Extract DNS Queries from netscaler syslog

To extract the DNS logging from netscaler:syslog you need the following regex: ^\s+(?P<date>[^:]+):(?P<time>[^ ]+)(?:[^:\n]*:){3}(?P<source_ip>[^#]+)(?:[^/\n]*/){8}\d+#(?P<dns>(?#)[_a-zA-Z0-9.-]+)(\.\/) You can now put it in the query and get an overview of all DNS queries.

 

Continue Reading →