Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit b27fdead authored by 9S's avatar 9S Committed by GitHub
Browse files
parent ec76d107
Branches nin9s-patch-1
No related tags found
No related merge requests found
...@@ -60,10 +60,10 @@ filter { ...@@ -60,10 +60,10 @@ filter {
"^%{DNSMASQPREFIX} cached %{FQDN:domain_request} is NODATA-IPv[4,6]$", "^%{DNSMASQPREFIX} cached %{FQDN:domain_request} is NODATA-IPv[4,6]$",
# domain is no-DATA # domain is no-DATA
"^%{DNSMASQPREFIX} reply %{FQDN:domain_request} is NODATA-IPv[4,6]$", "^%{DNSMASQPREFIX} reply %{FQDN:domain_request} is NODATA-IPv[4,6]$",
# SRV # PTR
"^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$", #"^%{DNSMASQPREFIX} query\[%{WORD:query_type}\] %{HOSTNAMEPTR:request} from %{IP:request_from}$",
# SRV forwarded # PTR forwarded
"^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" , #"^%{DNSMASQPREFIX} forwarded %{HOSTNAMEPTR:request} to %{IP:dns_forward_to}$" ,
# SERVFAIL # SERVFAIL
"^%{DNSMASQPREFIX} reply error is SERVFAIL" "^%{DNSMASQPREFIX} reply error is SERVFAIL"
...@@ -165,10 +165,23 @@ filter { ...@@ -165,10 +165,23 @@ filter {
if [domain_request] { if [domain_request] {
geoip { geoip {
# cache_size => "10000"
source => "domain_request" source => "domain_request"
} }
} }
if [ip_response] {
mutate {
add_field => { "ip_or_domain_response" => "%{domain_request}" }
}
}
if [domain_response] {
mutate {
add_field => { "ip_or_domain_response" => "%{ip_request}" }
}
}
mutate { mutate {
add_field => { add_field => {
"[source_fqdn]" => "%{source_host}" "[source_fqdn]" => "%{source_host}"
...@@ -176,9 +189,10 @@ filter { ...@@ -176,9 +189,10 @@ filter {
} }
dns { dns {
nameserver => "localhost"
reverse => ["source_fqdn"] reverse => ["source_fqdn"]
action => "replace" action => "replace"
hit_cache_size => 4096 hit_cache_size => 10000
hit_cache_ttl => 900 hit_cache_ttl => 900
failed_cache_size => 512 failed_cache_size => 512
failed_cache_ttl => 900 failed_cache_ttl => 900
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment