LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-29-2015, 06:31 AM   #1
jp.saurabh@gmail.com
LQ Newbie
 
Registered: Jan 2015
Posts: 3

Rep: Reputation: Disabled
Please help me to start My DNS Server Logging.


I am facing problem in enabling the DNS Log making in named.conf file.
My /etc/named.conf file structure is as follows:
-------------------------------------------------------------
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 10.40.124.2; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.40.124.2; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "/var/log/named.run";
severity dynamic;
print-time yes;
};

channel queries_channel {
file "/var/log/queries.log";
severity dynamic;
print-time yes;
print-severity yes;
};
channel security_channel {
file "/var/log/security.log" versions 3 size 5m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};

channel update_security_channel {
file "/var/log/updates.log" versions 3 size 5m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};

channel dnssec_channel {
file "/var/log/dnssec.log" versions 3 size 5m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};

channel xfers_channel {
file "/var/log/zone_transfers.log" versions 3 size 5m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};

category queries { queries_channel; };
category security { security_channel; };
category update-security { update_security_channel; };
category dnssec { dnssec_channel; };
category xfer-out { xfers_channel; };
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
----------------------------------------------------------------
My DNS Server works fine. Only it cannot make the log.
when I will run this command:
#dig -x 10.40.124.2
the result comes fine but the log is not make in /var/log/queries.log file.
The named is running without chroot enviroment.
Please help me in solving this.
 
Old 01-29-2015, 11:08 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,258

Rep: Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436
Quote:
Originally Posted by jp.saurabh@gmail.com View Post
I am facing problem in enabling the DNS Log making in named.conf file.
My /etc/named.conf file structure is as follows:

My DNS Server works fine. Only it cannot make the log.
when I will run this command:
#dig -x 10.40.124.2
the result comes fine but the log is not make in /var/log/queries.log file. The named is running without chroot enviroment.
The first (and most obvious) thing to check is, do those file actually EXIST??? What are the permissions on those files? On the directory(s) they're in? If DNS isn't running as root, does the user it IS running as, have permissions to write to those directories/files???
 
Old 01-30-2015, 01:00 AM   #3
jp.saurabh@gmail.com
LQ Newbie
 
Registered: Jan 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks TB0ne.
I have made the desired files & able to get the log in it.
Now I have one another problem.
I need to send these log to syslog server which is another machine.
So please help me to guide how to send these logs to syslog server which is on another machine.
I will share you the rsyslog configuration file on this (client) machine as well as rsyslog file on server side.
Below is the rsyslog file on this client machine.
------------------------------------------------------------------------------
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

*.* @@10.40.124.3:514:514

# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/iport, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
#
# ### end of the forwarding rule ###
-------------------------------------------------------------------------------------
Now Below I will share you the rsyslog server conf file.
-------------------------------------------------------------------------------------
# rsyslog configuration file
# note that most of this config file uses old-style format,
# because it is well-known AND quite suitable for simple cases
# like we have with the default config. For more advanced
# things, RainerScript configuration is suggested.

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
#module(load"immark") # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* /var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg musrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/iport, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
$template TmplAuth, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log
$template TmplMsg, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log

authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
~
~
----------------------------------------------------------------------------------
Now both files are mentioned...
Please tell me how to get the logs created by DNS server on syslog log server & also maintain it on locally also.
Please help me dear..
Thanks
 
Old 01-30-2015, 09:45 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,258

Rep: Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436Reputation: 4436
Quote:
Originally Posted by jp.saurabh@gmail.com View Post
Thanks TB0ne.
I have made the desired files & able to get the log in it. Now I have one another problem. I need to send these log to syslog server which is another machine. So please help me to guide how to send these logs to syslog server which is on another machine. I will share you the rsyslog configuration file on this (client) machine as well as rsyslog file on server side. Below is the rsyslog file on this client machine.

Now both files are mentioned... Please tell me how to get the logs created by DNS server on syslog log server & also maintain it on locally also.
Please help me dear..
Read the LQ Rules and the "Question Guideline" links in my posting signature. You need to open a new thread for a new question. Also, please check your usage of the word "dear".

Performing basic research and trying to look things up on your own is the best first step. If you had tried to look at the rsyslog website:
http://www.rsyslog.com/plugins/

..you'd have seen a plugins page. One of them is a plugin for logging things going to/from a TCP port. Install it and configure it to monitor the DNS port, which then put events into your syslog, and from there, can send them to another server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure & start DNS Server in Linux ? arpanroy1987 Linux - Server 2 12-14-2009 07:55 PM
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 06:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:50 PM
DNS Logging Problem JJX Linux - Networking 0 04-15-2004 11:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration