Unfortunately DNS lookups are typically very slow, because your computer has to ask across the network to find out the names of the hosts. For this reason, analog saves the addresses it has looked up in a file, so that you don't have to look them up again next time. (Even so, you may find the DNS lookups too slow to be usable.) The file is specified by a command like
DNSFILE dnsfile.txtYou will still need to use one of the commands in the next paragraph in order to actually use the file.
There are four possible levels of DNS activity. If you specify DNS NONE, no numerical addresses will be resolved. If you specify DNS READ, then analog will read the DNS file for old lookups, but no new lookups will take place. This mode is suitable if you are running analog while not connected to the internet. The third level is DNS WRITE. This reads the old file, looks up new addresses, and adds them to the file. (The first time you use DNS WRITE, you will get a missing-file warning as it tries to read the old file, but it will exist the next time.) The final level is DNS LOOKUP. This reads the old file and looks up new addresses, but doesn't add the new addresses to the file, so that they will not be remembered for next time. This is not normally a level that the user wants to specify, but analog will switch to this the behaviour if DNS WRITE fails for some reason.
If you are using a HOSTEXCLUDE command, you need to exclude the numerical IP address if it can't be resolved, or the name if it can. In other words, exclude whatever the host is known as in the report.
DNSLOCKFILE filenameOf course you should make sure that all copies of analog use the same lock file, at least if they have the same DNS file! If analog crashes, it may not clear up the lock file, so in that case you may have to delete it yourself. (Disclaimer: on some systems, race conditions may occasionally thwart this mechanism, but this is very unlikely.)
Analog never deletes anything from the DNS file: this means that the DNS file will grow, and can become quite large. You should delete the top of it every so often.
There are two parameters which say how long to trust old lookups for. If you set
DNSGOODHOURS 672for example, then successful lookups will be checked again after 672 hours (4 weeks). You can also set the DNSBADHOURS similarly, to check failed lookups again after a certain time.
Finally, there is a debugging command, DEBUG +D to show all the DNS lookups that analog is making.
timestamp IP_address namewhere the timestamp is the number of minutes since the beginning of 1970, GMT (i.e., "Unix time" divided by 60), and the name is just * if the address couldn't be resolved.
Need help with analog? Use the analog-help mailing list.
[ Top | Up | Prev | Next | Map | Index ]