dnstop监控bind
1 通过 rpm -qa | grep libpcap ;rpm -qa | grep tcpdump 检查这libpcap,tcpdump是否安装,这两个包必须安装。
2 从网上http://packages.sw.be/dnstop/ 下载适合自己系统的DNSTOP包,我下载的是
dnstop-0.0.20030228-0.2.el5.rf.x86_64.rpm,因为我用的RHEL5.4 64位操作系统。
3 安装DNSTOP
rpm -ivh dnstop-0.0.20030228-0.2.el5.rf.x86_64.rpm
安装提示成功后就可以直接使用dnstop了,使用方法从网上搜了下,介绍如下
参数说明
[root@DNS2 ~]# dnstop –help
dnstop: invalid option — -
usage: dnstop [opts] netdevice|savefile
-a Anonymize IP Addrs 匿名ip地址
-b expr BPF program code 不理解
-i addr Ignore this source IP address 忽略源ip地址
-p Don’t put interface in promiscuous mode 处于混杂模式不输出接口
-s Enable 2nd level domain stats collection
在运行DNSTOP的过程中,可以敲入如下命令:
S,D,T,1,2,(ctrl+R),(ctrl+X)
例如输入:1
[root@NS6 home]# dnstop -a eth0
1 new queries, 477 total queries Sat Oct 30 00:22:20 2010
TLD count %
-------------------- --------- ------
com 313 65.6
net 65 13.6
cn 63 13.2
info 11 2.3
uk 6 1.3
org 5 1.0
pl 5 1.0
me 3 0.6
edu 1 0.2
例如输入: 2 显示成域名的格式
[root@NS6 home]# dnstop -s eth0
1 new queries, 608 total queries Sat Oct 30 00:23:16 2010
SLD count %
-------------------- --------- ------
qq.com 85 14.0
360.cn 36 5.9
cache.com 33 5.4
163.com 33 5.4
demonoid.com 29 4.8
baidu.com 23 3.8
ali213.net 16 2.6
com.cn 16 2.6
R(ctrl+R) 刷新重新统计
X(ctrl+X) 退出DNSTOP
例如:D 只统计访问dns的总数
[root@NS6 home]# dnstop -s eth0
1 new queries, 646 total queries Sat Oct 30 00:24:47 2010
Destinations count %
---------------- --------- ------
* 484 74.9
212.196.209.133 86 13.3
232.106.46.151 17 2.6
222.196.154.15 14 2.2
232.96.209.5 13 2.0
252.106.0.20 9 1.4
179.189.201.82 5 0.8
221.5.88.88 4 0.6
179.189.203.7 4 0.6
155.189.220.32 4 0.6
115.189.155.112 4 0.6
更多参数说明
Queries: 1 new, 29 total
Tue Jan 20 15:21:03 2009
s – Sources list 源地址列表
d – Destinations list 目的地址列表
t – Query types
o – Opcodes
r – Rcodes
1 – 1st level Query Names ! – with Sources 显示域名后缀格式 收集顶级域名信息
2 – 2nd level Query Names @ – with Sources 显示域名格式 收集二级域名信息
3 – 3rd level Query Names # – with Sources 配合 -l选项 -l 3 收集三级域名信息
4 – 4th level Query Names $ – with Sources -l 4 收集4级域名信息
5 – 5th level Query Names % – with Sources 收集五级域名信息
6 – 6th level Query Names ^ – with Sources 收集六级域名信息
7 – 7th level Query Names & – with Sources …
8 – 8th level Query Names * – with Sources …
9 – 9th level Query Names ( – with Sources …
Ctrl+r – Reset counters 刷新
Ctrl+x 退出
转载于:https://blog.51cto.com/zj1991/1568726