23. DNS 로그 남도록 설정 하는법 ?
5.7. DNS 로그 남도록 설정 하는법 ?
주의 : DNS logging은 Bind버전마다 지원하는 옵션이 틀립니다.
잘못 설정하면 데몬 자체가 뜨지 않습니다.
테스트서버에 반드시 설정해보고 서비스서버에 적용바랍니다 ~
주의 : DNSlogging은 Bind버전마다 지원하는 옵션이 틀립니다.
잘못 설정하면 데몬 자체가 뜨지 않습니다.
테스트서버에 반드시 설정해보고 서비스서버에 적용바랍니다 ~
1)log를남길 옵션을 설정한다.
log.conf 파일생성
/etc# vi log.conf
logging {
channel ch_default_log {
file "/var/log/dns_default.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_config_log {
file"/var/log/dns_config.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_queries_log {
file"/var/log/dns_queries.log" versions 5 size 30m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_lame-servers_log {
file"/var/log/dns_lame-servers.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_update_log {
file"/var/log/dns_update.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-in_log {
file"/var/log/dns_xfer-in.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-out_log {
file"/var/log/dns_xfer-out.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_notify_log {
file"/var/log/dns_notify.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_security_log {
file"/var/log/dns_security.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_response-checks_log {
file"/var/log/dns_response-checks.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { ch_default_log; };
category config { ch_config_log; };
category queries { ch_queries_log; };
category lame-servers { ch_lame-servers_log; };
category update { ch_update_log; };
category xfer-in { ch_xfer-in_log; };
category xfer-out { ch_xfer-out_log; };
category notify { ch_notify_log; };
category security { ch_security_log; };
};
2) named.conf 에 log.conf 를 읽도록 추가 한다.
/etc# more /etc/named.caching-nameserver.conf
options {
directory "/var/named";
dump-file "/var/named/data/CACHE_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
recursion yes;
};
include"/etc/named.rfc1912.zones";
include"/etc/log.conf";
3. 로그디렉토리 권한 부여 하기
etc#chown -R named.named /var/log/
4.로그보기
log#ls -al dns*
-rw-r--r-- 1 named named 0 9?? 7 22:56dns_config.log
-rw-r--r-- 1 named named 10766 9?? 7 22:56 dns_default.log
-rw-r--r-- 1 named named 0 9?? 7 22:56dns_lame-servers.log
-rw-r--r-- 1 named named 289 9?? 7 22:56 dns_notify.log
-rw-r--r-- 1 named named 38996 9?? 7 22:57 dns_queries.log
-rw-r--r-- 1 named named 0 9?? 7 22:56 dns_response-checks.log
-rw-r--r-- 1 named named 37473 9?? 7 22:57 dns_security.log
-rw-r--r-- 1 named named 0 9?? 7 22:56dns_update.log
-rw-r--r-- 1 named named 0 9?? 7 22:56dns_xfer-in.log
-rw-r--r-- 1 named named 0 9?? 7 22:56dns_xfer-out.log
다음
https://brunch.co.kr/@topasvga/219
