-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdns-logging-udp.irule
39 lines (37 loc) · 1.57 KB
/
dns-logging-udp.irule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Author: Juergen Mang <[email protected]>
# Date: 2023-07-12
#
# DNS Request and response logging
# Uses the procs from the dns_parser iRule
# Disable local logging for production use!
#
# -------------------------------------------------------------------------
# See the file "LICENSE.md" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
# -------------------------------------------------------------------------
# Request logging
when CLIENT_ACCEPTED priority 500 {
if { [catch {
set req_log [call dns_parser::ReadQuestionPacket [UDP::payload]]
}] } {
set req_log "error=\"Could not parse DNS question: [subst \$::errorInfo]\""
}
set hsl [HSL::open -publisher $static::dns_log_target]
HSL::send $hsl "client_ip=\"[IP::client_addr]\" target_ip=\"0.0.0.0\" v_server=\"[virtual]\" $req_log"
#log local0. "client_ip=\"[IP::client_addr]\" target_ip=\"0.0.0.0\" v_server=\"[virtual]\" $req_log"
unset -nocomplain -- req_log
}
# Response logging
when SERVER_DATA priority 500 {
if { [catch {
set resp_log [call dns_parser::ReadAnswerPacket [UDP::payload]]
}] } {
set resp_log ""
lappend resp_log "error=\"Could not parse DNS answer: [subst \$::errorInfo]\""
}
foreach line $resp_log {
HSL::send $hsl "client_ip=\"[IP::client_addr]\" target_ip=\"[IP::server_addr]\" v_server=\"[virtual]\" $line"
#log local0. "client_ip=\"[IP::client_addr]\" target_ip=\"[IP::server_addr]\" v_server=\"[virtual]\" $line"
}
unset -nocomplain -- resp_log line
}