Revision [1656]
This is an old revision of Lire made by JulianDemarchi on 2008-07-07 22:46:40.
Debian Lire Howto
This is how I have lire setup to work for me.
First we have to install some package dependencies.
apt-get install tetex-bin gs-common tetex-extra tetex-base latex-beamer latex-xcolor lmodern pgf preview-latex-style ploticus
Now we install lire. Its that simple!
apt-get install lire
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
nano /etc/bind/named.conf
Then at the very top add in the following section
logging { channel main_syslog { syslog local2; }; channel misc { file "/var/log/named.log"; print-time yes; }; channel "querylog" { file "/var/log/query.log" print-time yes; }; category default { misc; }; category general { misc; }; category security { misc; }; category config { misc; }; category resolver { misc; }; category xfer-in { misc; }; category xfer-out { misc; }; category notify { misc; }; category client { misc; }; category network { misc; }; category update { misc; }; category queries { misc; }; category lame-servers { misc; }; };
Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
touch /var/lib/named/var/log/named.log touch /var/lib/named/var/log/query.log
Now restart bind9
rndc reload
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
dig www.opennicproject.org @127.0.0.1 cat /var/lib/named/var/log/query.log
That should have shown some data, if not go back and double check all steps. In order to handle the log files in regards to log rotation, I have chosen to use syslog-ng.
apt-get install syslog-ng
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
nano /etc/lograotate.d/syslog-ng
Then add this, I have added the DNS log rotate information at the bottom
/var/log/auth.log { rotate 4 missingok notifempty weekly compress } /var/log/cron.log { rotate 4 weekly missingok notifempty compress } /var/log/daemon.log { rotate 7 weekly missingok notifempty compress } /var/log/debug { rotate 4 weekly missingok notifempty compress } /var/log/kern.log { rotate 4 weekly missingok notifempty compress } /var/log/lpr.log { rotate 4 weekly missingok notifempty compress } /var/log/mail.err { rotate 4 weekly missingok notifempty compress } /var/log/mail.info { rotate 4 weekly missingok notifempty compress } /var/log/mail.log { rotate 4 weekly missingok notifempty compress } /var/log/mail.warn { rotate 4 weekly missingok notifempty compress } /var/log/messages { rotate 4 weekly missingok notifempty compress } /var/log/user.log { rotate 4 weekly missingok notifempty compress } /var/log/uucp.log { rotate 4 missingok notifempty weekly compress } /var/log/syslog { rotate 7 daily compress postrotate /etc/init.d/syslog-ng reload >/dev/null endscript } /var/lib/named/var/log/query.log { rotate 4 missingok notifempty weekly compress } /var/lib/named/var/log/named.log { rotate 4 missingok notifempty weekly compress }
Now we restart syslog-ng
/etc/init.d/syslog-ng restart
Now lets test lire!
cd ~ lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt cat ~/bind9_query_report.tx
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
lr_xml2report --help output-formats
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.