Re: [dnsdist] High-fidelity timestamp in FrameStream logging
> On Oct 11, 2019, at 11:10 AM, Casey Deccio wrote: > >> On Oct 11, 2019, at 9:59 AM, Remi Gacogne wrote: >> >> This seems to be a limitation of dnstap-read, we do export the >> nanoseconds as defined in the dnstap format, and it looks like >> dnstap-ldns [1] read them just fine: > > Oh, that is great news. Thank you! I knew the issue was somewhere in the > pipeline, I just didn't look long/hard enough to figure out where. I even > already had dnstap-ldns installed; I just hadn't tried it yet. Just FYI, I actually had tried dnstap-ldns before. The reason I had gone with dnstap-read was that I liked the fact that it broke down the packet components with finer granularity, e.g., the flags and options in the EDNS section. I guess if I want the higher fidelity timestamp, I'll need to implement that breakdown myself. Casey ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] High-fidelity timestamp in FrameStream logging
> On Oct 11, 2019, at 9:59 AM, Remi Gacogne wrote: > > This seems to be a limitation of dnstap-read, we do export the > nanoseconds as defined in the dnstap format, and it looks like > dnstap-ldns [1] read them just fine: Oh, that is great news. Thank you! I knew the issue was somewhere in the pipeline, I just didn't look long/hard enough to figure out where. I even already had dnstap-ldns installed; I just hadn't tried it yet. Again, thanks! Casey ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] High-fidelity timestamp in FrameStream logging
Hi Casey, On 10/11/19 5:31 PM, Casey Deccio wrote: > I am using the following to log queries: > > logger = newFrameStreamTcpLogger("127.0.0.1:4343") > addAction(AllRule(), DnstapLogAction("foo", logger)) > > Then I use this command line to read and produce yaml output: > > fstrm_capture -t protobuf:dnstap.Dnstap -a 127.0.0.1 -p 4343 -w - | > dnstap-read -y -p /dev/stdin > > This seems to be working, for the most part. However, I'm getting only > second level- granularity in my messages, e.g.: > > query_time: !!timestamp 2019-10-11T15:29:00Z > > I would really like to see at least milliseconds. This seems to be a limitation of dnstap-read, we do export the nanoseconds as defined in the dnstap format, and it looks like dnstap-ldns [1] read them just fine: type: MESSAGE identity: "foo" version: "dnsdist XX" message: type: CLIENT_QUERY query_time: !!timestamp 2019-10-11 15:56:13.476117 socket_family: INET socket_protocol: UDP query_address: 127.0.0.1 response_address: 127.0.0.1 query_port: 52156 response_port: 53 query_message: | ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 8674 ;; flags: rd ad ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;powerdns.com. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; EDNS: version 0; flags: ; udp: 4096 [1]: https://github.com/dnstap/dnstap-ldns Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
[dnsdist] High-fidelity timestamp in FrameStream logging
Hi all, I am using the following to log queries: logger = newFrameStreamTcpLogger("127.0.0.1:4343") addAction(AllRule(), DnstapLogAction("foo", logger)) Then I use this command line to read and produce yaml output: fstrm_capture -t protobuf:dnstap.Dnstap -a 127.0.0.1 -p 4343 -w - | dnstap-read -y -p /dev/stdin This seems to be working, for the most part. However, I'm getting only second level- granularity in my messages, e.g.: query_time: !!timestamp 2019-10-11T15:29:00Z I would really like to see at least milliseconds. Any thoughts? Thanks, Casey ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist