Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Logging system (Read 3500 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Logging system

I was trying to debug a problem with named and noticed that the system logger has changed to world/syslog-ng 3.17.2-1  from rsyslog, which I had installed at one point.  I tried to install rsyslog with yoaurt and it failed to compile.

It is not adequately logging events.  I have named configured with this:


logging {
        category default { log_syslog; };
        channel log_syslog { null; };
};

include "/etc/rndc.conf";
controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


But the logging for events I don't see in any log files, not DNS requests and not slave notifications and refreshes.

It is kind of useless to have a server like this.


Re: Logging system

Reply #1
Check your syslog-ng.conf file to see if it is logging and where it is logging.
Chris Cromer

Re: Logging system

Reply #2
I was trying to debug a problem with named and noticed that the system logger has changed to world/syslog-ng 3.17.2-1  from rsyslog, which I had installed at one point.  I tried to install rsyslog with yoaurt and it failed to compile.

It is not adequately logging events.  I have named configured with this:


logging {
        category default { log_syslog; };
        channel log_syslog { null; };
};

include "/etc/rndc.conf";
controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


But the logging for events I don't see in any log files, not DNS requests and not slave notifications and refreshes.

It is kind of useless to have a server like this.



Code: [Select]
This needs to change, I think, first of all to 
logging {
        category default { log_syslog; };
        channel log_syslog { syslog; };
};

There is no /etc/syslog.com FWIW, only /etc/syslog-ng/syslog-ng.conf

If has in it
Code: [Select]
@version: 3.17
@include "scl.conf"
#
# /etc/syslog-ng/syslog-ng.conf
#

options {
  stats_freq (0);
  flush_lines (0);
  time_reopen (10);
  log_fifo_size (10000);
  chain_hostnames (off);
  use_dns (no);
  use_fqdn (no);
  create_dirs (no);
  keep_hostname (yes);
  perm(0640);
  group("log");
};

source src {
  system();
  internal();
};

destination d_authlog { file("/var/log/auth.log"); };
destination d_syslog { file("/var/log/syslog.log"); };
destination d_cron { file("/var/log/crond.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kernel { file("/var/log/kernel.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_news { file("/var/log/news.log"); };
destination d_ppp { file("/var/log/ppp.log"); };
destination d_debug { file("/var/log/debug.log"); };
destination d_messages { file("/var/log/messages.log"); };
destination d_errors { file("/var/log/errors.log"); };
destination d_everything { file("/var/log/everything.log"); };
destination d_iptables { file("/var/log/iptables.log"); };
destination d_acpid { file("/var/log/acpid.log"); };
destination d_console { usertty("root"); };

# Log everything to tty12
destination console_all { file("/dev/tty12"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_acpid { program("acpid"); };

log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); filter(f_syslog); destination(d_syslog); };
log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_daemon); destination(d_daemon); };
log { source(src); filter(f_kernel); destination(d_kernel); };
log { source(src); filter(f_lpr); destination(d_lpr); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_news); destination(d_news); };
log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
log { source(src); filter(f_everything); destination(d_everything); };
log { source(src); filter(f_iptables); destination(d_iptables); };

# Log everything to tty12
#log { source(src); destination(console_all); };


I see nothing here for named at all


According to this reliable web source
http://www.zytrax.com/books/dns/ch7/logging.html

Quote
syslog syslog_facility    'syslog' indicates that this channel will use syslogd logging features (as defined in syslog.conf). The syslog_facility is the facility definition for 'syslog' and may be found in syslog's man pages. From the grammar above 'file', 'syslog', 'stderr' and 'null' are mutually exclusive for a 'channel'.

there is no syslog.conf obviously..

 

Re: Logging system

Reply #3
The first problem is the logging is wrong on named.conf

Quote
logging {
        category default { log_syslog; };
        channel log_syslog { null; };
};

Changed to

Code: [Select]
logging {
        category default { log_syslog; };
        category queries { log_syslog; };
        channel log_syslog {
                        syslog daemon;
                        severity info;
                    };

Next to connect it to syslog-ng

Code: [Select]
destination d_mail { file("/var/log/mail.log"); };
destination d_named { file("/var/log/named.log"); };
destination d_news { file("/var/log/news.log"); };

filter f_mail { facility(mail); };
filter f_named { facility(daemon) and program("named"); };
filter f_news { facility(news); };

log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_named); destination(d_named); };
log { source(src); filter(f_news); destination(d_news); };


named is using the daemon facilty so it is not showing in a few locations.  It is best to exclude it from the other files with the filters...

which I will do eventually.