Sending Log Messages to a Particular File

.4.1 Problem

You want to send some or all of a name servers log messages to a particular file.

.4.2 Solution

Add a logging statement to the name servers named.conf file, creating a new file log channel and sending output in one or more categories to that channel.

For example, to create a channel called security_log that writes logged messages to the file security.log in the name servers working directory, you could use this logging statement:

logging {
 channel security_log {
 file "security.log";
 };
};

By default, the channel logs any messages at severity info or higher. You can adjust this using the severity substatement:

logging {
 channel security_log {
 file "security.log";
 severity error; // Query logging is at severity info
 };
};

This logging statement doesn do anything useful yet, because no categories of messages are actually assigned to the channel. To specify a channel to send output in a particular category to, add a category substatement to your logging statement. For example:

logging {
 channel security_log {
 file "security.log";
 };

 category security { "security_log"; };
};

Both BIND 8 and BIND 9 categorize most messages they log, but they use different category names. See "Category Details" in Chapter 7 of DNS and BIND for a list. One difference that merits special mention is BIND 8s default category; in BIND 8, default includes both categories of messages not explicitly assigned to a channel and messages that aren categorized. BIND 9 name servers still use the default category for the former purpose, but the new general category for the latter.

.4.3 Discussion

By default, the name server will only log the message itself to the log channel. The print-time channel substatement tells the name server to print a timestamp before the logged message, which produces output like this:

Jun 26 15:49:41.554 client 192.168.0.1#1889: update foo.example/IN denied

Heres how to set print-time in the security_log channel:

logging {
 channel security_log {
 file "security.log";
 severity error; // Query logging is at severity info
 print-time yes; // Print a timestamp with each message
 };
};

Its not always obvious which category a given message is assigned to. If you need to figure out the category a particular message is in, see Section 10.6.

.4.4 See Also

Section 10.6 for determining the category of a message, Section 10.9 for setting up log file rotation, and "The Logging Statement" in Chapter 7 of DNS and BIND.


Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net