Ex: query=google.com , yahoo.com
src= xyz-pc , abc-pc
I want to know the count of queries to each domain queried by an individual computer.
For example, If I see a computer xyz-pc going to malicious sites multiple times everyday. I want to create a bin/bucket list to find, how many blocked queries and how many times the source computer has reached out to.
Does this work for you? The
0 on the sort makes it
unlimited (the command has a stupid default that trims the result set). To see what it is doing, just add in each line one by one.