[dnstop] Output into some file

Sam Norris Sam at ChangeIP.com
Mon Nov 2 23:57:38 UTC 2009 

Here is what I use:

#!/bin/csh
#
# Process a dnstop session and email results to me... for now.
# Created 01/22/05
#
set workdir="/home/USERNAME/sniffs"
set today = `date "+%m%d%y"`
set stamp = `date "+%Y-%m-%d %H:%M:%S"`
set hour = `date "+%H"`
set myname = `hostname -f`
cd $workdir

tcpdump -p -n -c 10000 -w dump.$hour.pcap -s 512 'udp dst port 53 and 
udp[10:2] & 0x8000 = 0' > /dev/null
/usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt
cat dnstop.report.$hour.txt | mailx -s "DNSTOP $stamp $myname" -c 
someemail at example.tld



----- Original Message ----- 
From: "W S" <whatisee1 at yahoo.com>
To: <dnstop at measurement-factory.com>
Sent: Monday, November 02, 2009 3:52 PM
Subject: Re: [dnstop] Output into some file


> Thanks Sam,
>
> Seems like I'm still missing something...
> am I suppose to generate 'pcap' file first?
>
> [ tmp]% cat s
> #!/bin/sh
> hour=1
> echo $hour
> #/usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap
> /usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap > /tmp/dnstop.report.$hour.txt
> [ tmp]% ./s
> 1
> pcap_open_*: ioctl: No such device
> [ tmp]%
>
> --- On Mon, 11/2/09, Sam Norris <Sam at ChangeIP.com> wrote:
>
> From: Sam Norris <Sam at ChangeIP.com>
> Subject: Re: [dnstop] Output into some file
> To: "W S" <whatisee1 at yahoo.com>, dnstop at measurement-factory.com
> Date: Monday, November 2, 2009, 3:14 PM
>
> Here is what I use on some systems:
>
> /usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt
>
> Sam
>
> ----- Original Message ----- 
> From: "W S" <whatisee1 at yahoo.com>
> To: <dnstop at measurement-factory.com>
> Sent: Monday, November 02, 2009 2:57 PM
> Subject: [dnstop] Output into some file
>
>
>> Folks,
>> The interactive portion of dnstop is good, BUT seems like
>> I'm having trouble saving output into some file [any format]
>>
>> Is there any simple option(examples?) for that 'savefile'?
>>
>> Thanks,
>> WS
>>
>>
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>> _______________________________________________
>> dnstop mailing list
>> dnstop at measurement-factory.com
>> http://www.measurement-factory.com/mailman/listinfo/dnstop
>>
>
>
>
>
>


--------------------------------------------------------------------------------


> _______________________________________________
> dnstop mailing list
> dnstop at measurement-factory.com
> http://www.measurement-factory.com/mailman/listinfo/dnstop
>

More information about the dnstop mailing list