Structured query logging

[xme]

Hello, I'm currently testing dnss in a lab environment and I can't enable proper logging of all DNS requests. I found in the source code that, apparently, "-v=3" should enable more logging but it does not work. Having proper logging is essential for me. Any tip?

[albertito]

Hi!

The DNS request traces don't get output to the logs, but are accessible via the tracing system.

If you enable the monitoring HTTP server with --monitoring_listen_addr=localhost:8000, then visit http://localhost:8000/debug/requests?fam=dnsserver&b=0&exp=1 you should be able to see the recent queries, get latency distributions, etc.

If you go to http://localhost:8000/ you'll find more endpoints, like cache dumps, threading information, and profiling endpoints.

Is this enough for your purposes, or you need something like an auditing log written to the system log?

Thanks!

Edit: Needless to say, replace localhost with the appropriate address; but please be super careful on public servers as this exposes a lot of data, including user queries, and is only meant for debugging.

[xme]

Thank you for the quick reply. I'm still discovering the tool and did not test the monitoring server. Looks interesting, however, I think that having a classic flat log file will be valuable (to be indexed by a SIEM or such a tool).

[albertito]

No worries!

That's a totally reasonable feature request; I can't promise I'll get to it quickly but I'll try :) I'll leave this open to track it.

Please feel free to open other issues if you have any other questions or comments!