How to log zone transfers and etc [anyone?]

John vo at eudoramail.com
Sat Nov 1 23:09:47 UTC 2003


Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<bnv8ng$rq4$1 at sf1.isc.org>...
> John wrote:
> 
> >vo at eudoramail.com (John) wrote in message news:<bnm3v5$n2m$1 at sf1.isc.org>...
> >  
> >
> >>Hello all:
> >>
> >>BIND 9.2.2 on Solaris 8.
> >>
> >>I was just reading the O'reilly Bind book and the logging section
> >>pretty much confused the heck out of me.
> >>
> >>What I'd like to do:
> >>
> >>- log all zone transfers, allowed and denied.
> >>- log all reloads, when I do an rndc reload.
> >>- Log errors, warnings, death threats.
> >>
> >>And just some other "default" logging that is informative. 
> >>
> >>My logging section in named.conf
> >>
> >>logging { channel security_log {
> >>             file "/var/adm/named-security.log" size 20m;
> >>             print-time yes;
> >>             print-category yes;
> >>                           };
> >>        category security { security_log; };
> >>        category lame-servers { null; };
> >>        category xfer-in { default_syslog; };
> >>        category xfer-out { default_syslog; };
> >>        category update { null; };
> >>        };
> >>
> >>And this is *NOT* doing it for me. 
> >>What changes do I have to make?
> >>
> >>-Thanks.
> >>
> >>-J.
> >>    
> >>
> >
> >Any taker? come on guy, a little help please?
> >
> Well, maybe it would help if you elaborated on "is *NOT* doing it for 
> me". Too much? Too little? Not the right stuff? None at all? What's 
> wrong with what you're getting?
> 
> I have to confess that I'm fairly lazy when it comes to logging. Let me 
> clarify that: I'm not lazy when it comes to *looking* at the logs, but 
> I'm fairly lazy in fine-tuning exactly what gets logged and what 
> doesn't. I have some scripts that do some summarization of the logs and 
> then I just plow through all of the noise looking for interesting stuff. 
> For me, the default logging parameters seem to be fine, and capture most 
> or all of what you're looking for (if you capture all of the way down to 
> daemon.debug).
> 
>                                                                          
>                            - Kevin

Hi:

Well, when my slave server did a zone transfer, I did not see it in
the log and I would like to see it. How about that for now?

-John.


More information about the bind-users mailing list