The last year I would try datamining on DNS data from my local dnsmasq.
But how could I collect all the queries of dnsmasq if it is installed on a WRT54GL without writing on the flash?
This morning I think, easy denever you could email the logs of dnsmasq on a dedicated gmail account.
So I looked for an smtp client on Kamikaze 7.09 which is installed on my WRT54GL:
root@openwrt:~# ipkg info *smtp*
Package: ssmtp
root@openwrt:~# ipkg install ssmtp
Taking a look there I could configure /etc/ssmtp.conf as follows:
root={your email acc name}@gmail.com
mailhub=smtp.gmail.com:465
rewriteDomain=gmail.com
hostname=gmail.com
FromLineOverride=YES
UseTLS=YES
AuthUser=your username
AuthPass=your password
And then how to log queries with dnsmasq?
Reading the documentation of dnsmasq I find:
The log-queries option tells dnsmasq to verbosely log the queries it is handling and causes SIGUSR1 to trigger a complete dump of the contents of the cache to the syslog.
So in /etc/dnsmasq.conf I added the following line
log-queries
But on Kamikaze 7.09 where dnsmasq writes the logs?
Dnsmasq uses syslogd for the logging.
Taking a look to /etc/init.d/boot you can find this:
syslogd -C16 ${log_ip:+-L -R $log_ip}
So how to read the logs? Easy we use the logread.
How could we email this logs? For this purpouse I wrote a script:
root@openwrt:~# cat /bin/print_dnslog.sh
echo -e "Subject: DNS Log\n"
logread | grep query
And then we could email everything, using another script:
root@openwrt:~# cat /bin/mail_dnslog.sh
/bin/print_dnslog.sh | ssmtp mybackup_mail@gmail.com
And then I want that mail_dnslog.sh running periodically so reading here and here I wrote a simple crontab.
root@openwrt:~# crontab -e
* * * * * /bin/mail_dnslog.sh
Nessun commento:
Posta un commento