NOTE: This feature is not available for all clients at this time.
- What is the full query log file name format?
- What is the per-zone log file name format?
- How do I switch log file formats?
- How do I know when the files are ready?
- How long do you retain the file data?
- What will be the size of the data files?
- How will the data transmission be secured?
- What is the data structure in the files?
- What happens if files are missing?
- Follow these steps to retrieve the files.
Last Updated March 17, 2014 2:30pm EDT
What is the full query log file name format?
The file names will be formatted as depicted in the graphic.
The first set of characters in the file name is your company name, followed by an underscore. The following 13 characters of the file name is the 8-digit date in YYYYMMDD format, followed by a dash, followed by 4 characters representing the UTC timestamp at the start of the time period.
The file will have two extension suffixes. The first is .log and the second is .gz.
What is the per-zone log file name format?
The file names will be formatted as depicted in the graphic. There will be one file for each zone.
The first set of characters in the file name is your zone name, followed by an underscore. The following 13 characters of the file name is the 8-digit date in YYYYMMDD format, followed by a dash, followed by 4 characters representing the UTC timestamp at the start of the time period.
The files have two extension suffixes. The first is .log and the second is .gz.
How do I switch log file formats?
Dyn can setup your account to sort the log files on a per zone basis instead of having all zones in one log file. Please contact your Dyn representative to setup your log files to be separated by zone. Once your account is setup to separate the files by zone, the file name will be in the per-zone query log format.
How do I know when the files are ready?
Query logs are provided by the hour, within 20 minutes of the end of that hour. For example, the query logs from August 22, 2013 for the 10pm (UTC) hour will be available for retrieval no later than 11:20pm (UTC) on August 22, 2013. Each log file will consist of all query logs for the entire hour.
How long do you retain the file data?
The query logs are retained for the most recent 4 days, or 96 hourly log files. Dyn may retain up to 7 days (168 hourly log files) of query logs, however, only the past 96 hourly log files will be available for certain at any given time.
What will be the size of the data files?
Data files will vary in size depending upon QPS usage on the network. Based on current QPS volume, we expect the maximum hourly file size to be approximately 20GB with a daily total of approximately 450GB of files. To ensure available space and bandwidth, our network is designed to handle twice this capacity.
How will the data transmission be secured?
The files will available via fileserver over a secure socket shell on port 22. Dyn will use our customer’s authorized keys to confirm a trusted connection and our file server will be setup to only allow connections from trusted sources and commands for using the rsync command.
What is the data structure in the files?
The data format in the Query Log files is consistent with that of DNS query logs for BIND 9.9+.
An Example row of data from the log files:
client 1.1.1.1#55668 (1.2.3.4.in-addr.arpa): query: 1.2.3.4.in-addr.arpa IN PTR -ED (204.13.251.34)
What happens if files are missing?
There are two distinct situations where query log files would not be included in the hourly query log file.
1. Query logs were created at the POP (Point of Presence) site but were unable to be transmitted to the core servers.
2. Query logs were not created at the POP site because the servers are off-line and not serving DNS query answers.
There is no processing after an hourly query log is created. Once the log file is created it is frozen. If there were query files that were unable to be included in the hourly query log, they are logged in a separate report by Dyn, which is available to customer(s) upon request. To request this report, please contact our Concierge department.
It is worth noting that these situations are very rare, difficult to predict, and in some cases, indicative of scenarios such as regional catastrophes, fiber cuts, or power failures.
Follow these steps to retrieve the files.
Connect to the fileserver <yourcompanynamehere>.stats.dynect.net via secure socket shell over port 22 |
|
Command to access files:/usr/local/bin/rsync -va <yourcompanynamehere>@<yourcompanynamehere>.stats.dynect.net:/logs/<yourcompanynamehere>/querylogs |