I l@ve RuBoard Previous Section Next Section

10.4 Sending Log Messages to a Particular File

10.4.1 Problem

You want to send some or all of a name server's log messages to a particular file.

10.4.2 Solution

Add a logging statement to the name server's named.conf file, creating a new file log channel and sending output in one or more categories to that channel.

For example, to create a channel called security_log that writes logged messages to the file security.log in the name server's working directory, you could use this logging statement:

logging {
    channel security_log {
        file "security.log";
    };
};

By default, the channel logs any messages at severity info or higher. You can adjust this using the severity substatement:

logging {
    channel security_log {
        file "security.log";
        severity error;    // Query logging is at severity info
    };
};

This logging statement doesn't do anything useful yet, because no categories of messages are actually assigned to the channel. To specify a channel to send output in a particular category to, add a category substatement to your logging statement. For example:

logging {
    channel security_log {
        file "security.log";
    };

    category security { "security_log"; };
};

Both BIND 8 and BIND 9 categorize most messages they log, but they use different category names. See "Category Details" in Chapter 7 of DNS and BIND for a list. One difference that merits special mention is BIND 8's default category; in BIND 8, default includes both categories of messages not explicitly assigned to a channel and messages that aren't categorized. BIND 9 name servers still use the default category for the former purpose, but the new general category for the latter.

10.4.3 Discussion

By default, the name server will only log the message itself to the log channel. The print-time channel substatement tells the name server to print a timestamp before the logged message, which produces output like this:

Jun 26 15:49:41.554 client 192.168.0.1#1889: update foo.example/IN' denied

Here's how to set print-time in the security_log channel:

logging {
    channel security_log {
        file "security.log";
        severity error;    // Query logging is at severity info
        print-time yes;    // Print a timestamp with each message
    };
};

It's not always obvious which category a given message is assigned to. If you need to figure out the category a particular message is in, see Section 10.6.

10.4.4 See Also

Section 10.6 for determining the category of a message, Section 10.9 for setting up log file rotation, and "The Logging Statement" in Chapter 7 of DNS and BIND.

    I l@ve RuBoard Previous Section Next Section