CentOS 5 Server :: Rotating Named Logs Via Syslog.conf?
Mar 1, 2010
OS CentOS 5.4 I have a DNS server that is logging all named and dns requests to the chrooted named directory. By default named logs to /var/log/messages but I want to isolate all the dns queries and requests to separate files. I know I can add entries to /etc/syslog.conf to "roll" the logs and logrotate should pick them up but fuzzy as to the syntax. I don't know what "tag" to use in the first fieild. for example
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none/var/log/messages
I am using Cent OS 5.5 and i want configure DNS, but while configuring bind i am getting below error.
#/etc/init.d/named restart Stopping named: [ OK ] Starting named: Error in named configuration: /etc/named.conf:57: open: /etc/named.root.hints: file not found[FAILED]
I've installed squid 2.7 stable9 in centos 5.4 x32 bit. I've installed and configured it successfully, its working fine. I want to clear few doubts, for that your kind help is needed. Parallely, I've configured another server using binary rpms with same squid version (2.7 stable9). I found that it creates a /etc/logrotate.d/squid for rotating log files (access.log, cache.log, store.log). Which is properly rotating log files using compress, dateext and size options (i manually added the size option).
But after compiling and installing from source code, its automatically not created. I want to rotate the log files in the same way as it is doing when i install using binary rpms. Below logfile_rotate entry is present in my squid.conf file (in source code installation scenario) logfile_rotate 10 Below logfile_rotate entry is present in my squid.conf file which is commented (in binary rpm installation scenario) #logfile_rotate 10 I want to rotate the log files by size (as I've more than 200 users, these logfiles size increasing very fast, ie. approx 80 MB per hour), with compress and dateext option.
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But
i've made a big update of almost 300Mb.I'had a working DNS server.Now, when i boot the box, named works and it resolves all the clients.If i make any change (enter a new client for example) and of course i restart named (service named restart), named stop but does not start again !!!In order to get a working named, i 'm obliged to reboot the box?
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
I've been scanning the apache2 docs for the past few days and have not come up with an answer my following issue:
In my httpd.conf file, at the very end, I have the line
Include conf/vhosts/vhost_*.conf
However, when I run apache checkconfig or try to start apache, it gives me the error:
httpd: Syntax error on line 993 of /etc/httpd/conf/httpd.conf: Could not open configuration file /etc/httpd/conf/vhosts/vhost_1.conf: Permission denied
It appears as if the Include line is correct - in terms of it grabbing the first virtual host conf file. However, I'm confused on the permissions. the /etc/httpd folder is owned by root:root, as are the subfolders. As a test, I chown'd the conf/vhost folder combination and all the vhost files to apache:apache to see if that made a difference, and it appeared to make no difference at all. The log files don't contain anything (assumed because apache isn't starting). If I place the contents of the vhosts in a singular vhosts.conf it works - with the permissions set to root:root. I'd like to avoid having to use one vhosts conf for the configuration I'm trying to achieve - as it would make my life a lot easier.
i installed php-syslog-ng 2.9.8m in RHEL5 box. I saw logs from the local machine once the cron execute in every one minute.I dont need to appear those in my syslog console. I want to disable these from my linux box.How can i archive this
CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes 404 Not Found /admin/phpmyadmin/scripts/setup.php: 1 Time(s) /admin/pma/scripts/setup.php: 1 Time(s) /admin/scripts/setup.php: 1 Time(s) /db/scripts/setup.php: 1 Time(s) /dbadmin/scripts/setup.php: 1 Time(s) [Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
I've suddenly stopped getting emails from logwatch which runs on an Ubuntu server daily using cron.After a good day or so of troubleshooting, I was able to establish that it was the 'Service = named' line in my logwatch.conf file, which was stopping the emails from coming through. If I commented out this line, the logwatch emails come through with no issues, uncomment, and I don't get an email. I don't get any error from logwatch itself when I run it, even with '--debug high', leading me to think that my email configuration is setup ok, at least. Furthermore, I tried running logwatch with '--output file --format html' and logwatch produces a valid html file.
I then thought: "Could I have a entry in my Bind/named log files which could be rejected by my ISP's smtp server?". So, (to the best of my knowledge) I cleared out the log files in /var/log that contained messages from named. I then ran logwatch (including the named service in my logwatch.conf file) and I got an email through, with a pretty much empty named section, which is exactly what I anticipated. Great! - it's fixed.
So, the cron.daily ran early this morning, but still no email in my inbox when I got up. I then tried to run 'logwatch --Range today' and lo and behold, I got a logwatch report email, which included a named section, with log entries in there. So it seems that something that's been logged by named overnight to my logfiles (i.e. '--Range yesterday') has caused issues again with logwatch's ability to send reports through my ISP's smtp servers.
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
I am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that
I tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
I open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
I got CentOS 5.4 with LAMP. Installed Plesk, tried to configure it, and then error - Quote:Unable to restart Named: dnsmng failed: dnsmng failed: dnsmng: Service /etc/init.d/named failed to restart
i meet problem on named service, i want to configure my DNS with bind...after i /etc/init.d/named statusThis shows :"rndc: connect failed: 127.0.0.1#953: connection refusednamed is stopped"
don't find box of BIND so i was posting into this boxI have some problem when i config bind DNS for my domain and then i can't start named,this's error message
[root@server1 named]# service named restart Stopping named: [ OK ] Starting named:
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
I have a dual-processor x86 box with CentOS 5 Linux 2.6.18-238.19.1.el5, mysql Ver 14.12 Distrib 5.0.77, and tons of storage space. I want to run a syslog solution on this box for a SOHO infrastructure. We've got routers, switches, Windows servers, other Linux boxes, etc. I've looked at syslog-ng, but it seems rather overkill, but I like the idea of storing logs in a MySql database. Is there anything I can yum install?
Missing Syslog.conf file First I installed VM Ware. I then installed Debian on a virtual machine which appears to be running fine. (except I have no network connectivity) but I digress. The real issue is that there is no syslog.conf in etc directory or anywhere else.
I have installed bind from the repos and am trying to setup a caching name server. After copying the stock name-cachinging.conf to named.conf, I tweaked named.conf to reflect my LAN:
options { listen-on port 53 { 127.0.0.1; 192.168.1.102; }; listen-on-v6 port 53 { ::1; };
I was studying for RHCE exam,and the only problem I cant query these records from the same server Every time I dig myself it digs the ICANA example website But from anther computer it works fine
