search

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup
http://gamelinux.org/
1.67k stars 372 forks source link

microseconds in log timestamps are not zero padded #23

Closed ryancdotorg closed 11 years ago

ryancdotorg commented 11 years ago

For example, instead of

1329575805.000123||100.240.60.160||80.160.30.30||IN||sadf.googles.com.||A||NXDOMAIN||0||1

we get

1329575805.123||100.240.60.160||80.160.30.30||IN||sadf.googles.com.||A||NXDOMAIN||0||1

which is confusing.

easy fix though:

diff --git a/src/dns.c b/src/dns.c
index 2b9d72e..e307168 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -541,7 +541,7 @@ void print_passet_err (pdns_record *l, ldns_rdf *lname, ldns_rr *rr, uint16_t rc
     /* example output:
      * 1329575805.123456||100.240.60.160||80.160.30.30||IN||sadf.googles.com.||A||NXDOMAIN||0||1
      */
-    fprintf(fd,"%lu.%lu||%s||%s||",l->last_seen.tv_sec, l->last_seen.tv_usec, ip_addr_c, ip_addr_s);
+    fprintf(fd,"%lu.%06lu||%s||%s||",l->last_seen.tv_sec, l->last_seen.tv_usec, ip_addr_c, ip_addr_s);

     switch (ldns_rr_get_class(rr)) {
         case LDNS_RR_CLASS_IN:
@@ -675,7 +675,7 @@ void print_passet (pdns_asset *p, pdns_record *l) {

     u_ntop(p->sip, p->af, ip_addr_s);
     u_ntop(p->cip, p->af, ip_addr_c);
-    fprintf(fd,"%lu.%lu||%s||%s||",p->last_seen.tv_sec, p->last_seen.tv_usec, ip_addr_c, ip_addr_s);
+    fprintf(fd,"%lu.%06lu||%s||%s||",p->last_seen.tv_sec, p->last_seen.tv_usec, ip_addr_c, ip_addr_s);

     switch (ldns_rr_get_class(p->rr)) {
         case LDNS_RR_CLASS_IN:
ryancdotorg commented 11 years ago

herp derp dup of #22