分析dnsmasq的日志文件
Analyze log file of dnsmasq
我目前遇到了问题。当我打开 dnsmasq 日志时,它看起来像这样:
Jun 10 17:50:00 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:00 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:21 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:21 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:31 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:31 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:37 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:37 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:40 dnsmasq[21796]: query[A] zyx.qq.com from 115.34.22.160
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 114.114.114.114
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 223.5.5.5
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 123.151.43.51
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 183.60.62.158
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 113.108.1.90
Jun 10 17:50:42 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:42 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:52 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:52 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:58 dnsmasq[21796]: query[A] ic.wps.cn from 115.34.22.160
AND ETC.
我们很难分析。有人有想法只显示应该像这样的查询域吗?
isatap.lan
zyx.qq.com
ic.wps.cn
AND ETC.
不过我试过这个:
http://www.tannerwilliamson.com/analyzing-dnsmasq-log-with-awk/1610/
我喜欢它的输出:
root@VM-208-178-ubuntu:/home# awk -f /home/dnsmasq.awk /var/log/dnsmasq.log | less
name | nb | forwarded | answered from cache
irs01.net | 1 | 1 | 0
927662-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.ffdns.net | 1 | 1 | 0
blog.sina.com.cn | 4 | 4 | 1
927655-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
www.baidu.com | 2 | 2 | 0
* careers.whosebug.com | 10 | 13 | 0
blender.stackexchange.com | 2 | 2 | 0
974449-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
img.iknow.bdimg.com | 2 | 1 | 1
* smarterer.com | 2 | 3 | 0
a.disquscdn.com | 1 | 1 | 0
927648-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
physics.stackexchange.com | 6 | 5 | 4
* area51.stackexchange.com | 2 | 3 | 0
iknow02.bosstatic.bdimg.com | 2 | 1 | 1
passport.baidu.com | 1 | 1 | 0
webapps.stackexchange.com | 5 | 4 | 4
这和我想要的有点不同。有人可以帮助我吗?
感谢您的帮助!
只要您显示的日志文件保持完整,一个简单的 awk 脚本就足够了。
awk '!seen[]++ {print }' file
将产生
的输出
ic.wps.cn
isatap.lan
zyx.qq.com
逻辑很简单,它解析第 6 列中的每个条目并将其添加到数组中 seen 并仅在之前未见过该元素时打印该元素。
P.S。如果日志文件中列的顺序将来可能发生变化,awk 命令可能无法工作,因为它完全依赖于列的索引来获取结果。
我目前遇到了问题。当我打开 dnsmasq 日志时,它看起来像这样:
Jun 10 17:50:00 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:00 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:21 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:21 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:31 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:31 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:37 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:37 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:40 dnsmasq[21796]: query[A] zyx.qq.com from 115.34.22.160
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 114.114.114.114
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 223.5.5.5
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 123.151.43.51
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 183.60.62.158
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 113.108.1.90
Jun 10 17:50:42 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:42 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:52 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:52 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:58 dnsmasq[21796]: query[A] ic.wps.cn from 115.34.22.160
AND ETC.
我们很难分析。有人有想法只显示应该像这样的查询域吗?
isatap.lan
zyx.qq.com
ic.wps.cn
AND ETC.
不过我试过这个: http://www.tannerwilliamson.com/analyzing-dnsmasq-log-with-awk/1610/
我喜欢它的输出:
root@VM-208-178-ubuntu:/home# awk -f /home/dnsmasq.awk /var/log/dnsmasq.log | less
name | nb | forwarded | answered from cache
irs01.net | 1 | 1 | 0
927662-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.ffdns.net | 1 | 1 | 0
blog.sina.com.cn | 4 | 4 | 1
927655-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
www.baidu.com | 2 | 2 | 0
* careers.whosebug.com | 10 | 13 | 0
blender.stackexchange.com | 2 | 2 | 0
974449-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
img.iknow.bdimg.com | 2 | 1 | 1
* smarterer.com | 2 | 3 | 0
a.disquscdn.com | 1 | 1 | 0
927648-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
physics.stackexchange.com | 6 | 5 | 4
* area51.stackexchange.com | 2 | 3 | 0
iknow02.bosstatic.bdimg.com | 2 | 1 | 1
passport.baidu.com | 1 | 1 | 0
webapps.stackexchange.com | 5 | 4 | 4
这和我想要的有点不同。有人可以帮助我吗? 感谢您的帮助!
只要您显示的日志文件保持完整,一个简单的 awk 脚本就足够了。
awk '!seen[]++ {print }' file
将产生
的输出ic.wps.cn
isatap.lan
zyx.qq.com
逻辑很简单,它解析第 6 列中的每个条目并将其添加到数组中 seen 并仅在之前未见过该元素时打印该元素。
P.S。如果日志文件中列的顺序将来可能发生变化,awk 命令可能无法工作,因为它完全依赖于列的索引来获取结果。