LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-07-2009, 11:33 AM   #1
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Rep: Reputation: 0
Ubuntu and Bind - Named log file is not logging info after syslogd restarts


Ubuntu ver 8.04.1 and Bind ver 9.4.2

I've set this up as a primary dns server, Bind is the only thing running on it, no gui, etc. I followed the default settings so I have a named.conf, named.conf.options, and named.conf.local file.

I have a log file I labeled as named.log in this path /var/log/bind. I'm using logrotate to rotate out the file.

My problem is that after syslogd restarts in the morning. My named.log file don't start logging info until I restart Bind. The new named.log file gets created and the old files rotate out and compress. All of the other log files in /var/log, syslog, messages, mail, etc, rotate out and compress like they should, after syslogd restarts.

Anyone have a suggestion on how I can solve this problem? I know that I could restart Bind using Cron but I shouldn't have to.

Below are snips of the files I'm using.

I named this one 'bind' and it's in the directory /etc/logrotate.d

/var/log/bind/named.log {
missingok
daily
create 644 bind bind
rotate 7
dateext
compress
}

// Beginning of Logging named.conf.local

logging {

channel audit_log {
file "/var/log/bind/named.log";
// severity debug 3;
print-time yes;

};
channel xfer_in_log {
file "/var/log/xferin.log";
severity debug 3;
print-time yes;
};

channel xfer_out_log {
file "/var/log/xferout.log";
severity debug 3;
print-time yes;
};

category security { audit_log; };
category config { audit_log; };
category resolver { audit_log; };
category xfer-in { xfer_in_log; };
category xfer-out { xfer_out_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { null; };

// End of logging.
};
 
Old 05-08-2009, 04:01 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
You could add the command to restart bind in /etc/logrotate.d/bind, or better yet, ditch logrotate and let bind logging rotete its logs. All you have to do is to use for the file directive something like:
Code:
file "/var/log/bind/named.log" versions 3 size 10m;
 
Old 05-08-2009, 11:29 AM   #3
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
You could add the command to restart bind in /etc/logrotate.d/bind, or better yet, ditch logrotate and let bind logging rotete its logs. All you have to do is to use for the file directive something like:
Code:
file "/var/log/bind/named.log" versions 3 size 10m;
I couldn't get bind logging to rotate the files. That's why I'm trying to use logrotate to do it.
I get this message in syslog when I'm using bind logging.

gk kernel: audit : type=1503 operation=”inode_permission” requested_mask=”a::” name=”/var/log/named.log” pid=5819 profile=”/usr/sbin/named” namespace=”default”

gk named: logging channel ‘query’ file ‘/var/log/named.log’: permission denied

Would you have an idea on why I'd get this error message? Could it be the owner "bind", the group "bind" or the permissions? I've tried changing the owner and group to root and setting the permissions to 777, but no joy. So I'm trying to use logrotate, which does everything I'm asking it to do. So I have two problems related to bind logging.

Another question I have, is what tells the other log files in /var/log/ such as syslog, mail, etc to rotate out and compress? I'm reading syslog.conf, sysklogd, syslogd-listfiles, logrotate, etc. I see some code in syslogd-listfiles that looks promising but the way I interpret it, as long as the file is in /var/log it should rotate out. But this stuff is greek to me, I'm clueless at this point as to what this code really means.

# Test if the file was already rotated within the last n hours
# with n=5
#
sub rotated
{
my $file = shift;
my $nfile;
my $delta = 5 * 60 * 60;
my $now = time();

# /var/log/file -> /var/log/file.0
$nfile = $file . ".0";
if (-r $nfile) {
if (($now - (stat $nfile)[9]) > $delta) {
return 0;
} else {
return 1;
}
}

# /var/log/file -> /var/log/OLD/file.0
$nfile =~ s,(.*)/([^/]+),$1/OLD/$2,;
if (-r $nfile) {
if (($now - (stat $nfile)[9]) > $delta) {
return 0;
} else {
return 1;
}
}

return 0;
}
 
Old 05-08-2009, 11:33 AM   #4
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
And, thanks for the suggestions,for right now I'll restart bind in /etc/logrotate.d/bind, and continue to dig at it.
 
Old 05-08-2009, 01:29 PM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Quote:
gk kernel: audit : type=1503 operation=”inode_permission” requested_mask=”a::” name=”/var/log/named.log” pid=5819 profile=”/usr/sbin/named” namespace=”default”

gk named: logging channel ‘query’ file ‘/var/log/named.log’: permission denied
According to your config, named logs should be in /var/log/bind/named.log and not in /var/log/named.log.
These logs look like it's a permissions issue. I'm not familiar with Ubuntu, but does it use SELinux or something like that for security?

Regarding log compression it's defined in /etc/logrotate.conf

Regards
 
Old 05-11-2009, 09:23 AM   #6
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
According to your config, named logs should be in /var/log/bind/named.log and not in /var/log/named.log.
These logs look like it's a permissions issue. I'm not familiar with Ubuntu, but does it use SELinux or something like that for security?

Regarding log compression it's defined in /etc/logrotate.conf

Regards
I did have named.log in /var/log/ initially, but it didn't rotate out. So I created /bind and modified the config to point to /var/log/bind/. Now it rotates out, but it don't log info until I restart bind9.
I agree in that it does appear to be a permissions issue. But I have granted all permissions, etc and not had any luck. I'll have to do some digging to answer your question about using SELinux for security.

Thanks for the hint on log compression. Here's my logrotate.conf file, the line for compression is commented out. But the files are compressed. It'd make more sense to me if that line wasn't commented out.

I'm going reconfig the setup so that Bind does the rotation and see what shakes out.

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}

/var/log/btmp {
missingok
monthly
create 0664 root utmp
rotate 1
}

# system-specific logs may be configured here
 
Old 05-11-2009, 12:26 PM   #7
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
bathory - Thanks a bunch I think I may have it sorted out. I made bind the owner and group of the /var/log/bind/ directory I created. Root owns /var/log/ so bind don't have permission to write to it. Here's a link I found that explains it. http://www.usenet-forums.com/bind-us...ion-error.html

This morning I reconfigured things so that bind does the logging, then I stopped and restarted bind and I found this line in syslog. "unable to rename log file '/var/log/bind/named.log' to '/var/log/bind/named.log.0': permission denied'. A google search turned up that link. My mistake on the 'inode permission' error description.

After granting bind the permissions and restarting named again, no 'unable to rename log file' line in the syslog file. And it looks like a new log file was started. I'll see what tomorrow brings after syslogd stops and starts.
 
Old 05-13-2009, 10:56 AM   #8
Spacetrucker
LQ Newbie
 
Registered: Oct 2008
Posts: 10

Original Poster
Rep: Reputation: 0
I do have it sorted out and working. This is for the other newbies who stumble across this thread. First, I'm sure this is covered in the Ubuntu documentation somewhere, I just didn't find it, which is my newbie fault. The solution for my problem was to change the ownership of the bind directory that I had created in /var/log/ to the user account bind. I also modified the permissions to 664. A simple thing to do once you know that it needs to be done.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
(bind) named: couldn't open pid file '/var/run/named/named.pid' - any help? samengr Linux - Server 6 04-01-2009 06:22 AM
BIND logging issues - doesn't seem to want to log laggerific Linux - Software 2 10-23-2006 02:08 PM
python: logging can't log info level? Chowroc Programming 2 05-07-2006 03:57 AM
Computer restarts after syslogd restarts birdseye Linux - General 2 03-05-2006 04:27 AM
syslogd and named logs - separate file slimak Debian 3 11-16-2004 01:51 AM


All times are GMT -5. The time now is 12:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration