dns-probe-af

Synopsis

dns-probe-af [-i interface | -p pcap [-r] | -d socket | -k knot_count [-s knot_path]] [-l logfile] [-n instance] [-c config_file] [-h]

Description

dns-probe-af is a network traffic probe that captures DNS queries and corresponding responses and exports them as configurable records about individual DNS transactions.

dns-probe-af can either listen on an interface or read packets from a PCAP file or read dnstap data from a unix socket or read Knot interface data from a unix socket. The -i, -p, -d and -k options are mutually incompatible but either of them (except -k) can be used repeatedly.

Depending on the configuration, dns-probe-af exports the transaction records in either Parquet or C-DNS format.

Options

-i interface

Listen on the network interface with the given name, such as eth0.

-p pcap

Read input from the given PCAP file.

-r

Indicates raw PCAP format.

-d socket

Read dnstap input from given unix socket.

-k knot_count

Number of Knot interface sockets to create

-s knot_path

Path to directory in which to create Knot interface sockets. Default /tmp.

-l logfile

Write logging messages to logfile instead of standard output.

-n instance

Unique identifier (for configuration purposes) for given instance of DNS Probe.

-c config_file

YAML file to load configuration from.

-h

Print help message and exit.

Exit Status

0

Normal exit

1

Exit based on receiving restart operation from remote management API