[dsc] qtype dataset is empty
Andrew Ruthven
andrew.ruthven at catalyst.net.nz
Tue May 19 23:36:26 UTC 2009
On Tue, 2009-05-19 at 16:11 -0600, Duane Wessels wrote:
> very puzzling.
>
> Can you make a dsc.conf for testing with all the datasets
> removed except for :
>
> dataset qtype dns All:null Qtype:qtype queries-only;
>
> Then run it in debug mode:
>
> # /usr/local/dsc/bin/dsc -f -d /tmp/dsc-debug.conf
Sure:
srsplog1:/tmp# dsc -f -d ns1-debug.conf
adding local address 202.46.190.130
setting current directory to /tmp/ns1
PID file is: /tmp/dsc-ns1.pid
BPF program is: (src port 53 and src host 202.46.190.130 and not vlan)
or (vlan 1 and dst port 53 and dst host 202.46.190.130)
Opening interface eth1
Pcap_init: FD_SET 4
creating dataset qtype
writing PID to /tmp/dsc-ns1.pid
Running
writing to 1242771780.dscdata.xml.XXXQuAam7
renaming to 1242771780.dscdata.xml
srsplog1:/tmp# cat ns1/1242771780.dscdata.xml
<dscdata>
<array name="pcap_stats" dimensions="2" start_time="1242771776"
stop_time="1242771780">
<dimension number="1" type="ifname"/>
<dimension number="2" type="pcap_stat"/>
<data>
<ifname val="eth1">
<pcap_stat val="filter_received" count="837"/>
<pcap_stat val="pkts_captured" count="835"/>
</ifname>
</data>
</array>
<array name="qtype" dimensions="2" start_time="1242771776"
stop_time="1242771780">
<dimension number="1" type="All"/>
<dimension number="2" type="Qtype"/>
<data>
</data>
</array>
</dscdata>
srsplog1:/tmp#
If I set the bpf_program to be only "udp port 53 or tcp port 53" I do
get some records, but this port is sniffing 3 different nameservers, I
need to be able to limit the traffic to only 202.46.190.130.
> Also tell me what operating system you have there and maybe
> I have something close here and can try to reproduce it.
This is Debian Etch on AMD64. The source of DSC (with Debian packaging)
I'm using is at:
git clone http://git.catalyst.net.nz/dsc.git
gitweb http://git.catalyst.net.nz/gw?p=dsc.git
Cheers!
--
Andrew Ruthven, Wellington, New Zealand
At work: andrew.ruthven at catalyst.net.nz
At home: andrew at etc.gen.nz
GPG fpr: 34CA 12A3 C6F8 B156 72C2 D0D7 D286 CE0C 0C62 B791
More information about the dsc
mailing list