Multiple logs

Matus UHLAR - fantomas uhlar at
Sun Dec 27 18:36:13 UTC 2015

>>On 26.12.15 20:30, kev wrote:
>>>I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>>indivudual IP.  Ive googled it but didnt find what i was looking

>Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
>>I'd choose logging at kernel level in iptables firewall.
>>ULOG and ulogd can log to libpcap format

On 27.12.15 19:12, Reindl Harald wrote:
>since when is iptables a logging tool?

since it can log, it can be used for logging.

>don't abuse it and it's "-j LOG" for such things

it's "-j ULOG" a.k.a. userspace log and it's used with ulogd, the userspace
logging daemon.
learn the difference and don't comment before.

>besides you risk a self-DOS when not be very careful and bother a 
>critical system layer with non critical stuff it hardly has the 
>capability to write different logs for different IP's,

so what? it _can_ be used for logging and its usage mostly depends what the
original poster means by "log by individual ip".
The original post indicates hat OP wants to log only traffic from specific
IPs, where ulog is best until BIND learns query logging only for specific

> frankly it don't write any logs at all, just the kernel ring-buffer

which means it is not self-dos when cone carefully.

>just use the default query log and grep within cron

yes, why log selectively when we can log everything and then drop the rest. 
Especially when it requires much more computing power and overhead...

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (

More information about the bind-users mailing list