Chapter 10. Customizing BIND logging

As Identity Management (IdM) administrator, you can improve visibility and maintain security by customizing where BIND writes its logs and ensuring SELinux allows access to those custom paths.

10.1. Customizing the BIND log path

You can customize the path to your BIND logs by using the ipa-logging-ext.conf file.

Procedure

Open the ipa-logging-ext.conf file in the /etc/named/ directory and add or modify a logging channel with your file path:

logging {
	channel ipa_custom_log {
        file "/var/log/named/ipa_dns_queries.log" versions 3 size 10m;
    	severity info;
    	print-time yes;
    	print-severity yes;
    	print-category yes;
	};

	category queries { ipa_custom_log; };
	category update { ipa_custom_log; };
	category update-security { ipa_custom_log; };
};

Restart the BIND server:
```
# systemctl restart named
```

10.2. Extending SELinux policy for BIND custom logging

You can extend the SELinux policy to include the BIND logs.

Procedure

Create a log directory:

# mkdir -p /var/log/named
# chown named:named /var/log/named
# chmod 750 /var/log/named

Assign the named_log_t SELinux context to the new directory and the log file:

# semanage fcontext -a -t named_log_t "/var/log/named(/.)?"*
# restorecon -Rv /var/log/named

Restart the BIND server:
```
# systemctl restart named
```

Verification

Display your custom log file:

$ tail -f /var/log/named/ipa_dns_queries.log

Chapter 10. Customizing BIND logging

10.1. Customizing the BIND log path

10.2. Extending SELinux policy for BIND custom logging

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

Making open source more inclusive

About Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links