This is an hack. Sorry. Beware: the patch does not applies cleanly to recent bindgraph versions. --- bindgraph-0.1/bindgraph.pl 2003-05-05 00:01:43.000000000 +0200 +++ bindgraph-0.1r/bindgraph.pl 2003-08-29 01:21:06.000000000 +0200 @@ -13,7 +13,7 @@ my $daemon_pidfile; my $rrd = 'bindgraph.rrd'; -my @query_t = qw(TKEY SOA PTR A AAAA CNAME NS ANY _other_); +my @query_t = qw(PDL CBL DSBL _other_); ############################################################################## ############################################################################## @@ -279,6 +279,8 @@ } else { $file = File::Tail->new(name => $logfile, tail => -1); } + +if (0) { my $parser = new Parse::Syslog($file, year => $opt{year}, arrayref => 1); while (my $sl = $parser->next) { @@ -286,6 +288,21 @@ next if $sl->[2] ne 'named' and $sl->[2] ne 'client'; process_line($sl); } +} else { + open(LOGFILE, $file) or die "Cannot open $file: $!"; + while (<LOGFILE>) { + chomp; + next if /^$/; + # 1062105601 111.11.11.11 11.1.11.111.list.dsbl.org A IN: NXDOMAIN/0/95 + /^(\d{10}) [\da-fA-F:\.]+ (.+)/; + if (not $1 or not $2) { + print STDERR "CRAP: $_\n"; + next; + } + process_line([$1, '', '', '', $2]); + } +} + } sub process_line($) { @@ -293,12 +310,34 @@ my $time = $sl->[0]; my $text = $sl->[4]; +if (0) { if ($text !~ /query:\s+\S+\s+IN\s+(\S+)/) { print STDERR "Cannot parse this line: $text\n" if $verbose; return; } event_query($time, $exist_qt{$1} ? $1 : '_other_'); +} else { + # 11.1.11.111.list.dsbl.org A IN: NXDOMAIN/0/95 + if ($text !~ /^(\S+) /) { + print STDERR "Cannot parse this line: $text\n" if $verbose; + return; + } + + local $_ = $1; + my $type; + if (/\.cbl\.abuseat\.org$/) { + $type = 'CBL'; + } elsif (/\.pdl\.bofh\.it$/) { + $type = 'PDL'; + } elsif (/\.dsbl.org$/) { + $type = 'DSBL'; + } else { + $type = '_other_'; + } + + event_query($time, $type); +} } sub event_query($$) {