how to log to a remote logging server (syslog-ng) from a chroot'ed BIND9?

OpenMacNews bind-users.20.openmacnews at spamgourmet.com
Mon Jul 26 17:31:33 UTC 2004


Jens,

> You can not log to a remote syslog server directly from bind.
>
> The bind logging channel syslog will always talk to a local daemon via
> the /dev/log socket (at least on Linux, I suppose OSX will not behave
> very different).
> In a chrooted environment you have to create an additional socket in the
> jail when starting syslogd, as bind cannot access the systems default
> socket /dev/log from it's jail.
>
> If you're running a local syslog daemon append the option:
>   -a /bindjail/dev/log
> to the syslogd start options to create the socket.
>
> If you're running a local syslog-ng daemon add:
>   source bindlog { unix-stream("/bindjail/dev/log"); };
> to the syslog-ng configuration.
> The local syslog/syslog-ng daemon can then forward the messages to the
> remote central syslog-ng server.
>
>>    (3) am i completely defeating the security of the chroot jail by sending logs _outside_?
>>
>> any pointers, suggestions, etc -- or better yet a relevant howto URL -- would be very much appreciated!
>
> for bind chroot howto check out:
> http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html
>
> for syslog-ng faq check out:
> http://www.campin.net/syslog-ng/faq.html#chroot
>
> Hope that helps,
> Jens

perfect! yes, it does.

simple enuf ...

cheers,

richard


More information about the bind-users mailing list