Metadata-Version: 2.4
Name: dnscrypt-proxy-logs-analyzer
Version: 1.0.0
Summary: Converts dnscrypt-proxy query_log TSV values to Prometheus-compatible metrics.
Author-email: Alexander Pozlevich <apozlevich@gmail.com>
License: MIT License
        
        Copyright (c) 2025 Alexander Pozlevich
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Topic :: System :: Monitoring
Classifier: Typing :: Typed
Requires-Python: >=3.12
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: prometheus-client>=0.23.1
Provides-Extra: dev
Requires-Dist: ruff; extra == "dev"
Dynamic: license-file

# `dnscrypt-proxy-logs-analyzer`

Converts the `dnscrypt-proxy` **query log** into Prometheus metrics, suitable
for the `node_exporter` **textfile collector**.

This is particularly useful on Debian 13 and similar distros, where
dnscrypt-proxy is shipped without built-in Prometheus metrics and without
the old `--analyze-logs` tool.

This script restores observability without replacing packages or running
additional daemons.

> **Target audience:** mostly me, probably future me, and maybe you.

## Features

- Designed for `dnscrypt-proxy 2.1.x` (as packaged by Debian/Ubuntu).
- No daemon / no exporter HTTP listener — works via textfile collector.
- Tracks per-qtype and per-upstream query stats.
- Persists statistics across restarts (does not reset per run).
- Requires zero `logrotate` configuration — logs are truncated automatically.
- Zero external dependencies besides `prometheus_client` (and optionally
  `argcomplete`).

## Install

```bash
pip install dnscrypt_proxy_logs_analyzer
```

Optinally, for CLI completion, install `argcomplete` package.

## Requirements

Your `dnscrypt-proxy` must be configured to log **TSV format**, which this
script parses.

Add to `/etc/dnscrypt-proxy/dnscrypt-proxy.toml`:

```toml
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
format = 'tsv' # REQUIRED
```

If you enable log rotation externally, disable truncation in this script with
`--no-trunc` flag. By default the script **truncates** log file after
processing.

## Usage

```bash
dnscrypt-proxy-logs-analyzer \
  --query-log /var/log/dnscrypt-proxy/query.log \
  --output /var/lib/node_exporter/textfile_collector/dnscrypt-proxy.prom
```

After each run:

- Metrics get updated.
- The query log is truncated.

This makes it safe to run frequently, e.g., every 30 seconds.

## `systemd` timer example

`/etc/systemd/system/dnscrypt-proxy-logs-analyzer.service`:
```ini
[Unit]
Description=Convert dnscrypt-proxy logs to Prometheus metrics
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/dnscrypt-proxy-logs-analyzer
```

`/etc/systemd/system/dnscrypt-proxy-logs-analyzer.timer`:
```ini
[Unit]
Description=Run dnscrypt-proxy log analyzer periodically

[Timer]
OnBootSec=30s
OnUnitActiveSec=1m
AccuracySec=10s
Unit=dnscrypt-proxy-logs-analyzer.service

[Install]
WantedBy=timers.target
```

Enable:

```bash
systemctl daemon-reload
systemctl enable --now dnscrypt-proxy-logs-analyzer.timer
```

Check logs for errors (no output by default):

```bash
journalctl -u dnscrypt-proxy-logs-analyzer.service -f
```

## Output metrics

### Query count

```plain
dnscrypt_proxy_queries_total{qtype="A",result="PASS",upstream="scaleway-fr-ipv6"} 42
```

### Latency histogram in seconds

```plain
dnscrypt_proxy_latency_seconds_bucket{le="0.1",qtype="A",result="PASS",upstream="scaleway-fr-ipv6"} 18
dnscrypt_proxy_latency_seconds_sum{qtype="A",result="PASS",upstream="scaleway-fr-ipv6"} 0.283
dnscrypt_proxy_latency_seconds_count{qtype="A",result="PASS",upstream="scaleway-fr-ipv6"} 18
```

Query results tracked include: `PASS`, `NXDOMAIN`, `NODATA`, `SERVFAIL`, `NETWORK_ERROR`, `TIMEOUT`, etc.

Buckets are `0.001`, `0.005`, `0.01`, `0.025`, `0.05`, `0.1`, `0.25`, `0.5`, `1.0`.

### Self-health metrics

```plain
dnscrypt_proxy_logs_analyzer_last_run_timestamp 1.7614262632420218e+09
dnscrypt_proxy_logs_analyzer_last_run_success 1.0
```

## Why this instead of built-in Prometheus metrics?

Because Debian’s `dnscrypt-proxy` build disables them.

This script provides:

- Observability without replacing the resolver.
- Persistent metrics (survive daemon restarts).
- No running HTTP endpoint.
- No daemon, no background process — runs on a schedule.

## Philosophy

> “Small, deterministic, zero-maintenance tools beat large monitoring stacks.”

## License

MIT License.
