Class: T53

Inherits:

Object

Object
T53

show all

Defined in:: lib/t53.rb

Instance Method Summary collapse

#initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053', hostname: Socket.gethostname, topic: 'dnslookup/' + hostname, debug: false, ignorelist: []) ⇒ T53 constructor

options: nic: e.g.
#start ⇒ Object

Constructor Details

#initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053', hostname: Socket.gethostname, topic: 'dnslookup/' + hostname, debug: false, ignorelist: []) ⇒ `T53`

options: nic: e.g. eth0, enp2s0f0

# File 'lib/t53.rb', line 18

def initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053', 
                hostname: Socket.gethostname, 
                topic: 'dnslookup/' + hostname, debug: false, ignorelist: [])

  @nic, @host, @port, @topic, @debug = nic, sps_host, sps_port, topic, debug
  @ignorelist = ignorelist
  
end

Instance Method Details

#start ⇒ `Object`

# File 'lib/t53.rb', line 27

def start()

  command = "sudo tcpdump -nt -i #{@nic} udp port 53"
  puts 'command: ' + command.inspect if @debug
  sps = SPSPub.new host: @host, port: @port
  ignorelist = @ignorelist
  prev_domain = ''

  IO.popen(command).each_line do |x|

    puts 'x: ' + x.inspect

    if x =~ /A\?/ then

      match = ignorelist.find {|domain| x =~ /#{domain}/ }        

      next if match 
      domain = x[/(?<=A\?\s)[^\s]+(?=\.)/]
      next if domain == prev_domain

      sps.notice "#{@topic}: " + domain
      prev_domain = domain

      sleep 0.1

    end

  end

end

Class: T53

Instance Method Summary collapse

Constructor Details

#initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053', hostname: Socket.gethostname, topic: 'dnslookup/' + hostname, debug: false, ignorelist: []) ⇒ T53

Instance Method Details

#start ⇒ Object

#initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053', hostname: Socket.gethostname, topic: 'dnslookup/' + hostname, debug: false, ignorelist: []) ⇒ `T53`

#start ⇒ `Object`