LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page How do I forward named query logs without filling /var/log/messages
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-12-2021, 11:13 AM   #1
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 61

Rep: Reputation: 2
How do I forward named query logs without filling /var/log/messages

Hello,

My issue is slightly different from others that I've seen. There have been other questions about named filling up /var/log/messages and setting named.conf to log to a specific file rather than using syslog.

However, in my case, I have to filter my query logs through rsyslog so that they can be forwarded to Splunk, but I still don't want them filling up /var/log/messages

The way I had set this up is, in my named.conf, I specify:

channel query_log {
syslog local6;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};

And in my rsyslog.conf:

local6.* /apps/named/var/log/query.log
local6.* @@<loggingserver>:<port>

These are the only references to local6 in rsyslog.conf. However, it appears that my query logs are also being replicated into /var/log/messages which is filling up my /var/log partition.

Is there maybe a different way to send query logs to my remote server?

Thanks!
 
Old 05-14-2021, 12:01 PM   #2
elgrandeperro
Member
 
Registered: Apr 2021
Posts: 415
Blog Entries: 2

Rep: Reputation: Disabled
I had the same issue, I believe you just need to add local6.none to /var/log/messages rsyslog.conf entry which will skip local6 entries, not usually a problem since these are just query logs.

This is for old fashioned rsyslog, not syslog-ng.
Last edited by elgrandeperro; 05-14-2021 at 12:04 PM.
 
  


Reply

Tags
bind, named, rsyslog



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables troubleshooting icmp and best place to log /var/log/messages or /var/log/iptables JockVSJock Linux - Security 18 02-12-2016 12:31 AM
/var/adm/messages vs /var/log/messages gomes1333 Linux - General 1 04-06-2010 04:08 AM
(bind) named: couldn't open pid file '/var/run/named/named.pid' - any help? samengr Linux - Server 6 04-01-2009 06:22 AM
file /var/lib/named/var/named/reverse/named.zero failed: file not found Toadman Linux - Software 15 03-18-2009 07:01 PM
chown -R named:named /var/named crash the system? joangopan Fedora 2 09-09-2007 02:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:14 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration