Last Update 2017.02.10
DnsClush – Analyze and collect dns server query
where is use malware site?
code sign on “Open Source Developer, JuSeong Han”
YOU LIKE IT, CLICK LIKE BUTTON 🙂
Best option – sample
dnsclush -path:c:\log\dns.log -time:2 -server:172.16.253.20 -block -live -achive:30
-sl option archive to send dns log.
2017.02.10 – Bug Fix
2017.01.09 – Check when start program dns log file path.
2016.12.06 – achive option you can use 1-60 min, if you use more to 20min you need to more memory than 4GB.
2016.12.02 – add to code sign for file.
2016.11.16 – change application ssl.
2016.09.28 – fix achive option for used memory(long time collect dns log make problem bic memory use to dnsclush).
2016.08.16 – 1. -small option name change to -sl, -small (seam option)
2. add to -achive option this option you can choice collect dnslog time. If you choice -achive:1-5[min] Collect dns log every 1-5 minute.
2. -sl, -small option collect time every 10 minite.
(-sl, -small option collect to ip about seam domain visit client druing 10 minite.)
2016.08.04 – 1. dns log file delete error fix.
2016.08.02 – 1. -small option add: “collect-ip about site used. ex: www.naver.com – 220.127.116.11. 18.104.22.168 333.333.333.333”
2016.07.29 – 1. fix Encoding error.
2016.07.27 – 1. fix some log parsing error.
2. not parsing to “PTR” record log.
2016.07.25 – 1. add -live option: “only read occur log at last one minite. default option is read to all log of file”
2016.07.21 – 1. -vip option change: “share white/malware site information in asecurity.so”
2. Syslog format change: add to field “process_id” and “application_name”
2016.07.11 – 1. Only logging and check last 1 minite log.
2. install service error fix
2016.07.08 – 1. Only logging and check last 5 minite log.
2. check url error fix
3. log file delete error fix
4. Newtonjson dll error fix
Hi, nice to meet you. i’m Developer Security MVP Ju Seong, Han.
DnsClush is a reliable program that can log and analyze by malware site visit on dns server.
The software can monitor your dns all query the who were visit, in an syslog.
You can easily install service or run console mode.
Security tool for your staff
DnsClush can record all dns query. All activity log send syslog server, which you may analyze at any time.
Activity log offers detailed information.
Activity log offers who access to this uri. So you can know and trace that user.
HOW TO USE….
DNSClush is recording the DNS log, And send Syslog server.
Also check the malware URL and block automatically.
This tool can only send syslog. So it use to SIEM(ArcSight, Splunk, WHORU)
Below screenshot is how to send syslog view.
Frist, You need to enable the dns log.(check below screen shot)
DNSClush is offer below option.
-server: define Syslog server ip.
-time: setting to delete DNS log timerDNS. if input the ‘0’ or not define -time option, never delete DNS log.
*It’s recommand, we recommand to delete the log.
-path: define DNS log path.
-log: enable/disable send syslog server an DNS log. when use this option, disable -small option.
-block: enable/disable block the malware URL by set DNS loopback(127.0.0.1).
-install: Install by services type process. it’s help to process start automatically.
-uninstall: Uninstall by services type process.
-vip: Share malware site and white site information.
-live: Only read occur log at last one minite. default option is read to all log of file.
-sl: collect-ip during 10 min visit to seam site. when use this option, disable -log option.
-achive: you can choice collect log time by minite, ex -achive:2