1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter7.DNS Supported Log Format</title><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Lire User's Manual"><link rel="up" href="pt02.html" title="PartII.Log Formats"><link rel="prev" href="ch06.html" title="Chapter6.Dialup Supported Log Format"><link rel="next" href="ch07s02.html" title="Bind9 Query Log"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter7.DNS Supported Log Format</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch06.html">Prev</a></td><th width="60%" align="center">PartII.Log Formats</th><td width="20%" align="right"><a accesskey="n" href="ch07s02.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="chap:dns-logs"></a>Chapter7.DNS Supported Log Format</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="ch07.html#id2574046">Bind8 Query Log</a></span></dt><dt><span class="section"><a href="ch07s02.html">Bind9 Query Log</a></span></dt></dl></div><p><span class="application">Lire</span> supports query logs of two DNS servers: <span class="productname">Bind 8</span>™
and <span class="productname">Bind 9</span>™.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You have to enable query logging in bind, something which
is not turned on by default.
</p><div class="example"><a name="id2574004"></a><p class="title"><b>Example7.1.Enabling Query Log In <span class="application">Bind</span></b></p><div class="example-contents"><p>To enable query logging in <span class="productname">Bind 8</span>™ or <span class="productname">Bind 9</span>™, you should add
the following to your <code class="filename">named.conf</code>
configuration file:
</p><pre class="screen">
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries
};
category queries {
query_logging;
};
};
</pre></div></div><br class="example-break"></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2574046"></a>Bind8 Query Log</h2></div></div></div><p><span class="productname">Bind 8</span>™'s query logs contain one entry for each DNS query
made to the name server. It logs the time of the query
(you have to set <em class="parameter"><code>print-time</code></em> to
<code class="literal">yes</code> for this), the IP of the requesting
client, the name queried, the type of the query and the
protocol. Recursive queries will have a <code class="literal">+</code> after
the <code class="literal">XX</code> which appears in all query entries.
</p><div class="example"><a name="id2574086"></a><p class="title"><b>Example7.2.Sample <span class="productname">Bind 8</span>™ Query Log</b></p><div class="example-contents"><pre class="programlisting">
10-Apr-2000 00:01:20.307 XX /10.2.3.4/1.2.3.in-addr.arpa/SOA/IN
10-Apr-2000 00:01:20.308 XX+/10.4.3.2/host.foo.com/A/IN
</pre></div></div><br class="example-break"></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch06.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="pt02.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="ch07s02.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter6.Dialup Supported Log Format</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">Bind9 Query Log</td></tr></table></div></body></html>
|
