Dnsmonster Versions Save

Notable Changes:

• Brand new documentation dnsmonster.dev
• Capture now accepts dash (---pcapFile=-) as a more elegant solution to #9
• Dev container populated for each commit (docker pull ghcr.io/mosajjal/dnsmonster:dev)
• Fixed a bug in dnstap pushing data to ClickHouse when the IP address is omitted
• SIGPIPE is now handled gracefully in Linux
• Major performance improvements to skipDomains and allowDomains. dnsmonster no longer uses a basic suffix and prefix string match. Instead, it uses a Ternary Search Tree to provide a much faster solution. I've tested Cisco Umbrella 1M against my test pcap as suffix matching. and there was almost no performance degredation! A small sample of the csv:

$ head top-1m-umbrella.csv
google.com.,suffix
www.google.com.,suffix
microsoft.com.,suffix
netflix.com.,suffix
data.microsoft.com.,suffix
ftl.netflix.com.,suffix
prod.ftl.netflix.com.,suffix
events.data.microsoft.com.,suffix
api-global.netflix.com.,suffix
safebrowsing.googleapis.com.,suffix

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.2...v0.9.3

What's Changed

• added vxvlan support
• switched Docker image from Dockerhub to GHCR
• more graceful exit
• metric for invalid packets by @edevil in https://github.com/mosajjal/dnsmonster/pull/24
• added proxy support for Splunk HEC
• performance optimizations for Go 1.18
• Updated metric formatting
• minor fixes in ipv6
• log output formatting option
• caller name only shows on DEBUG log level

Full Changelog: https://github.com/mosajjal/dnsmonster/compare/v0.9.1...v0.9.2

CHANGES:

• Fixed typo in Prometheus flag
• Automatically put the interfaces in promiscuous mode unless otherwise enforced by flag

v0.9.x is here, and wer're edging closer to a stable v1 release!

BREAKING:

• removed --printStatsDelay flag
• renamed plural Splunk parameters to singular form

FEATURES:

• New Metrics system, with support for prometheus and statsd
• Kafka now supports multiple endpoints (thanks @edevil)

FIXES:

• Migrated clickhouse driver to v2
• various dnstap improvements
• major CSV output performance enhancements
• Sentinel bug-fixes and improvements.

CHANGES:

• configurable Clickhouse Database (thanks @dstruck)
• various fixes in dnstap (thanks @edevil)
• raw packets is working again
• compression and better load balancing for Kafka output (thanks @edevil )
• cleaner exit for smaller pcap files
• memprofile and cpuprofile are working better and exit cleanly

ADDED:

• Microsoft (Azure) Sentinel output
• InfluxDB output
• compression and TLS support for ClickHouse Output

CHANGED:

• Output system is now fully modular and contained in one file
• Major code cleanups to make development easier
• Updated dependencies
• Updated static curl shipped with dnsmonster for autobuild.

• csv output for file and stdout, ready for ML
• new metric and stats
• code cleanup and performance improvements

Non-Linux platform support is much better now.

dnsmonster builds successfully on Windows 11, Mac OS Catalina, FreeBSD 12.3 on amd64, as well as armv7 and aarch64 Linux.

• Added an interface for some captures (afpacket, pcapfile and libpcap)
• removed waitgroups and added an emergency exit, so the process won't hang on SIGINT
• Performance improvement for pcapgo by removing packet reconsecration