Disable log message

[Jack Tavares]

I am running bind9.8.x built from source and I see this message in the logs
built with '--prefix=/blah' '--sbindir=/blah' '--sysconfdir=/blah' '--localstatedir=/var' '--exec-prefix=/usr' '--libdir=/usr/lib' '--mandir=/usr/share/man' '--with-openssl=/blah' '--enable-fixed-rrset' '--enable-shared' '--enable-threads' '--enable-ipv6' '--with-libtool' etc etc etc

I would prefer to not have that show up in the log.

Short of modifying the source, is there an easy way to disable that?

Thanks

--
Jack Tavares

[Warren Kumari]

Erm… Depends on how you do your logging -- if this shows up in syslog, and you are using syslogng, you should be able to filter it out there…

W

>
> Thanks
>
>
> --
> Jack Tavares
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

--
Eagles soar but a weasel will never get sucked into a jet engine

[Jack Tavares]

Let me be more specific.

Is there a way to tell named to not log this message?

Thank you

--
Jack Tavares

________________________________________
From: Warren Kumari [war...@kumari.net]
Sent: Thursday, October 18, 2012 10:18
To: Jack Tavares
Cc: Warren Kumari; bind-...@isc.org
Subject: Re: Disable log message

[Jeremy C. Reed]

On Thu, 18 Oct 2012, Jack Tavares wrote:

> I am running bind9.8.x built from source and I see this message in the logs
> built with '--prefix=/blah' '--sbindir=/blah' '--sysconfdir=/blah' '--localstatedir=/var' '--exec-prefix=/usr' '--libdir=/usr/lib' '--mandir=/usr/share/man' '--with-openssl=/blah' '--enable-fixed-rrset' '--enable-shared' '--enable-threads' '--enable-ipv6' '--with-libtool' etc etc etc
>
> I would prefer to not have that show up in the log.
>
> Short of modifying the source, is there an easy way to disable that?

No way to disable just it. It is in the "general" catch-all category.

[David Dowdle]

Some of my external facing nameservers are under attack, and the biggiest
fallout, is the machines goign into iowait from logging all the client
query denied syslog messages.

note: yes, recursion is turned off on these machines.

The current logging is a very vanilla

logging {
category default { default_syslog; default_debug; };
category lame-servers { null; };
// below 2 lines are for logging EVERY query. this can fill a
drive
//channel "querylog" { file "/var/log/named/query.log"; print-time
yes; };
//category queries { querylog; };
};


I'd like to keep logging going, for obvious reasns, but need to kill the
'client query (cache) denied' messages

sofar all the google-found 'solutions' are: turn off all logging

Thanks

[Jeremy C. Reed]

Maybe discard all security logging with:

category security { null; };

Or setup a new channel for handling security with a "severity" of
"notice" or higher --and then set the category for security to use that
custom channel. (This cache denied logging is at the "info" level so
shouldn't be logged at notice or higher.)

A custom my_security_channel example is in the ARM documentation
which may provide some hints.

[Chris Thompson]

Also, it is output before the configuration "logging" directives have been
processed, so it comes out with the internal defaults for category and
priority (daemon.notice). Any suppression would need to be done at the
syslog level.

But I have some difficulty understanding why anyone would want it suppressed.
It's true that BIND is a bit noisier than it used to be at this stage, but
can this really be a problem? Do you let the black hats see your system logs?

--
Chris Thompson
Email: ce...@cam.ac.uk