Skip navigation.
Home
Dee and Steve's Web
Home » Software

DNSHistory

DNSHistory

Submitted by Steve on January 31, 2007 - 8:42pm.

Provide a means for storing a history of DNS/Name changes for the IP Addresses extracted from web log files. The major target being that multiple analyses of older log files do not require re-lookups of IP Address to FQDNs, and additionally maintain the accuracy of the lookup as it was then and not as it is now.

Latest Production Release is version 1.3 dnshistory-1.3.tar.gz

Why DNSHistory?

Several reasons:

  • Save on disk space! Estimates for one system I look after, shows that using DNSHistory vs dnstran, saves around 4Gb of disk space a year. Given the cost of high performance SCSI drives, that does translate into not insignificant dollars!
  • Accuracy. dnstran has a distressing tendency to translate parts of logfiles that shouldn't be translated. Additionally, compared with "cache" style translators, you will get different results if you ever need to re-run in years to come.
  • Accessible. DNSHistory can be pipelined with other tools. You're not tied to a single product to do log analysis. egrep, gawk and cut can do a lot of simple fast analysis.
  • Fun!

Description

With versio 1.3, DNSHistory can also process squid, ftp xferlog and iptables log files.

dnshistory currently has five modes of operation:

  • Do Lookups. The default mode. Given a web log file, dnshistory will perform DNS reverse lookups on each unique IP Address and store the results in a history database.
  • Do Translations. Given a raw web log file, dnshistory will make use of a previously created history database and send to STDOUT the same web log but with addresses replaced by the Fully Qualified Domain Name as previously looked up.
  • Do Recombining. Given two web log files, one raw and one previously translated (eg. by using dnstran): Create a history database from the values in these separate log files.
  • Do Dump. Dump a given history database to STDOUT.
  • Do Import. Import a previously dumped history into a new database.
  • Show History. Given one or more IP Addresses on the command line, display their history from the database.

It's quite possible that most users would only ever use the first two modes.

The lookups make use of threads for near maximum speed, and use the standard resolution libraries on a system. Thus hosts files, NIS, LDAP and other name resolution methods should work transparently. Unfortunately most other tools ignore local name resolution methods in favour of DNS lookups only.

»

On manually migrating a subversion repository to Launchpad/BZR

Submitted by Steve on November 6, 2008 - 10:04pm.

I'd migrated one of my projects here (AWFFull ) from subversion to a bazaar repository hosted on Launchpad some time ago.

Works well, but were a few  niggles and tricks in the process.

  • all the code imported  as 'steve' - which is accurate Laughing but a little deflating to ones ego.
  • imported some of my earlier faffing around with subversion - again isn't a problem per-se, but would have been nice to clean it away.

So when it came time to migrating DNSHistory , I figured I'd have a go at fixing these niggles. Herein are the steps used.

»

DNSHistory v1.3

Submitted by Steve on February 1, 2007 - 7:34pm.

At long last I've finally incremented DNSHistory from v1.3-beta1 to v1.3.

The only changes really revolve around the name change. The only code change was to use calloc, vs malloc and manually clearing the chunk of memory grabbed.

From here?

Several thoughts:
* Add the GeoIP API's into DNSHistory - simply output the country instead of the DNS'd name. Would make GeoIP accessible to a larger range of log types. If only 'cause adding new log types to DNSHistory is quite trivial.
* Add gettext capability. Not that DNSHistory needs to be able to support multiple languages far as I can tell, but it seems only polite to make the offer, and doesn't cost me much to do so.
* Something I've personally wanted for a while - here's an IP Address, show me it's history. Coupled with GeoIP that could be quite useful I suspect. Poor man's whois.

As to when? Don't hold your breath. There's a few translation issues inside AWFFull to be fixed, and I'm very keen to get v3.8.1 of AWFFull out at long last as well.

Enjoy!

DNSHistory v1.2

Submitted by Steve on January 3, 2006 - 8:47pm.

Have just finished and released DNSHistory v1.2.
This release has a primary focus of importing previously dumped dnshistory databases.
Additional fixes/changes were to cleanup all names and strip funky characters; and the database files themselves are now opened more appropriately. RO or RW as in.

DNSHistory v1.1

Submitted by Steve on October 12, 2005 - 10:22pm.

DNSHistory v1.1 has just been released!
A new feature to query an existing dnshistory database for the history of given IP Addresses has been added.
Some additional minor updates.

Initial Stable Release of DNSHistory

Submitted by Steve on August 16, 2005 - 7:47pm.

DNSHistory v1.0 has just been released!
This is the first stable release and includes a few minor bug fixes and some minor functional changes.

Fill yer boots!

Software

Submitted by Steve on May 24, 2005 - 3:19pm.

Various bits of coding and documentation. Eventually.

AWFFull

A Webalizer Fork, Full o' features. Webserver log analysis.

DNSHistory

Store a history of DNS/Name changes from web log files.

Visitors

Process a web log file for visitor statistics.

GL NewsPicks

NewsPicks plugin/modification for Geeklog.

Syndicate content Syndicate content