in a previous post i mentioned how to do bind9 logging.
i found there was too much information in the single file.
instead, i have culled out the different notices in to separate files.
for logrotate, since all the log files are in one directory, all you
need to do is place a wildcard attribute in the configuration file.
and apparmor may hate you and deny you ability to create logs.
if you're like me and like logs to be created under the daemon's name
e.g. /var/log/bind for bind...
edit:
/etc/apparmor.d/usr.sbin.named
and give it /var/log/bind/** rw,
as opposed to /var/log/named ** rw,
# bind.local.log
logging {
channel query_log {
file "/var/log/bind/query.log" versions 3 size 5m;
// Set the severity to dynamic to see all the debug messages.
print-category yes;
print-severity yes;
print-time yes;
severity dynamic;
};
channel update_debug {
file "/var/log/bind/update_debug.log" versions 3 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/bind/security_info.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category queries {
query_log;
};
category security {
security_info;
};
category update-security {
update_debug;
};
category update {
update_debug;
};
category lame-servers {
null;
};
category default {
bind_log;
};
};
# /etc/logrotate.d/bind
/var/log/bind/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 bind bind
postrotate
/usr/sbin/invoke-rc.d bind9 reload > /dev/null
endscript
}
Friday, January 26, 2018
bind9 logging reprise
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment