Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
61 lines (44 sloc) 1.94 KB

How to deploy monitoring on Yeti root name server

scripts from dns-orac ditl-tools

capture DNS packet on DNS servers and save as pcap file, then send to Yeti storage server

please refer to


install dnscap and wrapsrv

    capture DNS packet with dnscap

    capture DNS packet with pcapdump
    You need the patch in


submit DNS packet via ssh

notice: use ssh PubkeyAuthentication, so user should provide ssh public key

configure options for dnscap/pcapdump
congigure IFACES, capture packets on which NICs
configure SSH_ID as user's SSH private key
configure SAVEDIR to store pacp file
configure KICK_CMD, choose dnscap or pcapdump

  1. how to run

1) setup
   you should run command 'bash', this will install dnscap and wrapsrv
   if you want to install dnscap or wrapsrv, try 'bash dnscap' or 'bash wrapsrv'
2) run dnscap
3) add task in crontab, monitor dnscap process
   "*       *       *       *       *       root	pgrep dnscap || (cd /path/of/script-dir && sh"
  1. note

on ubuntu 14.04.2(kernel 4.0.7), dnscap works well.
on Centos 6(kernel 2.6.32.*), dnscap works well.
on FreeBSD 10.0, dnscap works well.

linux kernel below 3.19, dnscap sometimes lost packets.
so if choose Linux and use dnscap to capture packet, please upgrage your kernel.

the latest dnscap run as user nobody, you should make sure dnscap can wirte pcaps to the data dir or specify a
different user in