saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-15 17:20:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

logging channel and category from pillar

Browse source
This commit is contained in:
Piotr Pieprzycki 2017-10-28 22:05:54 +00:00
parent 2947dde649
commit 99593ccc8c
2 changed files with 177 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
bind/files/debian/named.conf.logging
View file

@ -1,120 +1,33 @@
// Configuration based on https://kb.isc.org/article/AA-01526/0/BIND-Logging-some-basic-recommendations.html
logging {
channel default_log {
file "{{ map.log_dir }}/default" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel auth_servers_log {
file "{{ map.log_dir }}/auth_servers" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel dnssec_log {
file "{{ map.log_dir }}/dnssec" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel zone_transfers_log {
file "{{ map.log_dir }}/zone_transfers" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel ddns_log {
file "{{ map.log_dir }}/ddns" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel client_security_log {
file "{{ map.log_dir }}/client_security" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel rate_limiting_log {
file "{{ map.log_dir }}/rate_limiting" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel rpz_log {
file "{{ map.log_dir }}/rpz" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
//
// If you have the category queries defined, and you dont want query logging
// by default, make sure you add option querylog no; - then you can toggle
// query logging on (and off again) using command rndc querylog
//
channel queries_log {
file "{{ map.log_dir }}/queries" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
{% for channel in salt['pillar.get']('bind:config:use_extensive_logging:channel') %}
channel {{channel}} {
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file', False) %}
file "{{ map.log_dir }}/{{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file')}}" versions {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':size', '20m')}};
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-time') %}
print-time yes;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-category') %}
print-category yes;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-severity') %}
print-severity yes;
severity info;
};
channel query-errors_log {
file "{{ map.log_dir }}/query-errors" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}};
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel default_syslog {
print-time yes;
print-category yes;
print-severity yes;
syslog daemon;
severity info;
};
channel default_debug {
print-time yes;
print-category yes;
print-severity yes;
file "named.run";
severity dynamic;
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity') %}
severity {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity')}};
{%- endif %}
{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog') %}
syslog {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog')}};
{%- endif %}
};
{% endfor %}
category default { default_syslog; default_debug; default_log; };
category config { default_syslog; default_debug; default_log; };
category dispatch { default_syslog; default_debug; default_log; };
category network { default_syslog; default_debug; default_log; };
category general { default_syslog; default_debug; default_log; };
category resolver { auth_servers_log; default_debug; };
category cname { auth_servers_log; default_debug; };
category delegation-only { auth_servers_log; default_debug; };
category lame-servers { auth_servers_log; default_debug; };
category edns-disabled { auth_servers_log; default_debug; };
category dnssec { dnssec_log; default_debug; };
category notify { zone_transfers_log; default_debug; };
category xfer-in { zone_transfers_log; default_debug; };
category xfer-out { zone_transfers_log; default_debug; };
category update{ ddns_log; default_debug; };
category update-security { ddns_log; default_debug; };
category client{ client_security_log; default_debug; };
category security { client_security_log; default_debug; };
category rate-limit { rate_limiting_log; default_debug; };
category spill { rate_limiting_log; default_debug; };
category database { rate_limiting_log; default_debug; };
category rpz { rpz_log; default_debug; };
category queries { queries_log; };
category query-errors {query-errors_log; };
{%- for category in salt['pillar.get']('bind:config:use_extensive_logging:category') %}
category {{category}} { {{ salt['pillar.get']('bind:config:use_extensive_logging:category:'+category, []) | join('; ') }}; };
{%- endfor %}
};

154
pillar.example
View file

@ -55,6 +55,160 @@ bind:
versions: 5 # Additionaly you can set how many files will be stored
size: '100m' # Maximum size of a individual file
use_extensive_logging: # Enable extensive config for logging.
channel: # https://kb.isc.org/article/AA-01526/0/BIND-Logging-some-basic-recommendations.html
default_log:
file: default
size: '200m' # size of a individual file (default 20m)
versions: '10' # how many files will be stored (default 3)
print-time: yes
print-category: yes
print-severity: yes
severity: info
auth_servers_log:
file: auth_servers
print-time: yes
print-category: yes
print-severity: yes
severity: info
dnssec_log:
file: dnssec
print-time: yes
print-category: yes
print-severity: yes
severity: info
zone_transfers_log:
file: zone_transfers
print-time: yes
print-category: yes
print-severity: yes
severity: info
ddns_log:
file: ddns
print-time: yes
print-category: yes
print-severity: yes
severity: info
client_security_log:
file: client_security
print-time: yes
print-category: yes
print-severity: yes
severity: info
rate_limiting_log:
file: rate_limiting
print-time: yes
print-category: yes
print-severity: yes
severity: info
rpz_log:
file: rpz
print-time: yes
print-category: yes
print-severity: yes
severity: info
queries_log:
file: queries
print-time: yes
print-category: yes
print-severity: yes
severity: info
query-errors_log:
file: query-errors
print-time: yes
print-category: yes
print-severity: yes
severity: dynamic
default_syslog:
print-time: yes
print-category: yes
print-severity: yes
syslog: daemon
severity: info
default_debug:
file: named.run
print-time: yes
print-category: yes
print-severity: yes
syslog: dynamic
severity: info
category:
default:
- default_syslog
- default_debug
- default_log
config:
- default_syslog
- default_debug
- default_log
dispatch:
- default_syslog
- default_debug
- default_log
network:
- default_syslog
- default_debug
- default_log
general:
- default_syslog
- default_debug
- default_log
resolver:
- auth_servers_log
- default_debug
cname:
- auth_servers_log
- default_debug
delegation-only:
- auth_servers_log
- default_debug
lame-servers:
- auth_servers_log
- default_debug
edns-disabled:
- auth_servers_log
- default_debug
dnssec:
- dnssec_log
- default_debug
notify:
- zone_transfers_log
- default_debug
xfer-in:
- zone_transfers_log
- default_debug
xfer-out:
- zone_transfers_log
- default_debug
update:
- ddns_log
- default_debug
update-security:
- ddns_log
- default_debug
client:
- client_security_log
- default_debug
security:
- client_security_log
- default_debug
rate-limit:
- rate_limiting_log
- default_debug
spill:
- rate_limiting_log
- default_debug
database:
- rate_limiting_log
- default_debug
rpz:
- rpz_log
- default_debug
queries:
- queries_log
query-errors:
- query-errors_log
controls:
local:
enabled: true