Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please Help..!
I have configured my DNS server with logging channel but still log is writing to /var/log/message file.
Code:
options {
// Default zone file directory for this dns server
directory "/var/named";
// Who can perform queries against this dns server and get answers (default: any)
allow-query { any; };
// Do we permit recursion for our internal hosts, and retrieve data from the cache for them? (default: no)
recursion yes;
listen-on { any; };
// Who can get entire zone files from this dns server (default : none)
allow-transfer {
127.0.0.1;
10.10.100.3;
};
// How many recursive clients does this dns support per second? (the default is 1000)
recursive-clients 100;
// Do we notify zone changes? Prevent DoD attacks (default: no)
notify yes;
// specifies which hosts are allowed to get answers from the cache (default: any)
allow-query-cache { any; };
// Does this server using two or more master servers? (default: yes)
multi-master yes;
// sets the maximum time (in seconds) for which the server will cache negative (NXDOMAIN) answers
max-ncache-ttl 300; //5min
// Hide version number (default: "")
version "";
// bombing sources add here (default: none)
blackhole { none; };
};
logging {
channel bindlog {
file "/var/log/querylog" versions 3 size 5m;
print-time yes;
print-category yes;
print-severity yes;
};
category xfer-out { bindlog;};
category xfer-in { bindlog;};
category security { bindlog;};
};
// we are the master server for gani.com
zone "gani.com" IN {
type master;
file "master/gani.com.frwd.db";
};
zone "100.10.10.in-addr.arpa" IN {
type master;
file "master/gani.com.rev.db";
};
//RNDC
key "rndckey" {
algorithm hmac-md5;
secret "bIbdf9g/H5q0zogV48tMWw==";
};
controls {
inet * port 953
allow { 127.0.0.1; 10.10.100.0/24; } keys { "rndckey"; };
};
First, please read the "Question Guidelines" link in my posting signature, as well as the LQ Rules. Titles such as "help me" are meaningless, and tell no one anything about the issue. Also, without any details, there is NOTHING we can tell you...you don't tell us anything about version/distro of Linux, what you've done/tried so far, any error(s) you're getting, the environment, etc. We can't guess. And please post such huge blocks of configs in CODE tags.
That said, your logging setup looks correct. The documentation can give you many hints...have you looked at any?? Check the permissions on the log file mentioned in your configuration, and the permissions on the DIRECTORY it's in, to make sure the user that your DNS service is running as, has permissions to write to it. Also, are you running in a chrooted environment?? If so, your path needs to reflect that...something like "/var/named/chroot/var/named/named.log"
First, please read the "Question Guidelines" link in my posting signature, as well as the LQ Rules. Titles such as "help me" are meaningless, and tell no one anything about the issue. Also, without any details, there is NOTHING we can tell you...you don't tell us anything about version/distro of Linux, what you've done/tried so far, any error(s) you're getting, the environment, etc. We can't guess. And please post such huge blocks of configs in CODE tags.
That said, your logging setup looks correct. The documentation can give you many hints...have you looked at any?? Check the permissions on the log file mentioned in your configuration, and the permissions on the DIRECTORY it's in, to make sure the user that your DNS service is running as, has permissions to write to it. Also, are you running in a chrooted environment?? If so, your path needs to reflect that...something like "/var/named/chroot/var/named/named.log"
====================================
Thanks for your help.
I am using chroot as you said and have required permissions on the file and folder. I have update the syslog.conf and restarted the services but still named logs are going to /var/log/messages.
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
# rpm -q bind
bind-9.3.6-4.P1.el5_4.2
named process
named 3532 1 0 05:28 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
File permission
# pwd
/var/named/chroot/var/log
-rwxrwxrwx 1 named named 0 Aug 13 04:35 querylog
Folder Permission
/var/named/chroot/var
drwxrwxr-x 2 named named 4096 Aug 13 04:37 log
/etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
named /va/log/querylog
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
I am using chroot as you said and have required permissions on the file and folder. I have update the syslog.conf and restarted the services but still named logs are going to /var/log/messages.
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
# rpm -q bind
bind-9.3.6-4.P1.el5_4.2
named process
named 3532 1 0 05:28 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
File permission
# pwd
/var/named/chroot/var/log
-rwxrwxrwx 1 named named 0 Aug 13 04:35 querylog
Folder Permission
/var/named/chroot/var
drwxrwxr-x 2 named named 4096 Aug 13 04:37 log
Code:
/etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
named /va/log/querylog
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
As said before, please put things in CODE tags. And as said in my previous post, you have defined the log file in the bind configuration...THAT PATH DOES NOT REFLECT the chroot environment, neither does what you posted here for syslog. And after making changes to those files, you have to restart them...did you? Did you check the permissions on the ENTIRE path for the chroot'ed file????
Yes I have checked the file permission and everything seem to be ok. Could you please let me know if anything missing
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
# rpm -q bind
bind-9.3.6-4.P1.el5_4.2
named process
named 3532 1 0 05:28 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
File permission
# pwd
/var/named/chroot/var/log
-rwxrwxrwx 1 named named 0 Aug 13 04:35 querylog
Folder Permission
/var/named/chroot/var
drwxrwxr-x 2 named named 4096 Aug 13 04:37 log
AGAIN, since you either missed it or ignored it the last two times:
Check the ENTIRE PATH of the file name for correct permissions.
The path you've posted in both the bind and syslog configs are NOT CORRECT for a chrooted path.
After editing those files, you need to restart the service.
You're missing ALL of those in your response...posting the same things again doesn't help, and if you did check the aforementioned items, you now need to post the results of those commands.
And, since you're using RHEL, have you contacted Red Hat support?? You are PAYING FOR RHEL, RIGHT????
Now I have added below entry in /etc/syslog.conf. But now logs is writing up in both file ie.. /var/log/messages and /var/named/chroot/var/log/querylog
daemon.* /var/named/chroot/var/log/querylog
=============================
# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
daemon.* /var/named/chroot/var/log/querylog
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
AGAIN, since you either missed it or ignored it the last two times:
Check the ENTIRE PATH of the file name for correct permissions.
The path you've posted in both the bind and syslog configs are NOT CORRECT for a chrooted path.
After editing those files, you need to restart the service.
You're missing ALL of those in your response...posting the same things again doesn't help, and if you did check the aforementioned items, you now need to post the results of those commands.
And, since you're using RHEL, have you contacted Red Hat support?? You are PAYING FOR RHEL, RIGHT????
You forgot to mention the missing CODE tags again. ;-)
Now I have added below entry in /etc/syslog.conf. But now logs is writing up in both file ie.. /var/log/messages and /var/named/chroot/var/log/querylog
Code:
daemon.* /var/named/chroot/var/log/querylog
# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
daemon.* /var/named/chroot/var/log/querylog
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
ONCE AGAIN, PLEASE USE CODE TAGS..this is now the THIRD TIME you've been told/asked. Is there a particular reason you're ignoring things?
And think about what you've posted. "daemon.*" is going to one file...and *.info is going to messages. This means that daemon.info is ALSO going to messages, isn't it????
Ah, I tend to put those in CODE tags as well. Thanks, and keep up the great work.
Quote:
Originally Posted by TB0ne
ONCE AGAIN, PLEASE USE CODE TAGS..this is now the THIRD TIME you've been told/asked. Is there a particular reason you're ignoring things?
And think about what you've posted. "daemon.*" is going to one file...and *.info is going to messages. This means that daemon.info is ALSO going to messages, isn't it????
Thankyou... I have fixed this and now all looks Good
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Problem with DNS logging channel
Issue with DNS Logging Channel
I didn't notice that, until you pointed it out.
