LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-31-2012, 04:03 AM   #1
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Rep: Reputation: Disabled
Bind logging stopped writing to file


bind9 logging stopped writing logs to my configured file
/var/log/named_query
my sample log entry in the file was
31-Jul-2012 10:38:30.897 client 192.168.2.4#42007: query: pt200204.unica.com IN A + (192.168.2.4
 
Old 07-31-2012, 07:42 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,369
Blog Entries: 54

Rep: Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869
- Is the BIND process running?
- Can the process be restarted and does it keep running?
- If not restartable or running: what do the log files show?
- If the process did run OK beforehand: what did you reconfigure or change wrt BIND and or Syslog?

*BTW please stop creating threads by default in the Linux Security forum if it is not a Linux Security issue,
thanks in advance.
 
Old 07-31-2012, 07:44 AM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
Hi,

Do you have query logging enabled in named.conf? By default it's disabled due to the amount of data it writes in the logfile. Anyway, what gives:
Code:
rndc status|grep query
You can use:
Code:
rndc querylog
to enable query logging temporarily, or see this to enable it permanently (not recommended due to the volume of logs it writes)

Regards
 
Old 07-31-2012, 11:44 PM   #4
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
@all
BIND is up and running
Query logging is ON and working
It was working fine earlier i just deleted the old contents of file named_querylog and restarted bind now it is not writing logs to my named_querylog file
My named.conf is as follows
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries
};

category queries {
query_logging;
};
};
~
~
~
 
Old 08-01-2012, 03:56 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
Quote:
It was working fine earlier i just deleted the old contents of file named_querylog and restarted bind now it is not writing logs to my named_querylog file
How did you delete file contents? What happens if you delete the file and restart bind? Is the file re-created by bind?
If you're running Debian, could be apparmor not allowing bind to write to the logfile

Regards
 
Old 08-01-2012, 04:59 AM   #6
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
I deleted the log file and restarted the bind but it is not creating the log file automatically also if we add a new file path to log file (channel portion) it is not logging to that file
what's the solution please reply asap its urgent
thanks
 
Old 08-01-2012, 07:58 AM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
I'm not running debian but according to this, bind uses /etc/bind/named.conf.log to configure logging. So you may add your query logging there and see if it works

Regards
 
Old 08-02-2012, 12:12 AM   #8
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Everything is ok because rndc status shows
version: 9.7.3
CPUs found: 2
worker threads: 2
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
what's wrong why its not writng the logs to named_query???
 
Old 08-02-2012, 03:10 AM   #9
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
Did you try to use /etc/bind/named.conf.log for query logging?
Comment out the logging part from named.conf and just add:
Code:
category queries{ bind_log; };
in /etc/bind/named.conf.log and see if bind starts logging queries in /var/log/bind.log
 
Old 08-03-2012, 12:39 AM   #10
Balvinder87
Member
 
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
thanks for the reply got it working now
 
  


Reply

Tags
bind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System Logging - File Writing njozwiak Programming 6 08-03-2009 03:33 PM
Ubuntu and Bind - Named log file is not logging info after syslogd restarts Spacetrucker Linux - Server 7 05-13-2009 10:56 AM
BIND - logging file not found buskmann Linux - Networking 5 05-02-2005 11:33 AM
rsyncd: stopped logging properly hamish Linux - Software 0 01-23-2005 11:08 AM
logging stopped! Mux Linux - General 5 10-13-2002 07:28 PM


All times are GMT -5. The time now is 11:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration