Revision history for Lire
Additions:
channel "misc" {
file "/var/log/misc.log" versions 2 size 25M;
severity info; print-severity no;
print-category yes; print-time yes;
};
channel "querylog" {
file "/var/log/named.log" versions 2 size 25M;
severity info; print-severity no;
print-category no; print-time yes;
};
category "queries" { "querylog"; };
category default { "misc"; };
file "/var/log/misc.log" versions 2 size 25M;
severity info; print-severity no;
print-category yes; print-time yes;
};
channel "querylog" {
file "/var/log/named.log" versions 2 size 25M;
severity info; print-severity no;
print-category no; print-time yes;
};
category "queries" { "querylog"; };
category default { "misc"; };
Deletions:
syslog local2;
};
channel misc {
file "/var/log/named.log";
print-time yes;
};
channel "querylog" {
file "/var/log/query.log"
print-time yes;
};
category default { misc; };
category general { misc; };
category security { misc; };
category config { misc; };
category resolver { misc; };
category xfer-in { misc; };
category xfer-out { misc; };
category notify { misc; };
category client { misc; };
category network { misc; };
category update { misc; };
category queries { misc; };
category lame-servers { misc; };
Additions:
apt-get install tetex-bin gs-common tetex-extra tetex-base latex-beamer latex-xcolor lmodern pgf preview-latex-style ploticus
Deletions:
Additions:
That should have shown some data, if not go back and double check all steps. In order to handle the log files in regards to log rotation, I have chosen to use syslog-ng.
apt-get install syslog-ng
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
nano /etc/lograotate.d/syslog-ng
Then add this, I have added the DNS log rotate information at the bottom
/var/log/auth.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/cron.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/daemon.log {
rotate 7
weekly
missingok
notifempty
compress
}
/var/log/debug {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/kern.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/lpr.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.err {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.info {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.warn {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/messages {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/user.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/uucp.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/syslog {
rotate 7
daily
compress
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
/var/lib/named/var/log/query.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/lib/named/var/log/named.log {
rotate 4
missingok
notifempty
weekly
compress
}
Now we restart syslog-ng
/etc/init.d/syslog-ng restart
Now lets test lire!
cd ~
lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt
cat ~/bind9_query_report.tx
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
lr_xml2report --help output-formats
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.
apt-get install syslog-ng
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
nano /etc/lograotate.d/syslog-ng
Then add this, I have added the DNS log rotate information at the bottom
/var/log/auth.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/cron.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/daemon.log {
rotate 7
weekly
missingok
notifempty
compress
}
/var/log/debug {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/kern.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/lpr.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.err {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.info {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.warn {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/messages {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/user.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/uucp.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/syslog {
rotate 7
daily
compress
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
/var/lib/named/var/log/query.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/lib/named/var/log/named.log {
rotate 4
missingok
notifempty
weekly
compress
}
Now we restart syslog-ng
/etc/init.d/syslog-ng restart
Now lets test lire!
cd ~
lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt
cat ~/bind9_query_report.tx
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
lr_xml2report --help output-formats
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.
Deletions:
Additions:
----
First we have to install some package dependencies.
Now we install lire. Its that simple!
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
nano /etc/bind/named.conf
Then at the very top add in the following section
logging {
channel main_syslog {
syslog local2;
};
channel misc {
file "/var/log/named.log";
print-time yes;
};
channel "querylog" {
file "/var/log/query.log"
print-time yes;
};
category default { misc; };
category general { misc; };
category security { misc; };
category config { misc; };
category resolver { misc; };
category xfer-in { misc; };
category xfer-out { misc; };
category notify { misc; };
category client { misc; };
category network { misc; };
category update { misc; };
category queries { misc; };
category lame-servers { misc; };
};
Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
touch /var/lib/named/var/log/named.log
touch /var/lib/named/var/log/query.log
Now restart bind9
rndc reload
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
dig www.opennicproject.org @127.0.0.1
cat /var/lib/named/var/log/query.log
That should have shown some data, if not go back and double check all steps.
First we have to install some package dependencies.
Now we install lire. Its that simple!
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
nano /etc/bind/named.conf
Then at the very top add in the following section
logging {
channel main_syslog {
syslog local2;
};
channel misc {
file "/var/log/named.log";
print-time yes;
};
channel "querylog" {
file "/var/log/query.log"
print-time yes;
};
category default { misc; };
category general { misc; };
category security { misc; };
category config { misc; };
category resolver { misc; };
category xfer-in { misc; };
category xfer-out { misc; };
category notify { misc; };
category client { misc; };
category network { misc; };
category update { misc; };
category queries { misc; };
category lame-servers { misc; };
};
Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
touch /var/lib/named/var/log/named.log
touch /var/lib/named/var/log/query.log
Now restart bind9
rndc reload
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
dig www.opennicproject.org @127.0.0.1
cat /var/lib/named/var/log/query.log
That should have shown some data, if not go back and double check all steps.
No Differences
Additions:
%%
%%
%%
%%
%%
%%
%%
