Anyone installed and uses dnstap with Bind ? dnstap is used to capture query logs from the dns server without affecting the performance of that server. Since it's on the dns server it gives more information a tcpdump or other capture packet method.
I wanted to know if any one is using this tool? If so, are you sending the events in ArcSight and how. Does it work?
Because we are trying to get the dns query logs into ArcSight and enabling this on the dns server the old way (bind query logging) is really affecting the performance of the dns server.