rhel5中配置DNS服务器的日志
默认named的日志功能是关闭的,可以使用rndc status查看,如下所示:
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
使用rndc querylog开启named的日志功能,如下所示:
#rndc querylog
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
下来在/var/named/chroot/var/named目录下创建一个named.log文件名,这个文件名字随便叫,创建完了后设置权限,如下所示:
#chown named.named /var/named/chroot/var/named/named.log
#chmod 755 /var/named/chroot/var/named/named.log
如果你开启了selinux还要设置相应权限,如果selinux状态为enforcing,你做如下设置,系统会提示named没有权限访问named.log文件,不论我做怎样修改,还是提示无权限,最后我把selinux状态改为permissive状态,named的相关信息写入了named.log文件,但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限,我使用了restorecon命令后,哪个警告信息还是会出现的,怎么解决这个以后再说,如果你有好的建议,请说明一下。结果是如下所示:
#chcon -u system_u named.log
到此这个文件的相关设置就完成了,下来配置/etc/named.conf文件,在此文件里加入以下内容:
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
重启你的named进程,以后你的dns相关信息就会出现这个文件里!
阅读(1083) | 评论(0) | 转发(0) |
