zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-06 16:18:00 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
b7d8c4d16b17dbaceff067e87f1689711d54ab70
nip/docs/logs.md
Brian Cunnie e8458a9dc2 "[Bb]lockList" → "[Bb]locklist" 
We conform to the modern usage of "blacklist". In Google search,
"blacklist" appears 45 million times, "black list", 7 million.

Yes, I'm aware that we're using "block", not "black", for the variable
name, but keep in mind that we're using "block" as a drop-in replacement
for "black". And the newer "blocklist" has a puny 1 million appearances
to "blacklist"'s 45.
2022-02-16 08:36:59 -08:00

838 B
Raw Blame History

Tools for Exploring Log Files

To generate log files on, say, ns-aws:

sudo journalctl -u sslip.io-dns -S yesterday > /tmp/sslip.io.log

A file which I subsequently copy to my Mac (warning: uses BSD-variant of tools like sed, so you may need to tweak the following commands if you're on Linux):

[I use cut instead of awk because it's twice as fast (9.11s instead of 22.56s)]

To find the domains queried (95% sslip.io):

 # find all successful queries of A & AAAA records
grep -v '\. \? nil' < sslip.io.log |\
    egrep "TypeA | TypeAAAA " |\
    cut -d " " -f 10 > /tmp/hosts.log
sed -E 's=.*(\.[^.]+\.[^.]+\.$)=\1=' < hosts.log | tr 'A-Z' 'a-z' | sort | uniq -c | sort -n

 # find the most looked-up IP addresses using the above hosts.log
sort < /tmp/hosts.log | uniq -c | sort -n | tail -50