On 5/20/2021 2:17 PM, Anand Buddhdev wrote:
You could also log directly to files (bypassing syslog), and then have
some process follow the files and send the logs to a remote server.
This seems rather inefficient, but there are established and flexible
tools to do just this.
Without changing the configuration of my named (which is currently
logging to a local file), I can make rsyslogd consider that file an
input source. Once in, the parsing and output modules can then work on it.
This relies on the input module "imfile", and the output module "omfwd"
https://rsyslog-doc.readthedocs.io/en/latest/configuration/modules/idx_input.html
imfile appears to follow log rotations cleanly. A limitation I see is
everything is assigned the same syslog facility.priority values.
It remains to be seen if this process can keep up with the query volume.
Warning: When started for the first time, imfile will read the existing
file and start forwarding. If the query log already contains 800MB of
lines, those will all be read in and passed through the parser and
output modules.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
