Python Dnstap to JSON stream receiver
Project description
Dnstap to JSON stream receiver
This Python module acts as a DNS tap receiver and streams as JSON payload to remote address.
Table of contents
- Installation
- Start dnstap receiver
- Output JSON format
- Systemd service file configuration
- Tests with DNS servers
- About
Installation
Deploy the dnstap receiver in your DNS server with the pip command.
pip install dnstap_receiver
Start dnstap receiver
The 'dnstap_receiver' binary takes in input a unix socket (dnsdist's configuration) and as output a remote tcp json collector (logstash's configuration).
dnstap_receiver -u /var/run/dnstap.sock -j 10.0.0.2:8000
dnstap_receiver --help
usage: test_receiver.py [-h] -u U -j J
optional arguments:
-h, --help show this help message and exit
-u U read dnstap payloads from unix socket
-j J write JSON payload to tcp/ip address
Output JSON format
{
"r_code": "NOERROR",
"port": 52782,
"q_name":"rpc.gandi.net.",
"s_family":"IPv4",
"r_bytes": 47,
"dt_reply": "2020-05-24 03:30:01.411",
"q_addr": "10.0.0.235",
"host": "10.0.0.97",
"message": "CLIENT_RESPONSE",
"q_type": "A",
"s_proto": "UDP",
"dt_query": "2020-05-24 03:30:01.376",
"q_port": 40311,
"q_time": 0.035
}
Systemd service file configuration
System service file for Centos7
vim /etc/systemd/system/dnstap_receiver.service
[Unit]
Description=Python DNS tap Service
After=network.target
[Service]
ExecStart=/usr/local/bin/dnstap_receiver -u /etc/dnsdist/dnstap.sock -j 10.0.0.2:6000
Restart=on-abort
Type=simple
User=root
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start dnstap_receiver
systemctl status dnstap_receiver
systemctl enable dnstap_receiver
Tests with DNS servers
PowerDNS dnsdist's configuration
vim /etc/dnsdist/dnsdist.conf
fsul = newFrameStreamUnixLogger("/var/run/dnstap.sock")
addResponseAction(AllRule(), DnstapLogResponseAction("dns", fsul))
Tests with Logs Collectors
Logstash's Configurations
vim /etc/logstash/conf.d/00-dnstap.conf
input {
tcp {
port => 8192
codec => json
}
}
filter {
date {
match => [ "dt_query" , "yyyy-MM-dd HH:mm:ss.SSS" ]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "dnstap-lb"
}
}
Kibana dashboard
About
| Author | Denis Machard d.machard@gmail.com |
| License | MIT |
| PyPI | https://pypi.org/project/dnstap_receiver/ |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dnstap_receiver-0.0.2.tar.gz.
File metadata
- Download URL: dnstap_receiver-0.0.2.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.6.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86573626262d8b759dfb9bb2936f0089c56b68f33d787cb106f60b2a6462070d
|
|
| MD5 |
3ab67412c44fe2719e50cbae04c8e088
|
|
| BLAKE2b-256 |
4108e0f310ef3c331b4cb61a0ae8feabd878a75545052876e1397237ed538c18
|
File details
Details for the file dnstap_receiver-0.0.2-py3-none-any.whl.
File metadata
- Download URL: dnstap_receiver-0.0.2-py3-none-any.whl
- Upload date:
- Size: 8.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.6.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.7.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e6f863cd1121f022260c6b2b3239c5ccb2ef82e421fbbb85cca590b806bcde82
|
|
| MD5 |
acdad55d33843fbaa8cd84f29c8bd5ea
|
|
| BLAKE2b-256 |
b50f7311ad0a0246ffdb1f25bd1d7a2c549ed9ffe3fbe3af3312ae5d474e44ed
|
