|
Ubuntu and Bind - Named log file is not logging info after syslogd restarts
Ubuntu ver 8.04.1 and Bind ver 9.4.2
I've set this up as a primary dns server, Bind is the only thing running on it, no gui, etc. I followed the default settings so I have a named.conf, named.conf.options, and named.conf.local file. I have a log file I labeled as named.log in this path /var/log/bind. I'm using logrotate to rotate out the file. My problem is that after syslogd restarts in the morning. My named.log file don't start logging info until I restart Bind. The new named.log file gets created and the old files rotate out and compress. All of the other log files in /var/log, syslog, messages, mail, etc, rotate out and compress like they should, after syslogd restarts. Anyone have a suggestion on how I can solve this problem? I know that I could restart Bind using Cron but I shouldn't have to. Below are snips of the files I'm using. I named this one 'bind' and it's in the directory /etc/logrotate.d /var/log/bind/named.log { missingok daily create 644 bind bind rotate 7 dateext compress } // Beginning of Logging named.conf.local logging { channel audit_log { file "/var/log/bind/named.log"; // severity debug 3; print-time yes; }; channel xfer_in_log { file "/var/log/xferin.log"; severity debug 3; print-time yes; }; channel xfer_out_log { file "/var/log/xferout.log"; severity debug 3; print-time yes; }; category security { audit_log; }; category config { audit_log; }; category resolver { audit_log; }; category xfer-in { xfer_in_log; }; category xfer-out { xfer_out_log; }; category notify { audit_log; }; category client { audit_log; }; category network { audit_log; }; category update { audit_log; }; category queries { audit_log; }; category lame-servers { null; }; // End of logging. }; |
You could add the command to restart bind in /etc/logrotate.d/bind, or better yet, ditch logrotate and let bind logging rotete its logs. All you have to do is to use for the file directive something like:
Code:
file "/var/log/bind/named.log" versions 3 size 10m; |
Quote:
I get this message in syslog when I'm using bind logging. gk kernel: audit : type=1503 operation=”inode_permission” requested_mask=”a::” name=”/var/log/named.log” pid=5819 profile=”/usr/sbin/named” namespace=”default” gk named: logging channel ‘query’ file ‘/var/log/named.log’: permission denied Would you have an idea on why I'd get this error message? Could it be the owner "bind", the group "bind" or the permissions? I've tried changing the owner and group to root and setting the permissions to 777, but no joy. So I'm trying to use logrotate, which does everything I'm asking it to do. So I have two problems related to bind logging. Another question I have, is what tells the other log files in /var/log/ such as syslog, mail, etc to rotate out and compress? I'm reading syslog.conf, sysklogd, syslogd-listfiles, logrotate, etc. I see some code in syslogd-listfiles that looks promising but the way I interpret it, as long as the file is in /var/log it should rotate out. But this stuff is greek to me, I'm clueless at this point as to what this code really means. # Test if the file was already rotated within the last n hours # with n=5 # sub rotated { my $file = shift; my $nfile; my $delta = 5 * 60 * 60; my $now = time(); # /var/log/file -> /var/log/file.0 $nfile = $file . ".0"; if (-r $nfile) { if (($now - (stat $nfile)[9]) > $delta) { return 0; } else { return 1; } } # /var/log/file -> /var/log/OLD/file.0 $nfile =~ s,(.*)/([^/]+),$1/OLD/$2,; if (-r $nfile) { if (($now - (stat $nfile)[9]) > $delta) { return 0; } else { return 1; } } return 0; } |
And, thanks for the suggestions,for right now I'll restart bind in /etc/logrotate.d/bind, and continue to dig at it.
|
Quote:
These logs look like it's a permissions issue. I'm not familiar with Ubuntu, but does it use SELinux or something like that for security? Regarding log compression it's defined in /etc/logrotate.conf Regards |
Quote:
I agree in that it does appear to be a permissions issue. But I have granted all permissions, etc and not had any luck. I'll have to do some digging to answer your question about using SELinux for security. Thanks for the hint on log compression. Here's my logrotate.conf file, the line for compression is commented out. But the files are compressed. It'd make more sense to me if that line wasn't commented out. I'm going reconfig the setup so that Bind does the rotation and see what shakes out. # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0664 root utmp rotate 1 } # system-specific logs may be configured here |
bathory - Thanks a bunch I think I may have it sorted out. I made bind the owner and group of the /var/log/bind/ directory I created. Root owns /var/log/ so bind don't have permission to write to it. Here's a link I found that explains it. http://www.usenet-forums.com/bind-us...ion-error.html
This morning I reconfigured things so that bind does the logging, then I stopped and restarted bind and I found this line in syslog. "unable to rename log file '/var/log/bind/named.log' to '/var/log/bind/named.log.0': permission denied'. A google search turned up that link. My mistake on the 'inode permission' error description. After granting bind the permissions and restarting named again, no 'unable to rename log file' line in the syslog file. And it looks like a new log file was started. I'll see what tomorrow brings after syslogd stops and starts. |
I do have it sorted out and working. This is for the other newbies who stumble across this thread. First, I'm sure this is covered in the Ubuntu documentation somewhere, I just didn't find it, which is my newbie fault. The solution for my problem was to change the ownership of the bind directory that I had created in /var/log/ to the user account bind. I also modified the permissions to 664. A simple thing to do once you know that it needs to be done.
|
| All times are GMT -5. The time now is 01:31 AM. |