Wiki source for Lire
======Debian Lire Howto======
This is how I have lire setup to work for me.
----
First we have to install some package dependencies.
%%
apt-get install tetex-bin gs-common tetex-extra tetex-base latex-beamer latex-xcolor lmodern pgf preview-latex-style ploticus
%%
Now we install lire. Its that simple!
%%
apt-get install lire
%%
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
%%
nano /etc/bind/named.conf
%%
Then at the very top add in the following section
%%
logging {
channel "misc" {
file "/var/log/misc.log" versions 2 size 25M;
severity info; print-severity no;
print-category yes; print-time yes;
};
channel "querylog" {
file "/var/log/named.log" versions 2 size 25M;
severity info; print-severity no;
print-category no; print-time yes;
};
category "queries" { "querylog"; };
category default { "misc"; };
};
%%
Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
%%
touch /var/lib/named/var/log/named.log
touch /var/lib/named/var/log/query.log
%%
Now restart bind9
%%
rndc reload
%%
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
%%
dig www.opennicproject.org @127.0.0.1
cat /var/lib/named/var/log/query.log
%%
That should have shown some data, if not go back and double check all steps. In order to handle the log files in regards to log rotation, I have chosen to use syslog-ng.
%%
apt-get install syslog-ng
%%
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
%%
nano /etc/lograotate.d/syslog-ng
%%
Then add this, I have added the DNS log rotate information at the bottom
%%
/var/log/auth.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/cron.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/daemon.log {
rotate 7
weekly
missingok
notifempty
compress
}
/var/log/debug {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/kern.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/lpr.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.err {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.info {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.warn {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/messages {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/user.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/uucp.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/syslog {
rotate 7
daily
compress
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
/var/lib/named/var/log/query.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/lib/named/var/log/named.log {
rotate 4
missingok
notifempty
weekly
compress
}
%%
Now we restart syslog-ng
%%
/etc/init.d/syslog-ng restart
%%
Now lets test lire!
%%
cd ~
lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt
cat ~/bind9_query_report.tx
%%
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
%%
lr_xml2report --help output-formats
%%
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.
----
This is how I have lire setup to work for me.
----
First we have to install some package dependencies.
%%
apt-get install tetex-bin gs-common tetex-extra tetex-base latex-beamer latex-xcolor lmodern pgf preview-latex-style ploticus
%%
Now we install lire. Its that simple!
%%
apt-get install lire
%%
Now we have to configure bind9 to separate the log files.
Edit bind9's configuration file
%%
nano /etc/bind/named.conf
%%
Then at the very top add in the following section
%%
logging {
channel "misc" {
file "/var/log/misc.log" versions 2 size 25M;
severity info; print-severity no;
print-category yes; print-time yes;
};
channel "querylog" {
file "/var/log/named.log" versions 2 size 25M;
severity info; print-severity no;
print-category no; print-time yes;
};
category "queries" { "querylog"; };
category default { "misc"; };
};
%%
Prime the log files(The log location below assumes you have a chroot bind9 setup. If not the logs will be in /var/log/log.name)
%%
touch /var/lib/named/var/log/named.log
touch /var/lib/named/var/log/query.log
%%
Now restart bind9
%%
rndc reload
%%
The files /var/lib/named/var/log/named.log and query.log should now contain data. This is a good point to check. If they are empty, try;
%%
dig www.opennicproject.org @127.0.0.1
cat /var/lib/named/var/log/query.log
%%
That should have shown some data, if not go back and double check all steps. In order to handle the log files in regards to log rotation, I have chosen to use syslog-ng.
%%
apt-get install syslog-ng
%%
Now we configure syslog-ng to do log rotation. Create/edit this file in /etc/logrotate.d
%%
nano /etc/lograotate.d/syslog-ng
%%
Then add this, I have added the DNS log rotate information at the bottom
%%
/var/log/auth.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/cron.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/daemon.log {
rotate 7
weekly
missingok
notifempty
compress
}
/var/log/debug {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/kern.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/lpr.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.err {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.info {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/mail.warn {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/messages {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/user.log {
rotate 4
weekly
missingok
notifempty
compress
}
/var/log/uucp.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/log/syslog {
rotate 7
daily
compress
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
/var/lib/named/var/log/query.log {
rotate 4
missingok
notifempty
weekly
compress
}
/var/lib/named/var/log/named.log {
rotate 4
missingok
notifempty
weekly
compress
}
%%
Now we restart syslog-ng
%%
/etc/init.d/syslog-ng restart
%%
Now lets test lire!
%%
cd ~
lr_log2report --output txt bind9_query /var/lib/named/var/log/query.log ~/bind9_query_report.txt
cat ~/bind9_query_report.tx
%%
There is your fresh lire report. Now lire can do alot more. To see the variety of formats for the reports issue;
%%
lr_xml2report --help output-formats
%%
You now have lire installed and working correctly! Below are a couple of my own recepies I use to analyze OpenNIC DNS data.
----
