Syslog with BIND on CentOS
John Thurston
john.thurston at alaska.gov
Fri May 21 18:39:05 UTC 2021
On 5/20/2021 2:17 PM, Anand Buddhdev wrote:
> You could also log directly to files (bypassing syslog), and then have
> some process follow the files and send the logs to a remote server.
This seems rather inefficient, but there are established and flexible
tools to do just this.
Without changing the configuration of my named (which is currently
logging to a local file), I can make rsyslogd consider that file an
input source. Once in, the parsing and output modules can then work on it.
This relies on the input module "imfile", and the output module "omfwd"
https://rsyslog-doc.readthedocs.io/en/latest/configuration/modules/idx_input.html
imfile appears to follow log rotations cleanly. A limitation I see is
everything is assigned the same syslog facility.priority values.
It remains to be seen if this process can keep up with the query volume.
Warning: When started for the first time, imfile will read the existing
file and start forwarding. If the query log already contains 800MB of
lines, those will all be read in and passed through the parser and
output modules.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the bind-users
mailing list