Extracting from Bind 9 log files

HeadScratcher · February 23, 2017, 11:35am

finally managed to figure this out

input {
file {
path => "/var/log/bind9/query.log"
start_position => beginning
}
}

filter {
grok {
match => {"message" => "client %{IP:clientip}#%{POSINT:clientport} (%{GREEDYDATA:query}): query: %{GREEDYDATA:Target} IN %{GREEDYDATA:querytype} (%{IP:dns})"}
}
}

output {
elasticsearch {
hosts => [ "127.0.0.1:9200" ]
}
}

this is my conf file for extracting the DNS names of DNS queries into Kibana, it works, so now im mining data

Topic		Replies	Views
BIND DNS Pattern Logstash	9	6370	July 6, 2017
Extract field from message field with in logs Logstash	8	6510	March 15, 2019
How to split DNS request and retrive the domain Logstash	2	793	September 14, 2017
Problem with Grok filter with my logfile Logstash	2	619	July 6, 2017
Turn messages into fields - querying in kibana Logstash	8	1216	July 6, 2017

Extracting from Bind 9 log files

Related topics