DNSTran is a free utility to speed up the process of DNS lookups and to
translate IP addresses into domain names in log files. In one step you can
lookup IP addresses in your server log file, replace them with the correct
domain names, and compress the log file for long term archiving. DNSTran will
work with any log file format. When used with Analog it can be 50 times faster,
or more, than Analog alone at doing DNS lookups.

Web servers run more efficently if they have DNS lookups turned off. DNSTran
can then process the log files, replacing IP addresses with domain names and
(optionaly) compressing the log file. The resulting log file can be archived or
used with any log analysis tool. DNSTran takes a log file specified on the
command line, and translates it to "<<<old-name>>>.gz". DNSTran expires failed
lookups after six weeks and successful lookups after 18 weeks.

Analog is fast, really fast, until you turn on the NUMLOOKUP option. DNSTran is
a tool to speed that up. Using DNSTran I was able to process a 23.6Meg log file
in 18 minutes (DNSTran and Analog) as compared to a time of about 15 hours
using Analog alone. With NUMLOOKUP off, Analog takes less than a minute.

Analog can read the compressed log files directly so you can delete the
original log file to save disk space and reconfigure Analog to read the .gz
files. The compressed log file already has the DNS names subsituted for the IP
addresses so you can turn NUMLOOKUP OFF in Analog if you have it read the
compressed log files.

DNSTran can also be used to create a "dnscahce" file compatable with Analog,
Analog will then do the DNS translations internaly. To use DNSTran in this way
you should set "translate" to "off", "private" to "off", and set the correct
"offset" and "divisor" values based on your Analog version number in the
dnstran.cfg file. Then run DNSTran before running Analog. You then configure
Analog to do DNS lookups and to have an expire time of more than 18 weeks. For
versions of Analog prior to 2.9, change analog.cfg to have the following
settings:
	NUMLOOKUP ON
	DNSFRESHHOURS 3030
For versions of Analog 2.9, 3.0, or higher, change analog.cfg to have the
following setting:
	DNS READ

DNSTran has a configuration file named "dnstran.cfg" which must be in the same
folder you are in when you invoke DNSTran. There are several configuration
commands that control the lookup and translation process. Lines in the
configuration file starting with '#' are comments.

'translate' - yes or no. Controls the translation pass. If set to no, DNSTran
will not write a translated log file. The default is yes.

'compress' - yes or no. Controls compression of the translated log file. If set
to yes the log file will be written with GZip compression and an extension of
'.gz'. Otherwise it will be written as a text file with an extension of '.out'.
The default is yes.

'level' - a single digit from 0 to 9. Controls the level of compression used on
translated log files when compression is on. This number is passed to the ZLib
code. Higher numbers result in better compression and longer run times. The
default is 6.

'verbose' - yes or no. Controls verbose progress messages. Yes means print
progress messages. The default is yes on the Mac and no on other platforms.

'private' - yes or no. Controls the format of the DNS cache file. Yes creates a
small cache file that can not be used by Analog. No makes the cache file
larger, but is compatable with Analog.

'offset' and 'divisor' control the time format used in the DNS cache file.
Different versions of Analog require different formats for the time.

Analog 2.1.1d or earlier (this is the default) use:
offset	-126144000
divisor	1

Analog 2.1.1e or newer but before 2.9 use:
offset	0
divisor	1

Analog 2.9 or newer (e.g. 3.0) use:
offset	-36815040
divisor	60

'cache' - The file name to use for the DNS cache file. 'dnscache' is the
default.

'force-exit' - yes or no. Setting this to yes will cause DNSTran to exit even
if there are warning messages.

'expire-good' - number of days from 1 to 365. The number of days after the last
appearance in a processed log to expire successful lookups.

'expire-failed' - number of days from 1 to 365. The number of days after the
original lookup to expire failed lookups.


The "-h" command line option will tell you what the command line options are.
They follow the config file setting but have a more compact format. The name of
the file to process is required and should be the last argument.


DNSTran is freeware.  It is copyright  1997,8 by Jason T. Linhart.  I give you
permission to use it.  You may also give copies to friends, so long as you
include all of the files in the original package without modification.  It may
not be sold or commercially distributed without a written licence from me.  It
may be included in archives, and distributed on CD-ROM or on other formats so
long as there are no charges for these services other than shipping, handling
and the cost of media.  Use or distribution of DNSTran indicates your agreement
to these terms.

GZip file IO uses the ZLib library from Jean-loup Gailly (gzip@prep.ai.mit.edu)
and Mark Adler (madler@alumni.caltech.edu). The zlib home page is:
http://quest.jpl.nasa.gov/zlib/

For the latest information and updates check:
http://summary.net/soft/dnstran.html

Program by:
Jason T. Linhart
http://summary.net/
jason@summary.net
