examples.md

DNS-collector - Configuration examples

You will find below some examples of configurations to manage your DNS logs.

• Pipelines running mode with DNS Message filters

  • Advanced example with DNSmessage collector
  • How can I log only slow responses and errors?"
  • Filter DNStap messages where the response ip address is 0.0.0.0
  • Detect Newly Observed Domains

• Capture DNS traffic from incoming DNSTap streams

  • Read from UNIX DNSTap socket and forward it to TLS stream
  • Relays DNSTap stream to multiple remote destination without decoding
  • Aggregate several DNSTap stream and forward it to the same file
  • Send to syslog TLS

• Captue DNS traffic and make format conversion on it

  • Convert to text format output
  • Convert to CSV output style
  • Convert to text format with dig style, based on Jinja templating
  • Transform DNSTap as input to JSON format as output
  • Convert to JSON key/value format output

• Capture DNS traffic from PowerDNS products

  • Capture multiple PowerDNS streams

• Observe your DNS traffic from logs

  • Observe DNS metrics with Prometheus and Grafana
  • Follow DNS traffic with Loki and Grafana

• Apply some transformations

  • Capture DNSTap stream and apply user privacy on it
  • Filtering incoming traffic with downsample and whitelist of domains
  • Transform all domains to lowercase
  • Add geographical metadata with GeoIP
  • Count the number of evicted queries
  • Detect repetitive traffic and log it only once

• Capture DNS traffic from FRSTRM/dnstap files

  • Save incoming DNStap streams to file (frstrm)
  • Watch for DNStap files as input

• Capture DNS traffic from PCAP files

  • Capture DNSTap stream and backup-it to text and pcap files
  • Watch for PCAP files as input and JSON as output

• Capture DNS traffic from Mikrotik device

  • Capture TZSP packets containing DNS packets and process them as json

• Security: suspicious traffic detector

  • Capture DNS packets and flag suspicious traffic