I current facing a problem. When I open the dnsmasq log, it looks like this:
Jun 10 17:50:00 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:00 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:21 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:21 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:31 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:31 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:37 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:37 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:40 dnsmasq[21796]: query[A] zyx.qq.com from 115.34.22.160 Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 114.114.114.114 Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 223.5.5.5 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 123.151.43.51 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 183.60.62.158 Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 113.108.1.90 Jun 10 17:50:42 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:42 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:52 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160 Jun 10 17:50:52 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4 Jun 10 17:50:58 dnsmasq[21796]: query[A] ic.wps.cn from 115.34.22.160 AND ETC.
It’s very difficult for us to analyze it. Anybody have a idea to only show the queried domain which should be like this?
isatap.lan zyx.qq.com ic.wps.cn AND ETC.
However I tried this: http://www.tannerwilliamson.com/analyzing-dnsmasq-log-with-awk/1610/
and its output i like this:
root@VM-208-178-ubuntu:/home# awk -f /home/dnsmasq.awk /var/log/dnsmasq.log | less
name | nb | forwarded | answered from cache
irs01.net | 1 | 1 | 0
927662-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.ffdns.net | 1 | 1 | 0
blog.sina.com.cn | 4 | 4 | 1
927655-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
www.baidu.com | 2 | 2 | 0
* careers.stackoverflow.com | 10 | 13 | 0
blender.stackexchange.com | 2 | 2 | 0
974449-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
img.iknow.bdimg.com | 2 | 1 | 1
* smarterer.com | 2 | 3 | 0
a.disquscdn.com | 1 | 1 | 0
927648-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn | 1 | 1 | 0
physics.stackexchange.com | 6 | 5 | 4
* area51.stackexchange.com | 2 | 3 | 0
iknow02.bosstatic.bdimg.com | 2 | 1 | 1
passport.baidu.com | 1 | 1 | 0
webapps.stackexchange.com | 5 | 4 | 4
It’s little bit different from what I want. Anybody could help me? Thanks for the help!
Advertisement
Answer
A simple awk script could be sufficient for this, provided the logfile you showed remains intact.
awk '!seen[$6]++ {print $6}' file
will produce the output as
ic.wps.cn isatap.lan zyx.qq.com
The logic is simple, it parses each entry in column six and adds it into the array seen and prints the element only if it is not seen before.
P.S. If the order of the columns in the log file are subject to change in the future the awk command may not work, as it purely relies on the index of the column to get the results.