On 2022-08-25 18:04, Greg Choules wrote:
Hi again J.
If I understand correctly, you want to enable querylog on a busy
recursive server permanently, rotate the files once a day and don't care
if you lose some logs because the number of queries on a busy day
generates more data than the specified log file is allowed to contain.
My question has to be, why?
Firstly, querylog is not an efficient way to record information about
what your clients are doing, dnstap is far more efficient if you want a
record of some or all information about queries and/or their responses.
If using files to retain this information, the rotation choices are the
same as for channels. If your server is only handling a few 10s or 100s
QPS, querylog will do. But if it's handling 1000s times more than that
you will cause it unnecessary extra stress and dnstap is your friend.
Secondly, if you insist on using querylog (actually, this also applies
to dnstap), why not just leave named to rotate the files based on size
and number, allowing for the set of files to be easily large enough to
contain (say) a week's worth of data. Then you could run a cron job to
grep today's logs and do what you want with them. You don't have to
worry about other processes sending commands to named to cause something
to happen, it just gets on with it.
/soapbox.
Hi Greg,
Yes, that's correct. The size limit for the busy day is actually much
larger than I think it would ever get. I want a size limit to ensure
that the query logs are not eating up too much disk space. The size
limit of a days' log will never get that high, but if it does, the disk
is not filled up. In that case, I understand logging for that day may
be incomplete because Bind would stop logging if I it did get to 1 G,
but for this server and the purpose it serves, it's never going to reach
1 G.
I like to have an upper bound on logs to prevent disk from being filled up.
I am familiar with dnstap but am looking for a more simple solution at
this time. I agree it is probably the most correct tool for most jobs,
but in this case text logs for queries are fine.
I could also do as you suggest with cron and grep, but I'm not concerned
with sending commands via a separate process (rndc) as that is the
current method of sending commands to Bind. The big goal is to have
compressed logs for 24 hours of queries, holding onto that data for a
week. I think that's achievable by newsyslog.
It would be great to know if:
/usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
...is the correct trigger for named to open a new log. Can anyone
provide feedback on that ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
