LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-25-2013, 07:27 AM   #1
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,061

Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
Chroot-BIND Logging


Following the step-by-step in http://en.tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html, I've hit the "huh?" point at the Logging section:
Quote:
2.5 Logging

Unlike a conventional jailbird, BIND can't just scribble its log entries on the walls :-). Normally, BIND logs through syslogd, the system logging daemon. However, this type of logging is performed by sending the log entries to the special socket /dev/log. Since this is outside the jail, BIND can't use it any more. Fortuantely, there are a couple options to work around this.

The Ideal Solution

The ideal solution to this dilemma requires a reasonably recent version of syslogd which supports the -a switch introduced by OpenBSD. Check the manpage for your syslogd(8) to see if you have such a version.

If you do, all you have to do is add the switch ``-a /chroot/named/dev/log'' to the command line when you launch syslogd. On systems which use a full SysV-init (which includes most Linux distributions), this is typically done in the file /etc/rc.d/init.d/syslog. For example, on my Red Hat Linux system, I changed the line

daemon syslogd -m 0

to

daemon syslogd -m 0 -a /chroot/named/dev/log

Interestingly, as of Red Hat 7.2, Red Hat has apparently made this process even easier. There is now a file called /etc/sysconfig/syslog in which extra parameters for syslogd can be defined.

On Caldera OpenLinux systems, they use a daemon launcher called ssd, which reads configuration from /etc/sysconfig/daemons/syslog. You simply need to modify the options line to look like this:

OPTIONS_SYSLOGD="-m 0 -a /chroot/named/dev/log"

Similarly, on SuSE systems, I'm told that the best place to add this switch is in the /etc/rc.config file. Changing the line

SYSLOGD_PARAMS=""

to read

SYSLOGD_PARAMS="-a /chroot/named/dev/log"

should do the trick.

And, last but not least, for FreeBSD 4.3 you can apparently just edit the rc.conf file and put in the following:

syslogd_flags="-s -l /chroot/named/dev/log"

The -s is for security reasons, and is part of the default settings. The -l is a local path on which to put another logging node.

Once you've figured out how to make this change for your system, simply restart syslogd, either by killing it and launching it again (with the extra parameters), or by using the SysV-init script to do it for you:

# /etc/rc.d/init.d/syslog stop
# /etc/rc.d/init.d/syslog start

Once it's been restarted, you should see a ``file'' in /chroot/named/dev called log, that looks something like this:

srw-rw-rw- 1 root root 0 Mar 13 20:58 log

The Other Solutions

If you have an older syslogd, then you'll have to find another way to do your logging. There are a couple programs out there, such as holelogd, which are designed to help by acting as a ``proxy'' and accepting log entries from the chrooted BIND and passing them out to the regular /dev/log socket.

Alteratively, you can simply configure BIND to log to files instead of going through syslog. See the BIND documentation for more details if you choose to go this route.
Question is, what happens if I do something similar to this:
Code:
daemon syslogd -m 0 -a /chroot/named/dev/log
in /etc/rc.d/rc.syslog where, I think, it would look like
Code:
syslogd_start() {
  if [ -x /usr/sbin/syslogd -a -x /usr/sbin/klogd ]; then
    echo -n "Starting sysklogd daemons:  "
    echo -n "/usr/sbin/syslogd "
    /usr/sbin/syslogd -m 0 -a /chroot/named/dev/log
    # prevent syslogd/klogd race condition on SMP kernels
    if ps acx | grep -q udevd ; then
      while [ ! -e /dev/log ] ; do
        sleep 0
      done
    else
      sleep 1
    fi
    echo "/usr/sbin/klogd -c 3 -x"
    # '-c 3' = display level 'error' or higher messages on console
    # '-x' = turn off broken EIP translation
    /usr/sbin/klogd -c 3 -x
  fi
}
I'm trying to run BIND in jail, but I'm wondering if everything will get logged in the jail?

Or is there a better way?

[EDIT]
Other daemons; e.g., hp-upgrade, apcupsd, write to syslog -- seems like that could cause a problem, so maybe figuring out how to have BIND log would be worthwhile?
[/EDIT]

Last edited by tronayne; 07-25-2013 at 07:53 AM.
 
Old 07-25-2013, 12:22 PM   #2
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 184
Blog Entries: 1

Rep: Reputation: 38
I use file option, the top directory is chroot, example file "/logs/named.log", the file is actually in /chroot/logs/named.log; and change severity to debug if you want to log everything.
just create new/modify syslog file in /etc/logrotate.d, if you need back up and gzip log file for backup.

Last edited by number22; 07-25-2013 at 12:36 PM.
 
Old 07-25-2013, 02:36 PM   #3
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,061

Original Poster
Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
Never done this, so please bear with me.

Looking at the manual page for named.conf, there is a section:
Code:
LOGGING
           logging {
                channel string {
                     file log_file;
                     syslog optional_facility;
                     null;
                     stderr;
                     severity log_severity;
                     print-time boolean;
                     print-severity boolean;
                     print-category boolean;
                };
                category string { string; ... };
           };
And I'm thinking that I would specify the file as /chroot/logs/named.log (and create the directory and possibly the file) and comment-out or delete the syslog optional_facility line?
 
Old 07-26-2013, 01:16 AM   #4
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 184
Blog Entries: 1

Rep: Reputation: 38
http://ftp.isc.org/isc/bind9/cur/9.8...html#id2575763

Code:
logging {
              channel simple_log{
                            file "/yourlogdir/yourlogfilename.log" version 3 size 10m;
                            serverity debug 3;
                            print-time yes;
                            print-serverity yes;
              category default {
                            simple_log;
               };
};
under category, you find different subsections (general,network,security,database,etc... beside default) you can add more channels into logging section, if you want to split up logging event to different files.

Code:
logging {
              channel simple_log{
                            file "/yourlogdir/yourlogfilename.log" version 3 size 10m;
                            serverity debug 3;
                            print-time yes;
                            print-serverity yes;
              };
               channel querylog{
                                         file "/yourlogdir/querylog" version 3 size 10m;
                                         severity debug 3;
                                         print-category yes;
                                         print-time yes;
                                         print-severity yes;
                                        };
              category default {
                            simple_log;
               };

              category queries { 
                            querylog;
               };
};
within chroot, your log file is under /yourlogdir directory(no need to specify full directory tree.) For your file system, which is located under /chroot/yourlogdir/,so your back system can locate your file for backup.

Last edited by number22; 07-26-2013 at 11:45 AM.
 
1 members found this post helpful.
Old 07-26-2013, 03:02 AM   #5
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 226Reputation: 226Reputation: 226
named hasn't required the use of syslogd for years now, so yes you can omit the config line to enable it and just log directly to files you specify.

Also if you want log rotation named will do it itself just look at the end of the lines quoted by number22 and you will see the number of files as 'version #' and the max file size for each as 'size #'
 
Old 07-26-2013, 08:10 AM   #6
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,061

Original Poster
Rep: Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769Reputation: 769
Thank you @number22, that pretty much explains it (and the example helps a lot, too).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot and bind rickl Linux - General 2 01-12-2011 02:21 PM
bind-chroot problem rahilmaknojia Linux - Server 1 04-22-2008 10:57 AM
log with bind ( chroot ) pk_kala Linux - Server 1 12-07-2007 04:12 AM
Bind chroot problem dementiaa Linux - Software 3 12-26-2004 04:14 AM
Bind 9 - Chroot problems Nauseous Linux - Networking 2 11-01-2003 04:51 AM


All times are GMT -5. The time now is 03:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration