What's new

Scribe Need help creating a filter for dnsmasq possible rebind attempts spamming the main log

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

skeal

Part of the Furniture
Helo people, I need help creating a filter for scribe. My logging problem is caused by adguard DNS. When I enabled adguard DNS it started logging rebind attack incidences. I created a dnsmasq filter to handle this but I keep getting failed syntax check when I restart the script. I started out by modifying the ethernet filter in examples. Below are my attemps at this task. Please be advised the .txt extension is not used when testing, this forum demands a file extension when uploading. Can anyone see the error in my attempts? Please help if you know how to correctly do this.
 

Attachments

  • dnsmasq.txt
    273 bytes · Views: 33
  • dnsmasqlogr.txt
    103 bytes · Views: 33
I believe you have an extra “ in your destination file name:

destination d_dnsmasq {
file("/opt/var/log/"dnsmasq.log");

Should probably be:

destination d_dnsmasq {
file("/opt/var/log/dnsmasq.log");
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top