把DNS请求日志转发到syslog服务器去
在vim /etc/named.conf里配置的内容
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel syslog_channel {
syslog DNS-LOG;
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
category default {
syslog_channel;
};
};
zone "baidu.com" {
type forward;
forwarders {10.127.1.8; };
forward only;
};
zone "qq.cn" {
type forward;
forwarders {10.127.1.8; };
forward only;
};在rsyslog服务里的配置项,最下面vim /etc/rsyslog.conf
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
#将BIND的DNS请求信息发送给日志平台
DNS-LOG.* @@10.5.5.5:514
# ### end of the forwarding rule ###重启rsyslog服务
systemctl restart rsyslog