Bind Queries log file format
Mukund Sivaraman
muks at isc.org
Fri Feb 3 14:01:15 UTC 2017
Hi John
On Fri, Feb 03, 2017 at 01:43:50PM +0000, MURTARI, JOHN wrote:
> Folks at ISC,
>
> > I agree, there are an awful lot of systems and SIEM products that
> > process querylogs. This one change will require a huge amount > of
> > re-engineering work in customer environments.
>
> You know we love you and the work you do! But changing that log
> format was really a bad idea. I saw your original response that
> we should report it as a 'bug' and it was added so you could
> help us debugging problems.
>
> IMHO -- it's not a bug (in the classic sense), it was an
> intentional change. Regarding needing more info for debug, I'd
> encourage the approach a lot of tools take: add a debug option
> to the config, start params, etc... to activate the feature.
We have the debug log level, but consider the case when an operator has
a non-deterministic or rare crash that isn't reproducible because the
operator has no information about what caused it. All we have is the
config, log that was already generated before the crash and perhaps a
backtrace and core to deduce the steps leading to the crash. It's not
possible to re-run that scenario with debug logging.
I'll create a ticket to put the client pointer at the end if that'll
help, but note that the syntax in 9.10 was not consistent either. 9.10
would log the client pointer when the client object didn't have a valid
peer.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170203/883db263/attachment.bin>
More information about the bind-users
mailing list