray.96.lt/A/IN': 31.170.163.241#53
24 time(s): error (unexpected RCODE REFUSED) resolving 'bluray.96.lt/A/IN': 173.192.183.247#53
18 time(s): error (unexpected RCODE REFUSED) resolving '138.136/29.43.38.12.in-addr.arpa/PTR/IN': 72.52.242.20#53
18 time(s): error (unexpected RCODE REFUSED) resolving '138.136/29.43.38.12.in-addr.arpa/PTR/IN': 72.52.242.16#53
17 time(s): error (unexpected RCODE SERVFAIL) resolving '138.180.19.58.in-addr.arpa/PTR/IN': 58.19.117.109#53
17 time(s): error (unexpected RCODE SERVFAIL) resolving '138.180.19.58.in-addr.arpa/PTR/IN': 218.104.111.109#53
9 time(s): error (connection refused) resolving 'mc2-ip228.mcperu.pe/AAAA/IN': 179.43.82.61#53
9 time(s): error (connection refused) resolving 'mc2-ip228.mcperu.pe/A/IN': 179.43.82.61#53
7 time(s): error (unexpected RCODE REFUSED) resolving '225.108.64.217.in-addr.arpa/PTR/IN': 217.64.98.67#53
5 time(s): error (unexpected RCODE SERVFAIL) resolving '38.235.255.104.in-addr.arpa/PTR/IN': 208.84.200.28#53
4 time(s): error (unexpected RCODE REFUSED) resolving 'dns2.netsoft.com.vn/AAAA/IN': 123.30.109.70#53
4 time(s): error (unexpected RCODE REFUSED) resolving 'dns2.netsoft.com.vn/A/IN': 123.30.109.70#53
4 time(s): error (unexpected RCODE REFUSED) resolving 'dns1.netsoft.com.vn/AAAA/IN': 123.30.109.70#53
4 time(s): error (unexpected RCODE REFUSED) resolving 'dns1.netsoft.com.vn/A/IN': 123.30.109.70#53
4 time(s): error (unexpected RCODE REFUSED) resolving '29.28.132.221.in-addr.arpa/PTR/IN': 123.30.109.70#53
3 time(s): error (unexpected RCODE REFUSED) resolving '250.240.221.197.in-addr.arpa/PTR/IN': 194.133.122.42#53
2 time(s): error (host unreachable) resolving 'dogon.sotelma.ml/AAAA/IN': 217.64.98.37#53
2 time(s): error (host unreachable) resolving 'dogon.sotelma.ml/A/IN': 217.64.98.37#53
2 time(s): error (host unreachable) resolving 'ciwara.sotelma.ml/AAAA/IN': 217.64.98.37#53
2 time(s): error (host unreachable) resolving 'ciwara.sotelma.ml/A/IN': 217.64.98.37#53
2 time(s): error (host unreachable) resolving 'askia.sotelma.ml/AAAA/IN': 217.64.98.37#53
2 time(s): error (host unreachable) resolving 'askia.sotelma.ml/A/IN': 217.64.98.37#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving 'zdm.waw.pl/A/IN': 85.232.245.83#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving 'ns1.boldsoft.mn/AAAA/IN': 103.254.120.40#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving 'ns1.boldsoft.mn/A/IN': 103.254.120.40#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving '18.29.203.188.in-addr.arpa/PTR/IN': 193.0.9.6#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving '18.29.203.188.in-addr.arpa/PTR/IN': 193.0.9.5#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving '18.104.225.95.in-addr.arpa/PTR/IN': 193.0.9.6#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving '137.150.226.95.in-addr.arpa/PTR/IN': 193.0.9.6#53
1 time(s): error (unexpected RCODE SERVFAIL) resolving '137.150.226.95.in-addr.arpa/PTR/IN': 193.0.9.5#53
1 time(s): error (connection refused) resolving 'NAME1.MCPERU.PE/AAAA/IN': 179.43.82.61#53
1 time(s): error (connection refused) resolving 'NAME1.MCPERU.PE/A/IN': 179.43.82.61#53
1 time(s): error (connection refused) resolving '80.67.200.193.dnsbl.sorbs.net/A/IN': 208.43.31.57#53
1 time(s): error (connection refused) resolving '220.242.111.86.dnsbl.sorbs.net/A/IN': 208.43.31.57#53
1 time(s): error (connection refused) resolving '106.66.200.193.dnsbl.sorbs.net/A/IN': 208.43.31.57#53



category/type: security: / info:
--------------------------------
2 time(s): client 193.63.58.87#38278: view external: query (cache) 'google.com/A/IN' denied
1 time(s): client 94.102.49.190#35276: view external: query (cache) 'direct.shodan.io/A/IN' denied
1 time(s): client 93.158.200.229#38674: view external: query (cache) 'www.google.com/ANY/IN' denied
1 time(s): client 74.82.47.50#5725: view external: query (cache) 'dnsscan.shadowserver.org/A/IN' denied
1 time(s): client 217.23.13.113#38970: view external: query (cache) 'hoffmeister.be/ANY/IN' denied
1 time(s): client 217.23.13.113#38388: view external: query (cache) 'leth.cc/ANY/IN' denied



Per-Hour Traffic Summary (Short)
================================
time:        |       A |    AAAA |     PTR |     MX |       NS |     TXT |   CNAME |     SOA |
-------------+---------+---------+---------+--------+----------+---------+---------+---------+
00:00-01:00  |    1220 |     455 |     369 |      14 |      13 |      65 |       0 |      15 |
01:00-02:00  |     967 |     425 |     318 |       4 |       4 |      30 |       0 |       2 |
02:00-03:00  |     983 |     424 |     317 |       0 |       0 |      27 |       0 |       1 |
03:00-04:00  |     882 |     431 |     319 |       4 |       1 |      31 |       0 |       4 |
04:00-05:00  |     922 |     457 |     314 |       7 |       3 |      30 |       0 |       3 |
05:00-06:00  |     945 |     484 |     330 |      21 |       0 |      33 |       0 |       3 |
06:00-07:00  |     916 |     443 |     434 |       5 |       1 |      34 |       0 |       2 |
07:00-08:00  |     786 |     409 |     307 |       3 |       0 |      28 |       0 |       2 |
08:00-09:00  |     814 |     426 |     318 |       0 |       0 |      31 |       0 |       1 |
09:00-10:00  |     941 |     437 |     315 |       9 |       0 |      31 |       0 |       2 |
10:00-11:00  |    1025 |     425 |     322 |       2 |       0 |      30 |       0 |       2 |
11:00-12:00  |    1036 |     450 |     307 |       1 |       0 |      31 |       0 |       1 |
12:00-13:00  |     877 |     425 |     347 |       2 |       0 |      29 |       0 |       3 |
13:00-14:00  |     897 |     432 |     321 |       6 |       1 |      34 |       0 |       1 |
14:00-15:00  |     907 |     433 |     312 |       2 |       0 |      28 |       0 |       2 |
15:00-16:00  |     922 |     440 |     317 |       5 |       0 |      34 |       0 |       2 |
16:00-17:00  |     923 |     428 |     308 |       3 |       0 |      31 |       0 |       2 |
17:00-18:00  |     875 |     450 |     310 |       0 |       0 |      27 |       0 |       2 |
18:00-19:00  |     846 |     422 |     359 |       2 |       0 |      31 |       0 |       2 |
19:00-20:00  |     899 |     417 |     306 |       2 |       0 |      29 |       0 |       1 |
20:00-21:00  |     840 |     406 |     312 |       1 |       0 |      31 |       0 |       2 |
21:00-22:00  |     905 |     424 |     302 |       0 |       2 |      31 |       0 |       2 |
22:00-23:00  |     864 |     420 |     315 |       2 |       0 |      27 |       0 |       2 |
23:00-24:00  |     862 |     446 |     307 |       1 |       0 |      30 |       0 |       3 |



top 25 query types (ALL query types 8)
--------------------------------------
 cnt      | query type
----------------------
    22054 | A
    10409 | AAAA
     7786 | PTR
      763 | TXT
       96 | MX
       62 | SOA
       25 | NS
        7 | ANY



top 25 query names (ALL query names 910)
----------------------------------------
 cnt      | query name
----------------------
    12848 | wbcd.pl
     2595 | ***.xen.wbcd.pl
     1728 | zetiis.iem.pw.edu.pl
     1296 | www.ee.pw.edu.pl
      867 | ***.xen.wbcd.pl
      667 | www.pracuj.pl
      585 | ***.xen.wbcd.pl
      585 | ***.xen.wbcd.pl
      465 | ***.nat.wbcd.pl
      463 | ***.xen.wbcd.pl
      441 | poczta.o2.pl
      439 | www.google.pl
      436 | www.yandex.ru
      433 | www.wp.pl
      432 | pl.wikipedia.org
      432 | search.cpan.org
      432 | volt.iem.pw.edu.pl
      432 | ***.app.wbcd.pl
      432 | www.o2.pl
      432 | www.onet.pl
      231 | _nfsv4idmapdomain
      231 | _nfsv4idmapdomain.wbcd.pl
      231 | _nfsv4idmapdomain.xen.wbcd.pl
      224 | www.gowork.pl
      198 | www.infopraca.pl
      165 | www.olx.pl



top 25 query arpa (ALL query arpa 188)
--------------------------------------
 cnt      | query arpa
----------------------
     2693 | *.*.*.10.in-addr.arpa
     1299 | *.*.*.10.in-addr.arpa
      433 | *.*.*.10.in-addr.arpa
      289 | *.*.*.10.in-addr.arpa
      289 | *.*.*.10.in-addr.arpa
      144 | *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.a.0.d.f.ip6.arpa
       60 | 101.100.77.212.in-addr.arpa
       60 | 103.41.17.193.in-addr.arpa
       60 | 147.147.180.213.in-addr.arpa
       60 | 148.101.77.212.in-addr.arpa
       60 | 3.146.29.194.in-addr.arpa
       60 | 90.41.17.193.in-addr.arpa
       60 | 99.41.17.193.in-addr.arpa
       48 | 41.206.74.200.in-addr.arpa
       30 | *.*.*.10.in-addr.arpa
       30 | *.*.*.10.in-addr.arpa
       30 | 10.34.17.217.in-addr.arpa
       30 | *.*.*.10.in-addr.arpa
       30 | *.*.*.10.in-addr.arpa
       30 | 123.250.19.153.in-addr.arpa
       30 | 140.141.180.213.in-addr.arpa
       30 | 161.132.29.194.in-addr.arpa
       30 | 162.177.15.199.in-addr.arpa
       30 | 173.4.228.89.in-addr.arpa
       30 | 192.174.198.91.in-addr.arpa
       30 | 193.132.29.194.in-addr.arpa



top 25 query from ipaddr WAN (ALL query ipaddr WAN 252)
-------------------------------------------------------
 cnt      | query from ipaddr WAN
---------------------------------
       21 | 141.8.132.18
       20 | 52.23.239.47
       18 | 130.207.54.131
       14 | 141.8.142.242
       13 | 52.54.88.220
       13 | 54.164.40.195
       13 | 107.21.46.179
       13 | 153.19.250.100
       12 | 88.86.120.177
       12 | 130.207.54.148
       12 | 153.19.0.50
       11 | 92.63.170.250
       10 | 54.86.164.103
       10 | 195.2.240.3
        9 | 54.197.222.242
        8 | 34.201.92.145
        8 | 52.204.146.222
        8 | 92.63.170.150
        8 | 106.187.34.20
        8 | 188.40.24.98
        8 | 188.186.147.39
        8 | 195.2.240.2
        7 | 34.203.223.47
        7 | 34.239.247.213
        7 | 52.57.166.12
        7 | 54.88.53.217



top 25 query from ipaddr LAN (ALL query ipaddr LAN 15)
------------------------------------------------------
 cnt      | query from ipaddrr LAN
----------------------------------
    28761 | 10.*.*.*
     3533 | 10.*.*.*
     3532 | 10.*.*.*
     1310 | 10.*.*.*
      890 | 10.*.*.*
      698 | 10.*.*.*
      631 | 10.*.*.*
      227 | 10.*.*.*
      227 | 10.*.*.*
      202 | 10.*.*.*
      186 | 10.*.*.*
      119 | 10.*.*.*
       71 | 10.*.*.*
       28 | 10.*.*.*
       17 | 10.*.*.*



Zmodyfikowany ostatnio: 2017/04/29 12:18:39 (8 lat temu), textsize: 12,4 kB, htmlsize: 15,1 kB
Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...
Dodaj komentarzKomentarze użytkowników