Difference between revisions of "Plugin:DNS"
(→chkrootkit: Fix typo.)
(+Category:Plugins requiring privileges)
|Line 40:||Line 40:|
Latest revision as of 23:50, 27 November 2010
|Callbacks:||config, init, read|
|Copyright:|| 2006–2007 Florian octo Forster|
2009 Mirko Buffoni
|List of Plugins|
The DNS plugin has a similar functionality to dnstop: It uses libpcap to get a copy of all traffic from/to port UDP/53 (that's the DNS port), interprets the packets and collects statistics of your DNS traffic. The interface it should listen on and whether or not the packets sent by the own host should be collected or not can be set in the configuration file. The details are documented in the collectd.conf(5) manpage.
The metrics collected by this plugin are:
- Number of packets with a specific opcode, e. g. the number of packets that contained a query.
- Number of queries for each record type. Common record types are for example
- Number of response codes seen. Common response codes are for example
NOERROR(query was successful) and
NXDOMAIN(domain or subdomain doesn't exist).
- Number of octets sent/received.
Since with this plugin acts as a packet sniffer, tools like chkrootkit may start reporting collectd as "suspicious program". Please don't be alarmed – if you load this plugin collectd is supposed to sniff packets. Nothing is done with the sniffed data except counting various aspects of DNS traffic, as you can see in the Example graphs section. But you don't have to take my word for it: Let the source code do the convincing ;)