logging clause bind 9.x versions ..

Chris Buxton cbuxton at menandmice.com
Mon Mar 3 17:14:56 UTC 2008


The actual list of logging categories has changed between versions of  
BIND 9. You can configure around this, creating the extra category  
statements for later versions. (Right now, for example, any message of  
category update-security on your newer server is going to go into the  
deafult_file channel, whereas on your older server those messages will  
go into security_file.)

The specific text of log messages and formatting has also changed  
between versions. I do not believe there is any way to control the  
date format in the log message, and I'm certain there's no way to  
control the text of the message itself. Yes, they added a view  
declaration for logged queries (and other log messages). No, BIND  
9.2.x cannot be made to mimic this.

A solution would be to upgrade your version 9.2.3 installation to  
9.4.2, and then configure whatever log watching program you're using/ 
writing to work with those log messages.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Mar 3, 2008, at 2:27 AM, <vincent.blondel at ing.be> <vincent.blondel at ing.be 
 > wrote:

>
> Hello,
>
> Maybe this is a stupid question but I really do not find any answer to
> my problem. I already browsed the manual and did not find any history
> explanation on logging clause.
>
> So I am busy with setting-up a common logging clause on all my Bind
> servers and this is just the behaviour difference I noticed with all  
> my
> servers.
>
> Below what I defined with Bind 9.2.3 and 9.4.1-P1 ..
>
> logging {
>
>  channel default_file { file "/var/log/default.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel general_file { file "/var/log/general.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel database_file { file "/var/log/database.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel security_file { file "/var/log/security.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel config_file { file "/var/log/config.log" versions 5 size 10m;
> severity info; print-time yes; };
>  channel resolver_file { file "/var/log/resolver.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel xfer-in_file { file "/var/log/xfer-in.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel xfer-out_file { file "/var/log/xfer-out.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel notify_file { file "/var/log/notify.log" versions 5 size 10m;
> severity info; print-time yes; };
>  channel client_file { file "/var/log/client.log" versions 5 size 10m;
> severity info; print-time yes; };
>  channel unmatched_file { file "/var/log/unmatched.log" versions 5  
> size
> 10m; severity info; print-time yes; };
>  channel queries_file { file "/var/log/queries.log" versions 10 size
> 10m; severity info; print-time yes; };
>  channel network_file { file "/var/log/network.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel update_file { file "/var/log/update.log" versions 5 size 10m;
> severity info; print-time yes; };
>  channel dispatch_file { file "/var/log/dispatch.log" versions 5 size
> 10m; severity info; print-time yes; };
>  channel dnssec_file { file "/var/log/dnssec.log" versions 5 size 10m;
> severity info; print-time yes; };
>  channel lame-servers_file { file "/var/log/lame-servers.log" versions
> 5 size 10m; severity info; print-time yes; };
>
>  category default { default_file; };
>  category general { general_file; };
>  category database { database_file; };
>  category security { security_file; };
>  category config { config_file; };
>  category resolver { resolver_file; };
>  category xfer-in { xfer-in_file; };
>  category xfer-out { xfer-out_file; };
>  category notify { notify_file; };
>  category client { client_file; };
>  category unmatched { unmatched_file; };
>  category queries { queries_file; };
>  category network { network_file; };
>  category update { update_file; };
>  category dispatch { dispatch_file; };
>  category dnssec { dnssec_file; };
>  category lame-servers { lame-servers_file; };
>
> };
>
> .. and this is what I get with Bind 9.2.3
>
> Mar 03 11:19:44.568 client 10.66.116.185#1025: query: ... IN A
>
> and with 9.4.1-P1
>
> 03-Mar-2008 11:10:43.953 client 209.85.146.133#27772: view external:
> query: ... IN MX -E
>
> As you can see it entry log is different because date is not written  
> the
> same way. I also get the view definition with 9.4.1 but not with  
> 9.2.3.
>
> My question is simple .. Is this normal due to logging clause update
> during 9.x versions ... is there a way getting in 9.2.3 the same log
> entry as the one I get with 9.4.1-P1.
>
> Regards
> Vincent
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
>
>



More information about the bind-users mailing list