[Oisf-users] practical use of dns log

Cooper F. Nelson cnelson at ucsd.edu
Tue Nov 26 21:53:02 UTC 2013

Hash: SHA1

You might want to look into the logstash and kibana projects.  Logstash
can be used with a program called 'grok' to insert arbitrary data into
an elasticsearch database.

You can also capture/index DNS traffic off of the wire via the 'moloch'
project.  See: https://github.com/aol/moloch

- -Coop

On 11/26/2013 12:49 AM, Christophe Vandeplas wrote:
> Hi list,
> In the past I've been using another tool to do DNS logging, and now
> I'd like to use Suricata for this. The format of the file is
> completely different, and also a part of the interpretation (Suricata
> is a LOT more verbose and complete)
> DNS logging of Suricata is mulitiple lines per DNS request (and
> response). So searching for things require multiple greps and
> filtering out duplicate ids.
> I'm wondering how others use this DNS logging.
> All stories (on or off-list) and practical use-cases are welcome.
> I'll do my best to document these on the wiki so that others can
> benefit from this info.
> As far as I understand there seem to be plans to transform the logging
> into json, is there already an idea about when that's to be expected?
> Thanks
> Kind regards
> Christophe
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the Oisf-users mailing list