[ Top | Up | Prev | Next | Map | Index ]

Readme for analog3.2

DNS lookups

Sometimes a logfile contains numerical IP addresses - like 131.111.20.59 - for the computers that have visited you, instead of names like lion.statslab.cam.ac.uk. This section describes how you can get analog to do so-called DNS lookups to translate these numbers into names. This relies on you having a suitably configured system: DNS lookups are not possible on some systems.

Unfortunately DNS lookups are typically very slow, because your computer has to ask across the network to find out the names of the hosts. For this reason, analog saves the addresses it has looked up in a file, so that you don't have to look them up again next time. (Even so, you may find the DNS lookups too slow to be usable.) The file is specified by a command like

DNSFILE dnsfile.txt
You will still need to use one of the commands in the next paragraph in order to actually use the file.

There are four possible levels of DNS activity. If you specify DNS NONE, no numerical addresses will be resolved. If you specify DNS READ, then analog will read the DNS file for old lookups, but no new lookups will take place. This mode is suitable if you are running analog while not connected to the internet. The third level is DNS WRITE. This reads the old file, looks up new addresses, and adds them to the file. The fourth level is DNS LOOKUP. This reads the old file and looks up new addresses, but doesn't add the new addresses to the file, so that they will not be remembered for next time. The reason for this is that if two copies of analog were running at once, both with DNS WRITE, then it is possible that the DNS file could become corrupted (although the chance is quite small).

The first time you use DNS WRITE, you will get a missing-file warning, but it will exist the next time.

Jason Linhart has written an application for the Mac called DNSTran, which creates DNS files for analog to read. Because it uses Mac-specific code, it's faster than getting analog to create the file, and I recommend it.

Analog never deletes anything from the DNS file: this means that the DNS file will grow, and can become quite large. You should delete the top of it every so often.

There are two parameters which say how long to trust old lookups for. If you set

DNSGOODHOURS 672
for example, then successful lookups will be checked again after 672 hours (4 weeks). You can also set the DNSBADHOURS similarly, to check failed lookups again after a certain time.

Finally, there is a debugging command, DEBUG +D to show all the DNS lookups that analog is making.


Normally you need never write a DNS cache file: you should rely on analog to do it for you. But in case you need to know, the format of the file is
timestamp IP_address name
where the timestamp is the number of minutes since midnight on 30-31/Dec/1969 (yes, I know this was the wrong choice), and the name is just * if the address couldn't be resolved.
Stephen Turner
Personal e-mail: analog-author@lists.isite.net
Need help with analog? Subscribe to the analog-help mailing list.

[ Top | Up | Prev | Next | Map | Index ]