[LogReport Questions] Does the bind9 reports work?

[Wytze van der Raay]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Pieter,

On 26.07.2007 05:39, Pieter le Roux wrote:
> lire-2.0.2:
> 
> I fixed 'bind9_query2dlf' to handle our bind logs that has the named server 
> name and "named[...]" after the timestamp, eg:
> 
> Jul 10 00:00:00 server.domain named[26070]: ....

Would you like to contribute your modification to the logreport project?

The current version of bind9_query2dlf is based on the logfile format
generated by BIND9 itself when using the channel file option, as stated
in its manual page. The format that you are showing looks to me like it
was generated by having BIND9 logging everything through syslog.

> Only 'queries' lines are parsed (not 'security', ...).
> Does anyone have a fix for this?

I would not qualify such a contribution as a fix, but rather as an
extension :-).  bind9_query2dlf in its present form more or less
deliberately restricts itself to parsing *queries* log lines as implied
by its name.

If you want to do some meaningful reporting on other log file entries,
like for instance 'security', you will also need to define what kind of
things you would like to report about these lines (i.e. report formats
etc.). Other interesting events besides security could be notify, xfer-in,
xfer-out and lame-servers I guess.

Anyone interested in looking into this?

Regards,
Wytze van der Raay


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGqLIFqs+zhiEbbu8RAuToAJ4/IK1k513TDsPC4qZ/fHuGU17/8ACfT8mm
wgyfXSaGlypLxFNhhMP5zoA=
=PH43
-----END PGP SIGNATURE-----