dns-probe-af¶
Synopsis¶
dns-probe-af [-i interface | -p pcap [-r] | -d socket | -k knot_count [-s knot_path]] [-l logfile] [-n instance] [-c config_file] [-h]
Description¶
dns-probe-af is a network traffic probe that captures DNS queries and corresponding responses and exports them as configurable records about individual DNS transactions.
dns-probe-af can either listen on an interface or read packets from a PCAP file or read dnstap data from a unix socket or read Knot interface data from a unix socket. The -i
, -p
, -d
and -k
options are mutually incompatible but either of them (except -k
) can be used repeatedly.
Depending on the configuration, dns-probe-af exports the transaction records in either Parquet or C-DNS format.
Options¶
-
-i
interface
¶ Listen on the network interface with the given name, such as
eth0
.
-
-p
pcap
¶ Read input from the given PCAP file.
-
-r
¶
Indicates raw PCAP format.
-
-d
socket
¶ Read dnstap input from given unix socket.
-
-k
knot_count
¶ Number of Knot interface sockets to create
-
-s
knot_path
¶ Path to directory in which to create Knot interface sockets. Default
/tmp
.
-
-l
logfile
¶ Write logging messages to logfile instead of standard output.
-
-n
instance
¶ Unique identifier (for configuration purposes) for given instance of DNS Probe.
-
-c
config_file
¶ YAML file to load configuration from.
-
-h
¶
Print help message and exit.
Exit Status¶
- 0
- Normal exit
- 1
- Exit based on receiving
restart
operation from remote management API