dnshistory 1.3 Beta1 review
Downloaddnshistory project provide a means for storing a history of DNS and Name changes for the IP Addresses extracted from web log files.
|
|
dnshistory project provide a means for storing a history of DNS and Name changes for the IP Addresses extracted from web log files.
The major target being that multiple analyses of older log files do not require re-lookups of IP Address to FQDNs, and additionally maintain the accuracy of the lookup as it was then and not as it is now.
Here are some key features of "dnshistory":
Do Lookups. The default mode. Given a web log file, dnshistory will perform DNS reverse lookups on each unique IP Address and store the results in a history database.
Do Translations. Given a raw web log file, dnshistory will make use of a previously created history database and send to STDOUT the same web log but with addresses replaced by the Fully Qualified Domain Name as previously looked up.
Do Recombining. Given two web log files, one raw and one previously translated (eg. by using dnstran): Create a history database from the values in these separate log files.
Do Dump. Dump a given history database to STDOUT.
Show History. Given one or more IP Addresses on the command line, display their history from the database.
It's quite possible that most users would only ever use the first two modes.
The lookups make use of threads for near maximum speed, and use the standard resolution libraries on a system. Thus hosts files, NIS, LDAP and other name resolution methods should work transparently. Unfortunately most other tools ignore local name resolution methods in favour of DNS lookups only.
It is strongly recommended that for massive raw lookups a DNS server is "nearby". Preferably not a forwarding server, or your upstream provider will not like you.
dnshistory can read .gz files. Any input sent via STDIN is currently assumed to not be gz encoded.
dnshistory assumes that the logs being sent are already sorted into oldest --> most_recent date/time order.
A Berkeley Database is used to store the history; as well as possibly reducing the memory footprint within a run.
dnshistory is released under the General Public License.
What's New in This Release:
The program can now process Squid, FTP XFERLOG, and iptables log formats.
The log format can be explicitly set or automatically detected.
dnshistory 1.3 Beta1 search tags