logging to a pipe?
Marten Lehmann
in the logging definition for a channel I found only syslog and file.
With the file-option, I was hoping that it would log to a script when using
file "|/var/tmp/logger.pl";
but it doesn't:
config: error: logging channel 'my_file' file '|/var/tmp/logger.pl':
file not found
Is someone working on a pipe-option? Is there a general reason not to
implement (it's possible in Apache).
Regards
Marten
Marten Lehmann
tried to run BIND with
named | /vrmd/tmp/logger.pl, but named immediately quits and runs in the
background.
Jim Reid
Marten> Hello, in the logging definition for a channel I found
Marten> only syslog and file. With the file-option, I was hoping
Marten> that it would log to a script when using
Marten> file "|/var/tmp/logger.pl";
Marten> but it doesn't:
Correct. The ARM makes it crystal-clear that the reserved word "file"
is followed by a pathname enclosed in double quotes.
Marten> Is someone working on a pipe-option?
No idea: I doubt it.
Marten> Is there a general reason not to implement (it's possible
Marten> in Apache).
First of all BIND is not Apache. Please repeat this until you
understand that. I can see it now. One day someone will ask here "Why
doesn't BIND serve web pages? It's possible in Apache.".
Secondly, ISC has finite resources. These are probably best spent on
implementing the core protocol. If you want to have logging to a pipe,
feel free to contribute a patch. Or give ISC the money to do that.
Thirdly, adding logging to a pipe introduces a bunch of potential
security holes and awkward problems to replicate (or not) environment
variables and suchlike in the forked process on the other end of the
pipe. Also, name server processes can get very large. Forking such
processes can be very painful. IMO it's best if BIND doesn't go down
those rat-holes.
Finally, there's no real reason to log to a pipe. [Just because Apache
can do that isn't a justification.] The simplest solution is to have
daemons log and then have scripts or whatever that analyse those logs.
That was one of the core ideas of UNIX: have *small*, self-contained
programs that did one job and did it well instead of large, complex
programs that try to do everything for everyone.
Marten Lehmann
> is followed by a pathname enclosed in double quotes.
Ok so far. But I need to parse the log in realtime and what's easier
than logging to a script which can select the useful entries and react
accordingly? A script can receive input continuesly but it's hard to
read only new entries of a logfile, especially when it's truncated or
renamed after a certain size. The workaround would be to log everything
to stderr so I could start named with
named 2>&1 | /var/tmp/logger.pl
But I don't know where BIND prints the stderr-output, obviously not to
stderr.
Regards
Marten
Jim Reid
Marten> I changed "file" to "stderr". But where does BIND output
Marten> it's STDERR?
To whereever file descriptor 2 says it should go. [Hint: lsof is your
friend.] Usually that's /dev/null, which is where daemon processes
almost always redirect their standard input (fd 0), output (fd 1) and
error output (fd 2). It looks like you haven't read the BIND
documentation. Here's what the ARM has to say about the "stderr"
keyword:
The stderr destination clause directs the channel to the
server's standard error stream. This is intended for use when
the server is running as a foreground process, for example
when debugging a configuration.
Marten> I tried to run BIND with named | /vrmd/tmp/logger.pl, but
Marten> named immediately quits and runs in the background.
Well, what do you expect? FYI, named doesn't "immediately quit". named
is a daemon. That means by default it detaches itself from any
controlling tty and redirects its standard input, output and error
output to /dev/null before doing any real work. Just like any other
daemon: cron, lpd, inet, etc, etc. The man page for named tells you
how to run the process in the foreground and to force all of the logs
to stderr.
I suggest you read the documentation before you next post here.
Stephane Bortzmeyer
Marten Lehmann <leh...@cnm.de> wrote
a message of 17 lines which said:
> in the logging definition for a channel I found only syslog and file.
> With the file-option, I was hoping that it would log to a script when using
>
> file "|/var/tmp/logger.pl";
I may be stupid but why not logging to a FIFO and have another process
read it?
Shell:
mkfifo /var/somewhere/bindlogshere
BIND:
file "/var/somewhere/bindlogshere";
Program:
open("/var/somewhere/bindlogshere");
while... read...
Marten Lehmann
> is followed by a pathname enclosed in double quotes.
Does BIND synchronize the writing to a file if two or more channels are
using the same file or fifo?
Regards
Marten
Ed Schmollinger
> > Correct. The ARM makes it crystal-clear that the reserved word "file"
> > is followed by a pathname enclosed in double quotes.
>
> than logging to a script which can select the useful entries and react
> accordingly? A script can receive input continuesly but it's hard to
> read only new entries of a logfile, especially when it's truncated or
> renamed after a certain size. The workaround would be to log everything
> to stderr so I could start named with
http://www.ranum.com/security/computer_security/code/
Or use GNU tail, which supports the "--follow=name" option.
And of course, a reasonable log parser will support various forms of log
resetting anyway. If the log parser you're using doesn't support it,
that's probably a sign...
--
Ed Schmollinger - schm...@frozencrow.org
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBLgNouUf1YjPlx/ARAkkUAJ9P23jVADmT8sEUpV5yN2QUWSSDrQCfU1v2
v2MC/q0aUNMVLQlpXILTf70=
=O4lG
-----END PGP SIGNATURE-----
Bryan Irvine
Why not just use a named pipe?
man mkfifo
--Bryan
On Thu, 26 Aug 2004 11:48:27 +0200, Marten Lehmann <leh...@cnm.de> wrote:
> Hello,
>
> in the logging definition for a channel I found only syslog and file.
> With the file-option, I was hoping that it would log to a script when using
>
> file "|/var/tmp/logger.pl";
>
> but it doesn't:
>
> config: error: logging channel 'my_file' file '|/var/tmp/logger.pl':
> file not found
>
> Is someone working on a pipe-option? Is there a general reason not to
> implement (it's possible in Apache).
>
> Regards
> Marten
>
>
Danny Mayer
> > Correct. The ARM makes it crystal-clear that the reserved word "file"
> > is followed by a pathname enclosed in double quotes.
>
>Ok so far. But I need to parse the log in realtime and what's easier
>than logging to a script which can select the useful entries and react
>accordingly? A script can receive input continuesly but it's hard to
>read only new entries of a logfile, especially when it's truncated or
>renamed after a certain size. The workaround would be to log everything
>to stderr so I could start named with
>
>
>But I don't know where BIND prints the stderr-output, obviously not to
>stderr.
>
>Regards
>Marten
Just have named log to a file and tail the file. I used to do that for an
application.
You can keep tail continuously reading the file. See man tail for details.
Danny
Peter
give usage data
log to stderr and then
named 2>&1 | /path/logprocessor.pl
I found this from http://www.campin.net/DNS/graph.html, see the comments in
the top of the script at http://www.campin.net/DNS/bind9-query-logger.txt
Peter
"Marten Lehmann" <leh...@cnm.de> wrote in message
news:cgkget$1v9u$1...@sf1.isc.org...
> > Correct. The ARM makes it crystal-clear that the reserved word "file"
> > is followed by a pathname enclosed in double quotes.
>
> Ok so far. But I need to parse the log in realtime and what's easier
> than logging to a script which can select the useful entries and react
> accordingly? A script can receive input continuesly but it's hard to
> read only new entries of a logfile, especially when it's truncated or
> renamed after a certain size. The workaround would be to log everything
> to stderr so I could start named with
>
Marten Lehmann
> That is the option I have running successfully on several nameservers to
> give usage data
>
> log to stderr and then
> named 2>&1 | /path/logprocessor.pl
yes, the same way I'm doing this in the meantime. But remember to start
named with "-f", otherwise there's no stderr-output. Btw.: I heard from
some experienced c-programmer, that the pipe-option in logging isn't
that hard, it should be no more than a popen() instead of a fopen().
Maybe somehas has some time a extend the logging-channels with a
pipe-option? It would be very useful.
Regards
Marten
Jim Reid
Marten> Btw.: I heard from some experienced
Marten> c-programmer, that the pipe-option in logging isn't that
Marten> hard, it should be no more than a popen()
Well since it's that easy, just contribute the code....
Perhaps you asked this C programmer the wrong question. If not, find
yourself a better C programmer and take advice from him/her. No
sensible programmer uses the popen() and system() library functions
because they provide a vector for security compromises. [These
routines fork a shell, so it's possible to do interesting things with
environment variables -- for instance the search path -- so that the
forked shell does unexpected things.] A competent C programmer will
know this and use the pipe() system call instead. IIRC popen() isn't
even in the ANSI C specification.
Besides, the question isn't whether providing some sort of logging to
a pipe is a hard programming exercise or not. Because it isn't hard.
The real questions are (a) is implementing this a worthwhile use of
ISC's resources?; (b) does this feature serve any useful purpose; and
(c) is the additional complexity worth it?. IMO the answer to these
questions is clearly "no". As others have already pointed out, there
are a number of ways for you to get the functionality you seem to be
looking for without having BIND provide logging to a pipe.
Another point you have to remember is BIND9 runs on lots of platforms.
Some of them aren't even UNIX. It could be running on an OS that
doesn't have popen() or pipe(). Or the semantics of these functions on
those platforms are so weird that using them creates horrible
portability problems and makes software maintenance a nightmare.
Gregory Hicks
> Peter
>
> "Marten Lehmann" <leh...@cnm.de> wrote in message
> news:cgkget$1v9u$1...@sf1.isc.org...
> > > Correct. The ARM makes it crystal-clear that the reserved word "file"
> > > is followed by a pathname enclosed in double quotes.
> >
> > Ok so far. But I need to parse the log in realtime and what's easier
> > than logging to a script which can select the useful entries and react
> > accordingly? A script can receive input continuesly but it's hard to
I'm not sure what you're trying to do, but a "pipe" is just a "special"
file. MANUALLY create the pipe and then name the pipe in the options
portion of named.conf and process away.
mknod /var/log/named.pipe.queries p (under Solaris, this creates a 'pipe')
Modify the startup script so that when named is started, a 'processing
script' is also started in "detached" mode. One that I use for
redirecting sendmail messages/errors is:
cat /var/log/mail-pipe | while read line1 ; do
echo $line1|grep sendmail.external >> /var/log/mail.external
echo $line1|grep sendmail.internal >> /var/log/mail.internal
echo $line1|grep -v sendmail.internal|grep -v sendmail.external >> /var/log/mail.common
done
There are two sendmail processes started at boot time. One talks to
the internet on the outside and a virus scanner on the "inside". The
virus scanner takes messages from the external sendmail and passes them
to the "internal" sendmail.
Just a thought...
Regards,
Gregory Hicks
-------------------------------------------------------------------
Gregory Hicks
Cadence Design Systems
555 River Oaks Pkwy M/S 6B1
San Jose, CA 95134
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
Simon Hobson
Syslog on Linux has an option to log to a pipe. So (if using Linux, I
can't remember what platform was involved now) you could simply log
to on of the local streams in syslog and have it send the logging to
a pipe - logging to pipe without hacking Bind.
Simon
--
NOTE: This is a throw-away email address which will reach me for as
long as it stays spam-free, remove date for real address.
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
Simon Hobson
Syslog on Linux has an option to log to a pipe. So (if using Linux, I
can't remember what platform was involved now) you could simply log
to on of the local streams in syslog and have it send the logging to
a pipe - logging to pipe without hacking Bind.
Simon
--