Syslog with BIND on CentOS

Petr Menšík pemensik at redhat.com
Fri May 21 10:44:36 UTC 2021 

Hello John,

I think it should be possible to use chroot and have there custom socket
mapped directly to rsyslog.

bind-chroot should be available in CentOS, try running
named-chroot.service instead of named.service.

I have not tried it on real installation, but I guess it should be
easiest way to use arbitrary socket different than common one.

Regards,
Petr

On 5/20/21 11:34 PM, John Thurston wrote:
> Many years ago, when we ran ISC BIND on Solaris, we created a logging
> channel to send the logged-queries to the local syslogd. We then had our
> local syslogd forward most of the traffic on to a central syslog server.
> 
> I just tried to re-implement something like that on CentOS, and thought
> I had it working . . until it was exposed to full production traffic
> load. The output to our central syslog server was truncated, and my
> local system log was filled with messages saying jourald was activating
> ratelimiting. !?
> 
> My subsequent read of the docs indicates that BIND on CentOS 7, while
> being told it is sending to 'syslogd', is sending to 'journald' which is
> handling all the messages and forwarding them on to 'syslogd'. I don't
> want journald handling my thousands of messages per second from BIND. I
> don't want that information in my journal logs. I just want it out in
> the central syslog server.
> 
> Is there some direct way to get the logging channel of BIND pointed
> directly into the local syslogd? (which would then apply its forwarding
> rules to get traffic to the central syslog server)
> 
> I thought about trying to rip jourald out entirely, and quickly decided
> that was a path to madness.
> 
> The only thing I can come up with is to activate dnstap, and have some
> other process absorbing the data and spewing it directly to the central
> syslogd.
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210521/6b483848/attachment.bin>

More information about the bind-users mailing list