[dnstap] Python sample to read DNSTAP log or from UNIX socket
Chris Mikkelson
cmikk at fsi.io
Wed May 29 21:52:12 UTC 2019
On Wed, May 29, 2019 at 05:45:34PM -0400, joff.thyer at cybercovenant.com wrote:
> Chris,
> Having read a little, I have a quick POC Python script to read through
> and identify Control versus Data frames in the stream. Before parsing
> with protobuf, would the idea be to assemble all of the data frames
> into one large buffer and then parse with “ParseFromString()” or
> intuitively I would have thought one data frame at a time.
The latter is correct: each data frame corresponds to one Dnstap message,
and the data frame's content should be suitable input for ParseFromString().
--
Chris Mikkelson
Sr. Distributed Systems Engineer
Farsight Security, Inc.
cmikk at fsi.io
More information about the dnstap
mailing list