Log formats for dns_reply.log

xantonin

I'm trying to troubleshoot an issue with DNS, but I can't decipher the logs, and I can't find any documentation on the internet (maybe my Google-fu is weaker these days).

Here is the file:

/var/log/pfblockerng/dns_reply.log

I have these lines:

DNS-reply,Feb 13 15:11:33,resolver,A,A,Unk,cloudflare-dns.com,127.0.0.1,NXDOMAIN,unk
DNS-reply,Feb 13 15:11:33,resolver,A,A,Unk,cloudflare-dns.com,127.0.0.1,NXDOMAIN,unk
DNS-reply,Feb 13 15:11:33,resolver,A,A,Unk,cloudflare-dns.com,127.0.0.1,NXDOMAIN,unk

All I can find is information on dnsbl.log from https://forum.netgate.com/topic/141044/pfblockerng-logs/2

DNSBL type,Date Timestamp,Blocked domain,SRC IP,URL/Referer/URI/Agent String,DNSBL Block type,DNSBL Groupname,Evaluated Domain/TLD,Feedname,Duplicate event (+/-) status

Gertjan

@xantonin

The file is created, and lines are added by 'pfBlockerng'.
So the manual (== the source code ) should give you hints about how the line is created and with what info.

I've found /var/unbound/pfb_unbound.py line 802 :```

        csv_line = ','.join('{}'.format(v) for v in ('DNSBL-python', timestamp, q_name, q_ip, isDNSBL['p_type'], isDNSBL['b_type'], isDNSBL['group'], isDNSBL['b_eval'], isDNSBL['feed'], dupEntry))

Be careful. It's Python.