ISC-DNS


The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.

Integration of ISC-DNS on Ubuntu with DNIF Adapter

To forward ISC-DNS logs to the DNIF Adapter make the following configuration

Install syslog package, if you haven’t installed it

apt-get install rsyslog

Checking the rsyslog.conf

Open a rsyslog.conf file located at /etc/rsyslog.conf by following command

vim /etc/rsyslog.conf

At the end of the file check for the following line and uncomment

$IncludeConfig /etc/rsyslog.d/*.conf

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

Save and Quit the configuration file.

Create log configuration for DNS logs with vim /etc/rsyslog.d/dnslog.conf and paste following lines below

$ModLoad Imfile

$InputFileName /var/log/named/database.log  ##path of log file
$InputFileTag dns-database:
$InputFileStateFile statefile-named-database
$InputFileSeverity dynamic
$InputFileFacility local4
$InputRunFileMonitor

$InputFileName /var/log/named/security.log  ##path of log file
$InputFileTag dns-security:
$InputFileStateFile statefile-named-security
$InputFileSeverity dynamic
$InputFileFacility local4
$InputRunFileMonitor

$InputFileName /var/log/named/resolver.log  ##path of log file
$InputFileTag dns-resolver:
$InputFileStateFile statefile-named-resolver
$InputFileSeverity dynamic
$InputFileFacility local4
$InputRunFileMonitor

$InputFileName /var/log/named/network.log  ##path of log file
$InputFileTag dns-network:
$InputFileStateFile statefile-named-network
$InputFileSeverity dynamic
$InputFileFacility local4
$InputRunFileMonitor

local4.*   @DNIF-Adapter-IP:514

Save and Quit the configuration file.

Restart rsyslog service

service rsyslog restart

ISC-DNS logs are now being streamed to the DNIF-ADAPTER.

Integration of ISC-DNS logs on CentOS-RHEL with DNIF Adapter

To forward ISC-DNS logs to the DNIF Adapter make the following configuration.

Install syslog package, if you haven’t installed it

yum -y install rsyslog

Checking the rsyslog.conf

Open a rsyslog.conf file located at /etc/rsyslog.conf by following command

vim /etc/rsyslog.conf

At the end of the file check for the following line and uncomment

$IncludeConfig /etc/rsyslog.d/*.conf

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

Save and Quit the configuration file.

Create log configuration for dns logs with vim /etc/rsyslog.d/dnslog.conf and paste following lines below

$ModLoad Imfile

$InputFileName /var/named/data/named.run  ##path of log file
$InputFileTag named-log:
$InputFileStateFile stat-named
$InputFileSeverity debug
$InputFileFacility local2
$InputRunFileMonitor

$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down

local4.*     @DNIF-Adapter-IP:514

Save and Quit the configuration file.

Restart rsyslog service

service rsyslog restart

ISC-DNS logs are now being streamed to the DNIF-ADAPTER.