Logging Exploration

Thomas Duterme thomas at madeforchina.com
Tue Mar 27 21:57:11 UTC 2001


Hi Everyone,

I've been running a couple of name servers for a while for a small organization (under 100 people).  I never played around too much with logging statements in named.conf, but decided it was time to start.  (In the past, I've browsed syslog messages for errors and problems)

The resource that our nameservers take up are quite low.  We are in the range of a couple thousand requests per hour (we run a few large mailing lists which cause most of those lookups).  
So this weekend, I decide to play around with logging and add the following to our internal split just to experiment:

logging {
        channel my_file {
                file "bind.log";
                severity dynamic;
                print-category yes;
                print-severity yes;
        };
        channel my_file2 {
                file "bind_query.log";
                severity dynamic;
        };
        category default   { my_file; };
        category panic     { my_file; };
        category packet    { my_file; };
        category eventlib  { my_file; };
        category queries   { my_file2; };
};

The first channel gets filled up to 7M of log messages in about a day.  So I continue and add the second channel, just to log queries and find out where people are going.

Tt was quite neat  to run a tail -f and watch the lookup mechanisms do their thing.

Now aside from finding out what naughty sites my fellow colleagues go to *in real time*, what do other people use the logging option for?  I can see query, security and statistics as being rather interesting categories, but there's tons of other cats...

I'm very curious to hear what the other, more experienced DNS admins use logging for and how they monitor these logs.  (periodic manual scans, cronjob scripts, etc.)

Thanks,
-Thomas




More information about the bind-users mailing list