Archiving analyzer-d4-balboa

This repository is now archived - to interface D4 with Balboa, the prefered tool is d4-core generic unix socket exporter.


Ingests Type 8 Passive DNS and writes into a linux socket for balboa to consume


go get

Configuration files

  • balboa_socket: path to the UNIX socket
  • redis: path to the d4 redis server
  • redis_queue: uuid of the analyzer’s redis queue


$analyzer-d4-balboa -c conf.sample

Send PassiveDNS data to d4

# passivedns -i eth0 -l /dev/stdout | d4-amd64l -c conf.d4server

Query Balboa GraphQL server

Once you launched the analyzer, pick one of the domains listed in its output and query Balboa (serving here on

curl \
-H 'Content-Type: application/json' \
--data '{"query" : "query{ entries(rrname: \"\", limit: 1) { rrname rrtype rdata time_first time_last sensor_id count } } "}'