Red Hat SummitChapter 10. Customizing BIND logging
As Identity Management (IdM) administrator, you can improve visibility and maintain security by customizing where BIND writes its logs and ensuring SELinux allows access to those custom paths.
10.1. Customizing the BIND log path
You can customize the path to your BIND logs by using the ipa-logging-ext.conf file.
Procedure
Open the
ipa-logging-ext.conffile in the/etc/named/directory and add or modify a logging channel with your file path:logging { channel ipa_custom_log { file "/var/log/named/ipa_dns_queries.log" versions 3 size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; category queries { ipa_custom_log; }; category update { ipa_custom_log; }; category update-security { ipa_custom_log; }; };logging { channel ipa_custom_log { file "/var/log/named/ipa_dns_queries.log" versions 3 size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; category queries { ipa_custom_log; }; category update { ipa_custom_log; }; category update-security { ipa_custom_log; }; };Copy to Clipboard Copied! Restart the BIND server:
systemctl restart named
# systemctl restart namedCopy to Clipboard Copied!
10.2. Extending SELinux policy for BIND custom logging
You can extend the SELinux policy to include the BIND logs.
Procedure
Create a log directory:
mkdir -p /var/log/named chown named:named /var/log/named chmod 750 /var/log/named
# mkdir -p /var/log/named # chown named:named /var/log/named # chmod 750 /var/log/namedCopy to Clipboard Copied! Assign the
named_log_tSELinux context to the new directory and the log file:semanage fcontext -a -t named_log_t "/var/log/named(/.)?"* restorecon -Rv /var/log/named
# semanage fcontext -a -t named_log_t "/var/log/named(/.)?"* # restorecon -Rv /var/log/namedCopy to Clipboard Copied! Restart the BIND server:
systemctl restart named
# systemctl restart namedCopy to Clipboard Copied!
Verification
Display your custom log file:
tail -f /var/log/named/ipa_dns_queries.log
$ tail -f /var/log/named/ipa_dns_queries.logCopy to Clipboard Copied!
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}