Eddy Asked: 2009-09-17 07:16:03 +0800 CST2009-09-17 07:16:03 +0800 CST 2009-09-17 07:16:03 +0800 CST 绑定中每个视图的单独日志设置? 772 我在绑定中设置了一个视图来为 VPN 用户提供不同的结果,但我不提供其他查询,因此非 vpn 查询将失败并路由回他们的内部网络 dns 服务器。它工作正常,但我厌倦了所有填满系统日志的查询“拒绝”消息。 我试着放一个日志 { }; 视图中的部分但绑定抱怨。关于如何为这个特定视图分离安全消息的任何想法? domain-name-system 3 个回答 Voted I like pie 2010-07-08T01:51:54+08:002010-07-08T01:51:54+08:00 不可能为每个视图指定一个日志记录语句。但是,如果您将 syslog 日志记录与 syslog-ng 一起使用,则可以使用过滤器过滤掉消息。 filter f_no_named_denied { not match (regex for the message here); }; 然后将此过滤器应用于您用于 DNS 日志的任何规则。 Greeblesnort 2009-09-17T18:25:36+08:002009-09-17T18:25:36+08:00 这是我的设置(在 named.options.conf 中并加载了包含): logging { channel default_syslog { // Send most of the named messages to syslog. syslog local2; severity debug; }; channel audit_log { // Send the security related messages to a separate file. file "/var/named/system/named.log"; severity debug; print-time yes; }; channel null { null; }; category default { default_syslog; }; category general { default_syslog; }; category security { audit_log; default_syslog; }; category config { default_syslog; }; category resolver { audit_log; }; category xfer-in { audit_log; }; category xfer-out { audit_log; }; category notify { audit_log; }; category client { audit_log; }; category network { audit_log; }; category update { audit_log; }; category queries { audit_log; }; category lame-servers { null; }; }; 如果您使用此方法,请确保旋转此文件,否则它将增长到相当大的比例。 kashani 2009-10-21T15:49:20+08:002009-10-21T15:49:20+08:00 您可以在 Bind 本身而不是 syslog 中执行所有操作。我在我所有的 Bind 9 DNS 服务器上使用这个配置。只需将以下行插入您的 named.conf,运行 named-checkconf 以确保其语法正确,然后重新启动 Bind。一旦你确定它正在工作,你就可以开始搞乱严重性设置和其他部分。我认为重新加载 Bind 应该会接受更改。 logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };
不可能为每个视图指定一个日志记录语句。但是,如果您将 syslog 日志记录与 syslog-ng 一起使用,则可以使用过滤器过滤掉消息。
然后将此过滤器应用于您用于 DNS 日志的任何规则。
这是我的设置(在 named.options.conf 中并加载了包含):
如果您使用此方法,请确保旋转此文件,否则它将增长到相当大的比例。
您可以在 Bind 本身而不是 syslog 中执行所有操作。我在我所有的 Bind 9 DNS 服务器上使用这个配置。只需将以下行插入您的 named.conf,运行 named-checkconf 以确保其语法正确,然后重新启动 Bind。一旦你确定它正在工作,你就可以开始搞乱严重性设置和其他部分。我认为重新加载 Bind 应该会接受更改。