Bind 9.11 Log Format #2
Description
After a recent upgrade of my systems to Ubuntu 18.04 which provides Bind 9.11.3 I found that your script wouldn't parse the log files. I fixed the issue by adding the following to process_query at line 179:
"""
# Bind 9.11
04-Jun-2018 14:48:15.540 queries: info: client @0x7fda1d74e7d0 \
192.168.1.6#60844 (prefetch.net): query: prefetch.net IN A +E(0)D \
(192.168.1.250)
"""
elif len(chopped) == 10:
timestamp = chopped[0] + " " + chopped[1]
""" Had to change the item reference in chopped[] below because they added a memory location
in the middle of everything, instead of putting it at the end
"""
client_ip = chopped[3].split("#")[0]
""" That also shifted the rr_type over
"""
rr_type = chopped[7]
dns_question = chopped[4]
I hope this helps.