RPZ logging
Blason R
blason16 at gmail.com
Sun Apr 29 05:08:37 UTC 2018
hmm..ok let me try. Since I am also wrting parsers in logstash wondering
what exactly would be the log setting I need to pick up.
On Sun, Apr 29, 2018 at 9:12 AM, Bob Harold <rharolde at umich.edu> wrote:
>
> On Sat, Apr 28, 2018 at 11:29 PM, Blason R <blason16 at gmail.com> wrote:
>
>> Hi Folks,
>>
>> I have been struggligng with exact RPZ/Bind option/statement which
>> enables the logging for RPZ and shows if the query matches RPZ zone.
>>
>> Can someone please help me?
>>
>>
> I think the required rpz logging related lines in my named.conf are:
>
> logging {
>
> channel "rpz_file" {
> file "/var/log/named/rpz.log" versions 10 size 104857600;
> severity dynamic;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
>
> category "rpz" {
> "rpz_file";
> };
> };
>
> You might want less versions and/or a smaller size - my values allow rpz
> logs to fill 1gb of disk.
>
> --
> Bob Harold
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180429/52c9cd31/attachment.html>
More information about the bind-users
mailing list