reyjrar/named-axfr.xml

## named-axfr.xml
<!-- AXFR Logs

06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR started
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR ended
06-Mar-2013 09:18:26.971 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR started
06-Mar-2013 09:18:26.974 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR ended

-->

<decoder name="bind-axfr-start">
    <prematch> IXFR started</prematch>
</decoder>

<decoder name="bind-axfr-out">
    <parent>bind-axfr-start</parent>
    <prematch>xfer-out: </prematch>
    <regex offset="after_prematch">^client (\S+)#\d+: view (\S+): transfer of '(\S+)'</regex>
    <order>srcip,extra_data,url</order>
</decoder>
	<!-- AXFR Logs

	06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR started
	06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR ended
	06-Mar-2013 09:18:26.971 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR started
	06-Mar-2013 09:18:26.974 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR ended

	-->

	<decoder name="bind-axfr-start">
	<prematch> IXFR started</prematch>
	</decoder>

	<decoder name="bind-axfr-out">
	<parent>bind-axfr-start</parent>
	<prematch>xfer-out: </prematch>
	<regex offset="after_prematch">^client (\S+)#\d+: view (\S+): transfer of '(\S+)'</regex>
	<order>srcip,extra_data,url</order>
	</decoder>