ShreyasZare
commented
7 months ago Thanks for asking. The log format is just human readable, not indented for parsing and may change in future breaking any parser that was built.
I would suggest that you instead have the Query Logs (sqlite) app installed and then use the Query Logs API call which would give you a standard json output and filtering options too. Let me know if you have any queries regarding that.
Hi Shreyas,
A colleague of mine would like a definition for the DNS client query logs in order to parse them with a SIEM. Looking at the log it seems obvious, but I could miss a corner case by just guessing at the format. Can you give a definition of the file please that I can pass along to be used for parsing by another application?
Thanks and Regards,
Michael