Multiple logs

classic Classic list List threaded Threaded
9 messages Options
kev
Reply | Threaded
Open this post in threaded view
|

Multiple logs

kev
I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.
Thanks, 


Sent via the Samsung Galaxy S® 6, an AT&T 4G LTE smartphone

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: Multiple logs

John W. Blue

As far as I know, BIND can only log queries in general.  As such you can always grep the query log for the IP you are looking for.

 

John

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of kev
Sent: Saturday, December 26, 2015 7:30 PM
To: [hidden email]
Subject: Multiple logs

 

I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.

Thanks, 

 

 

Sent via the Samsung Galaxy S® 6, an AT&T 4G LTE smartphone


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Matus UHLAR - fantomas
In reply to this post by kev
On 26.12.15 20:30, kev wrote:
>I am using bind9 with ubuntu 14.04. I was wondering how to log by
> indivudual IP.  Ive googled it but didnt find what i was looking
> for.Thanks, 

I'd choose logging at kernel level in iptables firewall.
ULOG and ulogd can log to libpcap format.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Reindl Harald


Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
> On 26.12.15 20:30, kev wrote:
>> I am using bind9 with ubuntu 14.04. I was wondering how to log by
>> indivudual IP.  Ive googled it but didnt find what i was looking
>> for.Thanks,
>
> I'd choose logging at kernel level in iptables firewall.
> ULOG and ulogd can log to libpcap format

since when is iptables a logging tool?
don't abuse it and it's "-j LOG" for such things

besides you risk a self-DOS when not be very careful and bother a
critical system layer with non critical stuff it hardly has the
capability to write different logs for different IP's, frankly it don't
write any logs at all, just the kernel ring-buffer

just use the default query log and grep within cron


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Matus UHLAR - fantomas
>>On 26.12.15 20:30, kev wrote:
>>>I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>>indivudual IP.  Ive googled it but didnt find what i was looking
>>>for.Thanks,

>Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
>>I'd choose logging at kernel level in iptables firewall.
>>ULOG and ulogd can log to libpcap format

On 27.12.15 19:12, Reindl Harald wrote:
>since when is iptables a logging tool?

since it can log, it can be used for logging.

>don't abuse it and it's "-j LOG" for such things

it's "-j ULOG" a.k.a. userspace log and it's used with ulogd, the userspace
logging daemon.
learn the difference and don't comment before.

>besides you risk a self-DOS when not be very careful and bother a
>critical system layer with non critical stuff it hardly has the
>capability to write different logs for different IP's,

so what? it _can_ be used for logging and its usage mostly depends what the
original poster means by "log by individual ip".
The original post indicates hat OP wants to log only traffic from specific
IPs, where ulog is best until BIND learns query logging only for specific
IPs.

> frankly it don't write any logs at all, just the kernel ring-buffer

which means it is not self-dos when cone carefully.

>just use the default query log and grep within cron

yes, why log selectively when we can log everything and then drop the rest.
Especially when it requires much more computing power and overhead...

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Reindl Harald


Am 27.12.2015 um 19:36 schrieb Matus UHLAR - fantomas:

>>> On 26.12.15 20:30, kev wrote:
>>>> I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>>> indivudual IP.  Ive googled it but didnt find what i was looking
>>>> for.Thanks,
>
>> Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
>>> I'd choose logging at kernel level in iptables firewall.
>>> ULOG and ulogd can log to libpcap format
>
> On 27.12.15 19:12, Reindl Harald wrote:
>> since when is iptables a logging tool?
>
> since it can log, it can be used for logging.
- used
+ abused

>> just use the default query log and grep within cron
>
> yes, why log selectively when we can log everything and then drop the
> rest. Especially when it requires much more computing power and overhead...

http://www.zytrax.com/books/dns/ch7/logging.html
syslog versus file

http://www.rsyslog.com/doc/v8-stable/configuration/filters.html


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Matus UHLAR - fantomas
>>>>On 26.12.15 20:30, kev wrote:
>>>>>I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>>>>indivudual IP.  Ive googled it but didnt find what i was looking
>>>>>for.Thanks,

>>>Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
>>>>I'd choose logging at kernel level in iptables firewall.
>>>>ULOG and ulogd can log to libpcap format

>>On 27.12.15 19:12, Reindl Harald wrote:
>>>since when is iptables a logging tool?

>Am 27.12.2015 um 19:36 schrieb Matus UHLAR - fantomas:
>>since it can log, it can be used for logging.

On 27.12.15 19:55, Reindl Harald wrote:
>- used
>+ abused

bullshit. Please learn the difference between LOG and ULOG before
commenting.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Reindl Harald


Am 27.12.2015 um 20:08 schrieb Matus UHLAR - fantomas:

>>>>> On 26.12.15 20:30, kev wrote:
>>>>>> I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>>>>> indivudual IP.  Ive googled it but didnt find what i was looking
>>>>>> for.Thanks,
>
>>>> Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas:
>>>>> I'd choose logging at kernel level in iptables firewall.
>>>>> ULOG and ulogd can log to libpcap format
>
>>> On 27.12.15 19:12, Reindl Harald wrote:
>>>> since when is iptables a logging tool?
>
>> Am 27.12.2015 um 19:36 schrieb Matus UHLAR - fantomas:
>>> since it can log, it can be used for logging.
>
> On 27.12.15 19:55, Reindl Harald wrote:
>> - used
>> + abused
>
> bullshit. Please learn the difference between LOG and ULOG before
> commenting
don't strip quotes

http://www.zytrax.com/books/dns/ch7/logging.html
syslog versus file

http://www.rsyslog.com/doc/v8-stable/configuration/filters.html

how the hell should the kernel in a useful way replace the *querylog* by
working on the *packet level* - a sloppy "I'd choose logging at kernel
level in iptables firewall. ULOG and ulogd can log to libpcap format"
don't answer any question and libpcap is hardly helpful for a querylog



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Multiple logs

Matus UHLAR - fantomas
In reply to this post by Matus UHLAR - fantomas
Hello,

>On 26.12.15 20:30, kev wrote:
>>I am using bind9 with ubuntu 14.04. I was wondering how to log by
>>indivudual IP.  Ive googled it but didnt find what i was looking
>>for.Thanks, 

On 27.12.15 18:07, Matus UHLAR - fantomas wrote:
>I'd choose logging at kernel level in iptables firewall.
>ULOG and ulogd can log to libpcap format.

kev, just for sure: do you want selectively logs requests only from
particulas IP addresses?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users