On 03/02/17 16:45, Mukund Sivaraman wrote:
The query log is getting more fields at the end of it such as CLIENT-SUBNET logging.
Although it would be super-disruptive, has any thought been given to moving to an entirely new log format, for example k/v or JSON? They're a lot more extendable going forward and most SIEM/ML systems will read them with no additional configuration.
Adding the query log hex/ptr thing just inconvenienced me. Strangely, changing the entire format to k/v would have massively helped me. This applies across all logs (RPZ in particular).
Obviously one sample isn't enough but it's maybe something to consider? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
