brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Jun 14. 2017

23. DNS 로그 남도록 설정 하는법 ?

5.7. DNS 로그 남도록 설정 하는법 ?


주의 : DNS logging은  Bind버전마다 지원하는 옵션이 틀립니다.

잘못 설정하면 데몬 자체가 뜨지 않습니다.

테스트서버에 반드시 설정해보고 서비스서버에 적용바랍니다 ~


주의 : DNSlogging은  Bind버전마다 지원하는 옵션이 틀립니다.

잘못 설정하면 데몬 자체가 뜨지 않습니다.

테스트서버에 반드시 설정해보고 서비스서버에 적용바랍니다 ~


1)log를남길 옵션을 설정한다.


log.conf  파일생성 


/etc# vi   log.conf 
logging { 
      channel ch_default_log { 
        file "/var/log/dns_default.log" versions 3 size 20m;
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_config_log { 
        file"/var/log/dns_config.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 


    channel ch_queries_log { 
        file"/var/log/dns_queries.log"  versions 5 size 30m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_lame-servers_log { 
        file"/var/log/dns_lame-servers.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_update_log { 
        file"/var/log/dns_update.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_xfer-in_log { 
        file"/var/log/dns_xfer-in.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_xfer-out_log { 
        file"/var/log/dns_xfer-out.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_notify_log { 
        file"/var/log/dns_notify.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 

   channel ch_security_log { 
        file"/var/log/dns_security.log"  versions 3 size 20m; 
        severity debug; 
        print-category yes; 
        print-severity yes; 
        print-time yes; 
    }; 


    channel ch_response-checks_log { 
         file"/var/log/dns_response-checks.log"  versions 3 size 20m; 
         severity debug; 
         print-category yes; 
         print-severity yes; 
         print-time yes; 
     }; 

    category default { ch_default_log; }; 
     category config { ch_config_log; }; 
     category queries { ch_queries_log; }; 
     category lame-servers { ch_lame-servers_log; }; 
     category update { ch_update_log; }; 
     category xfer-in { ch_xfer-in_log; }; 
     category xfer-out { ch_xfer-out_log; }; 
     category notify { ch_notify_log; }; 
     category security { ch_security_log; }; 
 }; 




2) named.conf  에  log.conf  를 읽도록 추가 한다.


/etc# more /etc/named.caching-nameserver.conf
options {
       directory       "/var/named";
       dump-file       "/var/named/data/CACHE_dump.db";
        statistics-file"/var/named/data/named_stats.txt";
        memstatistics-file"/var/named/data/named_mem_stats.txt";
        recursion yes;

};

include"/etc/named.rfc1912.zones";

include"/etc/log.conf";



3.  로그디렉토리 권한 부여 하기

etc#chown -R named.named /var/log/



4.로그보기

log#ls -al dns*
-rw-r--r-- 1 named named     0  9?? 7 22:56dns_config.log
-rw-r--r-- 1 named named 10766  9?? 7 22:56 dns_default.log
-rw-r--r-- 1 named named     0  9?? 7 22:56dns_lame-servers.log
-rw-r--r-- 1 named named   289  9?? 7 22:56 dns_notify.log
-rw-r--r-- 1 named named 38996  9?? 7 22:57 dns_queries.log
-rw-r--r-- 1 named named     0  9?? 7 22:56 dns_response-checks.log
-rw-r--r-- 1 named named 37473  9?? 7 22:57 dns_security.log
-rw-r--r-- 1 named named     0  9?? 7 22:56dns_update.log
-rw-r--r-- 1 named named     0  9?? 7 22:56dns_xfer-in.log
-rw-r--r-- 1 named named     0  9?? 7 22:56dns_xfer-out.log





다음

https://brunch.co.kr/@topasvga/219


브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari