Originally published September 6, 2016 @ 12:59 am
The little script (dns_qpm2) below will look through your BIND query logs and calculate average query-per-minute rate for the given clients.e Nothing fancy, but can be useful in identifying the heavy-hitters.
#!/bin/bash d="/var/log/named" f="${d}/query_log" IFS=$'\n' ; a=($(grep -oPh "(?<=client )([0-9]{1,3}\.){3}([0-9]{1,3})(?=#)" "${f}" | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq)) ; unset IFS printf '%s\n' ${a[@]} | while read client do fqdn=$(dig +short -x ${client} 2>/dev/null | sed 's/\.$//g') if [ -z "${fqdn}" ] ; then fqdn="${client}" ; fi cn=$(grep -c "client ${client}#" ${f}) timediff="$(echo "scale=0;$(echo "$(date -d "$(tail -1 ${f} | awk '{print $1,$2}')" +%s)-\ $(date -d "$(head -1 ${f} | awk '{print $1,$2}')" +%s)"|bc -l)"/60*1|bc -l)" printf "%-18s %-46s %-12s" "${client}" "${fqdn}" "${cn}" echo "scale=0;$(grep -c "client ${client}#" ${f})/${timediff}*1"| bc -l | sort -n | awk ' BEGIN { c = 0; sum = 0; } $1 ~ /^([-+])?[0-9]*(\.[0-9]*)?$/ { a[c++] = $1; sum += $1; } END { ave = sum / c; printf("%.0f\n",ave); }' done | sort -k3nr | (echo "IP FQDN Q Q/min" && cat) | column -t
Experienced Unix/Linux System Administrator with 20-year background in Systems Analysis, Problem Resolution and Engineering Application Support in a large distributed Unix and Windows server environment. Strong problem determination skills. Good knowledge of networking, remote diagnostic techniques, firewalls and network security. Extensive experience with engineering application and database servers, high-availability systems, high-performance computing clusters, and process automation.