Disable Bind / Syslog / logrotate
Status: Bind I want to send the logs through Syslog and then rotate daily with logrotate.
Solution:
Bind To get send their logs through Syslog recommend the following steps:
1) Define a new facility in / etc / syslog.conf which we will use as "channel" in Bind. This is very convenient to have a single file with only relevant information DNS and Bind. To set the facility put the following in
/ etc / syslog.conf
local7 .* -/var/log/bind.log
NOTE: You can define local0 facities local7 according to your need
2) Bind Then you will be instructed to use the facity local7 and save the query logs (in my case is the only thing I need, you can store lots of logs relating to other issues such as: lame servers, dnssec, xfer, and many more). In addition to storing the query I want to write the date and time of the DNS query. In
/ etc / named.conf
(options section) adds:
logging {
channel query.log {
severity debug 3;
print-time yes;
syslog local7;
};
query.log category queries {;};}
;
3) Due to the size of logs, then I needed to rotate on a daily basis but first I want to make the rotation wanted to run a script to a point process. For this I made the following configuration in logrotate. To this point edit / etc / logrotate.d / bind and add:
/ var / log / {
bind.log daily
prerotate
/ root / SCRIPTS / dnsqueries.sh
endscript
missingok
rotate 4 compress
create
}
With this step, the file / var / log / bind.log are automatically rotated on a daily basis but before executing the script / root / SCRIPTS / dnsqueries.sh.
More information:
http://zytrax.com/books/dns/ch7/logging.html (DNS Bind Logging)
http://doc.novsu.ac.ru/oreilly/tcpip/ puis/ch10_05.htm (The Unix system log)
Luck hope has been useful,
0 comments:
Post a Comment