ClearOS, by default, sends a log of all the DNS queries that hit the local caching server to the system log service. However, there is not log file set up for these messages. A simple change can register these queries to a log file but caution should be used as this log can grow very big on an active network. That being said, this can be a very, VERY effective tool for monitoring traffic for two reasons.
You will need to modify the /etc/rsyslog.conf file and add the following line near the bottom of the file:
daemon.debug /var/log/daemon.log
Once you have made the change, restart the rsyslog service. A simple 'reload' of the service will NOT work.
service rsyslog restart
Now you will see the DNS queries flow into this file. To make sense of it, you will likely want to view it with search tools. You can also view it live. Here are some examples:
tail -f /var/log/daemon.log
tail -f /var/log/daemon.log | grep dnsmasq
tail -f /var/log/daemon.log | grep dnsmasq | grep "query\[A\]"
tail -f /var/log/daemon.log | grep dnsmasq | grep "query\[A\]" | grep 192.168.1.101
Since this file is chatty, you may want to remove the logging of this data. To do this merely remove the line in /etc/rsyslog.conf which was added at the start or comment it so that you can refer to it later:
#daemon.debug /var/log/daemon.log
Be sure to restart the rsyslog service:
service rsyslog restart