Error with logging channel audit_log
Chris Buxton
cbuxton at menandmice.com
Tue Aug 12 20:38:43 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The path of your audit_log channel does not look correct. Is this
running inside a chroot jail? If so, what is the path of the chroot
jail? Let's call that path $CHROOT. Check that there is a directory
here:
$CHROOT/chroot/named/logs/
Chris Buxton
Professional Services
Men & Mice
On Aug 12, 2008, at 11:57 AM, Mark A. Moore wrote:
> We need help trying to troubleshoot our issue. We are running RHEL
> 5.2 and installed the latest version of BIND by following the steps
> provided by Steve's article in a chroot jail (http://www.unixwiz.net/techtips/bind9-chroot.html
> ). I've added a few additional options recommended by Rob (http://www.cymru.com/Documents/secure-bind-template.html
> ). We are getting an error when BIND starts up regarding our log
> file. Bind still starts up, but since this error in the messages
> log, we are not getting any named syslog messages.
>
> The message is:
> named[25935]: logging channel 'audit_log' file '/var/log/named.log':
> file not found
>
> The permission for named.log is a follows -rw-r--r-- root named.
>
> Here is a partial output of named.conf file:
>
> logging {
> channel default_syslog {
> // Send most of the named messages to syslog.
> syslog local2;
> severity debug;
> };
>
> channel audit_log {
> // Send the security related messages to a separate file.
> file "/chroot/named/logs/named.log";
> severity debug;
> print-time yes;
> };
>
> category default { default_syslog; };
> category general { default_syslog; };
> category security { audit_log; default_syslog; };
> category config { default_syslog; };
> category resolver { audit_log; };
> category xfer-in { audit_log; };
> category xfer-out { audit_log; };
> category notify { audit_log; };
> category client { audit_log; };
> category network { audit_log; };
> category update { audit_log; };
> category queries { audit_log; };
> category lame-servers { audit_log; };
> };
>
> // Set options for security
> options {
> directory "/conf";
> pid-file "/var/run/named.pid";
> statistics-file "/var/run/named.stats";
> memstatistics-file "/var/run/named.memstats";
> dump-file "/var/run/named.dump";
>
>
>
> Thanks in advance for any help given.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkih9NMACgkQ0p/8Jp6Boi2SfgCdFGhMiwJzSvEkRgJFPzzhawAi
scEAnj2h9BJOgp0bNWZPK+Dwjiou319Z
=diHq
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list