Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit b27fdead authored by 9S's avatar 9S Committed by GitHub
Browse files
parent ec76d107
Branches nin9s-patch-1
No related tags found
No related merge requests found
......@@ -60,10 +60,10 @@ filter {
"^%{DNSMASQPREFIX} cached %{FQDN:domain_request} is NODATA-IPv[4,6]$",
# domain is no-DATA
"^%{DNSMASQPREFIX} reply %{FQDN:domain_request} is NODATA-IPv[4,6]$",
# SRV
"^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$",
# SRV forwarded
"^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" ,
# PTR
#"^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$",
# PTR forwarded
#"^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" ,
# SERVFAIL
"^%{DNSMASQPREFIX} reply error is SERVFAIL"
......@@ -165,10 +165,23 @@ filter {
if [domain_request] {
geoip {
# cache_size => "10000"
source => "domain_request"
}
}
if [ip_response] {
mutate {
add_field => { "ip_or_domain_response" => "%{domain_request}" }
}
}
if [domain_response] {
mutate {
add_field => { "ip_or_domain_response" => "%{ip_request}" }
}
}
mutate {
add_field => {
"[source_fqdn]" => "%{source_host}"
......@@ -176,9 +189,10 @@ filter {
}
dns {
nameserver => "localhost"
reverse => ["source_fqdn"]
action => "replace"
hit_cache_size => 4096
hit_cache_size => 10000
hit_cache_ttl => 900
failed_cache_size => 512
failed_cache_ttl => 900
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment