Logging question
Mark Andrews
marka at isc.org
Fri Sep 9 01:45:24 UTC 2011
update-security
In message <OF5AB352C4.0BE87F82-ON85257905.0063BDB6-85257905.0065B0C2 at e1b.org>,
WBrown at e1b.org writes:
> Running an Ubuntu server with the distro provided named 9.4.2.df. After
> taking ISC's Intro to DNS and BIND class, I've gotten the courage to
> tackle some of the logging tweaks I would like. All the lame server
> errors are happily being delivered to the null channel. I also figured
> out how to log queries for troubleshooting and keep it from filling the
> hard drive.
>
> On one of our servers, there are a number of Windows systems that are
> attempting to update zones which we do not allow. It is not possible to
> get all those machines changed to turn off this "feature." I thought I
> should be able change the logging to deliver these messages to a custom
> channel for testing, and then change it to the null channel when I was
> satisfied with the results. Unfortunately, it doesn't work.
>
> Here is the copy of my logging statement:
>
>
> logging {
>
> channel query_log {
> file "query.log"
> versions 3
> size 20m;
> print-time yes;
> print-category yes;
> print-severity yes;
> };
>
> // category queries { query_log; };
>
>
> // Send all lame server errors to the null channel
> category lame-servers { null; };
>
> // send all dynamic update messages to the null channel
> // too bad it don't work!
> category update { query_log; };
> };
>
> Logged messages are like this:
>
> Sep 8 14:09:22 ns1 named[19392]: client 172.19.161.22#53489: update
> '19.172.IN-ADDR.ARPA/IN' denied
>
> In addition to the update category, I tried client and security
> categories. Errors continued to be logged in /var/log/daemon.log instead
> of query.log (eventually null).
>
> Any suggestions?
>
> --
>
> William Brown
> Web Development & Messaging Services
> Technology Services, WNYRIC, Erie 1 BOCES
>
>
>
>
> Confidentiality Notice:
> This electronic message and any attachments may contain confidential or
> privileged information, and is intended only for the individual or entity
> identified above as the addressee. If you are not the addressee (or the
> employee or agent responsible to deliver it to the addressee), or if this
> message has been addressed to you in error, you are hereby notified that
> you may not copy, forward, disclose or use any part of this message or any
> attachments. Please notify the sender immediately by return e-mail or
> telephone and delete this message from your system.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list