Hi Karl,
On Mon, 24 Mar 2014, Karl O. Pinc wrote:
On 03/24/2014 06:31:30 AM, Stathis Gkotsis wrote:
Concerning HTTP: I guess the thing to output would be hostname, since
you can have multiple HTTP requests to different URLs inside one TCP
Session.About DNS, what should be outputted? I guess the hostname for A
queries is good enough to start with.
I'm not clear on where DNS would fit into this. Offhand, DNS lookups
(and then reverse DNS lookups, etc.) should not be part of
pmacct. There's just too much latency. People who want that
sort of thing should work out how to do it outside of pmacct.
I'd like to see the *content* of DNS requests and responses available to
be logged in data records by pmacct. It can be very helpful in identifying
which website someone was trying to access, when all we have is an IP
address. I accept that not everybody would want this, but I do.
Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838
Citylife House, Sturton Street, Cambridge, CB1 2QF, UK
Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
