Extract DNS Queries from netscaler syslog

To extract the DNS logging from netscaler:syslog you need the following regex:

^\s+(?P<date>[^:]+):(?P<time>[^ ]+)(?:[^:\n]*:){3}(?P<source_ip>[^#]+)(?:[^/\n]*/){8}\d+#(?P<dns>(?#)[_a-zA-Z0-9.-]+)(\.\/)

You can now put it in the query and get an overview of all DNS queries.

 

Share This:
Tagged:

Leave A Comment?