Revision [1655]
This is an old revision of Lire made by JulianDemarchi on 2008-07-07 22:43:54.
Debian Lire Howto
This is how I have lire setup to work for me.
First we have to install some package dependencies.
apt-get install tetex-bin gs-common tetex-extra tetex-base latex-beamer latex-xcolor lmodern pgf preview-latex-style
Now we install lire. Its that simple!
apt-get install lire
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
nano /etc/bind/named.conf
Then at the very top add in the following section
logging {
channel main_syslog {
syslog local2;
};
channel misc {
file "/var/log/named.log";
print-time yes;
};
channel "querylog" {
file "/var/log/query.log"
print-time yes;
};
category default { misc; };
category general { misc; };
category security { misc; };
category config { misc; };
category resolver { misc; };
category xfer-in { misc; };
category xfer-out { misc; };
category notify { misc; };
category client { misc; };
category network { misc; };
category update { misc; };
category queries { misc; };
category lame-servers { misc; };
};Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
touch /var/lib/named/var/log/named.log touch /var/lib/named/var/log/query.log
Now restart bind9
rndc reload
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
dig www.opennicproject.org @127.0.0.1 cat /var/lib/named/var/log/query.log
That should have shown some data, if not go back and double check all steps. In order to handle the log files in regards to log rotation, I have chosen to use syslog-ng.
apt-get install syslog-ng
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
nano /etc/lograotate.d/syslog-ng
Then add this, I have added the DNS log rotate information at the bottom
/var/log/auth.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/cron.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/daemon.log {
rotate 7
weekly
missingok
notifempty
compress
}
/var/log/debug {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/kern.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/lpr.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.err {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.info {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.warn {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/messages {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/user.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/uucp.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/syslog {
rotate 7
daily
compress
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
/var/lib/named/var/log/query.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/lib/named/var/log/named.log {
rotate 4
missingok
notifempty
weekly
compress
}Now we restart syslog-ng
/etc/init.d/syslog-ng restart
Now lets test lire!
cd ~ lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt cat ~/bind9_query_report.tx
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
lr_xml2report --help output-formats
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.
