dnstap: how to read log in realtime?
I tried to use knot dnstap module using current stable knot-2.3.3, and debian stretch libs (jessie -t testing) protobuf-c-compiler, libprotobuf-c-dev, libfstrm-dev
and this knot.conf:
mod-dnstap:
- id: capture_all
sink: /tmp/capture.tap
template:
- id: default
global-module: mod-dnstap/capture_all
so when i use "sink: /tmp/capture.tap", capture.tap doesn't update in realtime, it updates only every 4096 bytes. its empty until 4096, then 8192, etc..
I also tried this command to create socket
fstrm_capture -t protobuf:dnstap.Dnstap -u /tmp/dnstap.sock -w /tmp/capture.tap -ddddd
with "sink: /tmp/dnstap.sock" but here capture.tap never filled, I restarted knotd , but looks like it not even connect to this sock.