06-12-2001 11:48 PM
In our DNS Server running HPUX 11.00,
all DNS logs are getting appended to
We would like to redirect these DNS logs to
a separate file for easy administration.
Can any one tell the procedure to achieve this.
Thanks in Advance,
06-12-2001 11:54 PM
Should you wish to disabled the syslog entries perform the following:
1. install DNS patch or replacement.
[PHNE_20618/PACHRDME/English] : s700_800 10.X BIND 4.9.7 components
2. run named command with -X option.
# named -X
* To set option in boot file,
# vi /etc/rc.config.d/namesvrs
06-13-2001 12:46 AM
Why not extract these entries from the syslog.log file?
# Extract DNS info
cat /var/adm/syslog/syslog.log |grep dns >> /tmp/DNS.log
# Clean the syslog.log
cat /var/adm/syslog/syslog.log |grep ?v dns >> /var/adm/syslog/syslog.log
Ensure that the grep ?dns? extracts the info you require.
This can either be cronned or menu driven .
06-13-2001 01:58 AM
I wanted to have separate log file for DNS logs and remaning all the logs let be there in syslog.log itself.
I want the same to get appended automatically by the system.
If it can be done by editing /etc/syslog.conf.......how ?
Can any one tell how to configure syslog for this requirement?
Thanks in Advance
06-13-2001 02:33 AM
if you want ot can disable all the degubing option of the dns with the command /usr/sbin/sig_named
here is the link to see the doc :
it will also will be a big help if you will give up with details about the message that you are getting in the syslog but i thing that the sig_named will help with ( the ip is level 2 )
06-13-2001 02:40 AM
Best bet is to read the man pages thoroughly.
I use a separate log, which you can define in /etc/syslog.conf on mail servers for mail logs, dns entries for DNS servers, etc...
Remember that you will have to edit the startup script /sbin/init.d/syslog to rotate any new logs.
I can not believe that people so quickly want to delete everything! Dont listen to the lazy people who dont want to know about their systems! Especially with all of the BIND vulnerabilities, it is good to know who is using your servers, and for what. If you blind yourself by removing the NFO, your more prone to be succeptable to an attack/hack/DOS, etc...
06-13-2001 03:26 AM
Which version of BIND do you use? With BIND 8/9 you can use the "logging", "channel" and "category" directives to configure logging channels.
For the "category default" you can then use your own file channel instead of the syslog channel that BIND normally uses.
06-13-2001 03:31 AM
Not just a response but another question.
I know it's possible to separate some types of
logs : kern, mail, daemon,... But it's define
by /usr/include/syslog.h and there is nothing
about named (dns) ! DNS is a part of deamon
class so how to separate dns from other deamons ?
To extract information from syslog you can
see that lines about named already contain
"named" so you can use :
grep named /var/adm/syslog/syslog.log
to do that.