RDNSLOGS is a Windows 32bit program that reads log files generated by web servers and produces a cache file of DNS Reverse Lookups. Through the use of multiple concurrent reverse DNS lookup threads, the program quickly converts numeric IP addresses to their corresponding host names. RDNSLOGS is written in C++ for fast native mode execution. While the program was written originally to complement the Analog Log File Analyzer, it can certainly be used in other environments.
The cache file produced by RDNSLOGS is a text file whose format is:
timestamp IP_address name
where the timestamp is the number of minutes since the beginning of 1970, GMT (i.e., "Unix time" divided by 60), and the name is just * if the address couldn't be resolved. This format should be compatible with most log analyzers.
RDNSLOGS has internal support for gzip compression and supports all other external forms of file compression.
The author is open to implementing changes to RDNSLOGS. If the change is something that can be coded in a timely matter, and if the change is something that most users would find useful, contact the author at silvestri@stcc.edu to discuss the change. One user inquired about the possibility of including Geolocating Ip addresses based on the work described on this website, http://www.hostip.info/. This can certainly be done, but will involve significant programming. If you have an interest in this feature, please let me know.
This version has no major code modifications or additional features. The only significant differences between this and older V5 versions is the use of the latest pcre library and a complete recompile with Visual Studio 2008 C++. If you are happy with your current V5 version, there is no need to upgrade. If you are using a version prior to V5, please consider purchasing this version. V5 is extremely stable and offers many features and performance enhancements not found in the older versions.
Purchase through PayPal.
Upon receipt of PayPal payment, a zip file of the package will be immediately emailed to you. Installation of RDNSLOGS is straightforward. Unzip the contents of the zip file, and copy rdnslogs.exe, pcre.dll, and zlib1.dll into a convenient directory.
The command line syntax is as follows:
rdnslogs [options] <configuration filename>
| Option | Description |
|---|---|
| -t threads | Max count of concurrent DNS lookups (thread count) (default: 20, maximum: 400) |
| -v | Verbosity switch. Use the -v switch only when you want to monitor the state of RDNSLOGS. It generates copious amounts of output and generally slows the program. |
| -r | Recursively visit all configuration files specified by CONFIGFILE command |
| -n | NO subnet host lookups. Default is to perform the subnet host lookups. |
| -l logfile | You specified a log file specification on the command line. i.e. -l c:\logs\*.gz You can specify as many log file specs as can fit on a command line provided that each spec is preceded with a -l. If a log file spec contains a space, surround the spec with quotes. If a log file spec is made, a configuration file does not need to be specified. |
| -o dnscache | You specify the desired DNS cache output filename. |
| -y DNS server | Querying a specific DNS server. Use this switch to specify a particular DNS server to query. Not specifying the switch will make RDNSLOGS revert back to the default method of resolving names. |
| -x max tries | Specifies the maximum number of attempts to resolve an IP address. Specifying 0 forces an indefinite attempt toward resolving the IP address. Works in conjunction with the -y switch. Default is 3 tries. |
| -m timeout | Specifies the base timeout value for a lookup. If a lookup fails, the timeout value is doubled, up to a maximum of 60 secs, on the next and subsequent attempts. Works in conjunction with the -y switch. Default base timeout is 4 secs. |
If a configuration file is specified, command Line switches are processed before the configuration file.
Example 1:
C:> rdnslogs -t 100 config.txt
This command line will read the config.txt file in the current directory for DNS related information and use up to 100 threads to resolve IP addresses in log files.
Example 2:
C:> rdnslogs
Displays a complete usage summary including version number and available options.
Example 3:
C:> rdnslogs -v -t 150 myconfig.txt
Read the file myconfig.txt for log file locations and use up to 150 threads to resolve the IP addresses in those files. Also, generate debugging information on the screen.
Example 4:
C:> rdnslogs -l c:\logs\*.log -l "d:\log files\*.gz" -o mynewdns.txt -t 300
Reads all the *.log files in the C:\logs directory and all the *.gz files in the "d:\log files" directory to create a mynewdns.txt file in the current directory using 300 lookup threads.
RDNSLOGS will read your configuration file for the following command lines:
All other lines in the configuration file are ignored. The syntax of these lines can be obtained from http://www.analog.cx/docs/indx.html.
It would be most advantageous to use the output produced by RDNSLOGS as a way to monitor its progress. When scheduling RDNSLOGS, use the cmd /c command to allow for output redirection. For instance, the following command in the windows scheduler:
cmd /c "rdnslogs.exe -t 100 config.txt > progress.txt"
will cause output to be redirected into a file called progress.txt. You may periodically view the file to see the state of RDNSLOGS. Note: When scheduling RDNSLOGS, redirection is not possible without the cmd /c.
You agree to use it at your own risk. This software is under no warranty. The author assumes no liability in the event of any loss of data, time, and/or money.
RDNSLOGS is written and maintained by:
Prof. Antonio C. Silvestri
Department of Engineering and Computer Science Transfer
Springfield Technical Community College
1 Armory Square
Springfield, MA 01105
silvestri@stcc.edu