diff --git a/bind/files/debian/named.conf.logging b/bind/files/debian/named.conf.logging index 1a34771..ebbb281 100644 --- a/bind/files/debian/named.conf.logging +++ b/bind/files/debian/named.conf.logging @@ -1,120 +1,33 @@ -// Configuration based on https://kb.isc.org/article/AA-01526/0/BIND-Logging-some-basic-recommendations.html + logging { - channel default_log { - file "{{ map.log_dir }}/default" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel auth_servers_log { - file "{{ map.log_dir }}/auth_servers" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel dnssec_log { - file "{{ map.log_dir }}/dnssec" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel zone_transfers_log { - file "{{ map.log_dir }}/zone_transfers" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel ddns_log { - file "{{ map.log_dir }}/ddns" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel client_security_log { - file "{{ map.log_dir }}/client_security" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel rate_limiting_log { - file "{{ map.log_dir }}/rate_limiting" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - channel rpz_log { - file "{{ map.log_dir }}/rpz" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; -// -// If you have the category ‘queries’ defined, and you don’t want query logging -// by default, make sure you add option ‘querylog no;’ - then you can toggle -// query logging on (and off again) using command ‘rndc querylog’ -// - channel queries_log { - file "{{ map.log_dir }}/queries" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; +{% for channel in salt['pillar.get']('bind:config:use_extensive_logging:channel') %} + channel {{channel}} { +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file', False) %} + file "{{ map.log_dir }}/{{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file')}}" versions {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':size', '20m')}}; +{%- endif %} +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-time') %} print-time yes; +{%- endif %} +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-category') %} print-category yes; +{%- endif %} +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-severity') %} print-severity yes; - severity info; - }; - channel query-errors_log { - file "{{ map.log_dir }}/query-errors" versions {{salt['pillar.get']('bind:config:use_extensive_logging:versions', '3')}} size {{salt['pillar.get']('bind:config:use_extensive_logging:size', '20m')}}; - print-time yes; - print-category yes; - print-severity yes; - severity dynamic; - }; - channel default_syslog { - print-time yes; - print-category yes; - print-severity yes; - syslog daemon; - severity info; - }; - channel default_debug { - print-time yes; - print-category yes; - print-severity yes; - file "named.run"; - severity dynamic; +{%- endif %} +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity') %} + severity {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity')}}; +{%- endif %} +{%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog') %} + syslog {{salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog')}}; +{%- endif %} }; +{% endfor %} - category default { default_syslog; default_debug; default_log; }; - category config { default_syslog; default_debug; default_log; }; - category dispatch { default_syslog; default_debug; default_log; }; - category network { default_syslog; default_debug; default_log; }; - category general { default_syslog; default_debug; default_log; }; - category resolver { auth_servers_log; default_debug; }; - category cname { auth_servers_log; default_debug; }; - category delegation-only { auth_servers_log; default_debug; }; - category lame-servers { auth_servers_log; default_debug; }; - category edns-disabled { auth_servers_log; default_debug; }; - category dnssec { dnssec_log; default_debug; }; - category notify { zone_transfers_log; default_debug; }; - category xfer-in { zone_transfers_log; default_debug; }; - category xfer-out { zone_transfers_log; default_debug; }; - category update{ ddns_log; default_debug; }; - category update-security { ddns_log; default_debug; }; - category client{ client_security_log; default_debug; }; - category security { client_security_log; default_debug; }; - category rate-limit { rate_limiting_log; default_debug; }; - category spill { rate_limiting_log; default_debug; }; - category database { rate_limiting_log; default_debug; }; - category rpz { rpz_log; default_debug; }; - category queries { queries_log; }; - category query-errors {query-errors_log; }; +{%- for category in salt['pillar.get']('bind:config:use_extensive_logging:category') %} + category {{category}} { {{ salt['pillar.get']('bind:config:use_extensive_logging:category:'+category, []) | join('; ') }}; }; + +{%- endfor %} }; diff --git a/pillar.example b/pillar.example index da403da..9613c57 100644 --- a/pillar.example +++ b/pillar.example @@ -55,6 +55,160 @@ bind: versions: 5 # Additionaly you can set how many files will be stored size: '100m' # Maximum size of a individual file + use_extensive_logging: # Enable extensive config for logging. + channel: # https://kb.isc.org/article/AA-01526/0/BIND-Logging-some-basic-recommendations.html + default_log: + file: default + size: '200m' # size of a individual file (default 20m) + versions: '10' # how many files will be stored (default 3) + print-time: yes + print-category: yes + print-severity: yes + severity: info + auth_servers_log: + file: auth_servers + print-time: yes + print-category: yes + print-severity: yes + severity: info + dnssec_log: + file: dnssec + print-time: yes + print-category: yes + print-severity: yes + severity: info + zone_transfers_log: + file: zone_transfers + print-time: yes + print-category: yes + print-severity: yes + severity: info + ddns_log: + file: ddns + print-time: yes + print-category: yes + print-severity: yes + severity: info + client_security_log: + file: client_security + print-time: yes + print-category: yes + print-severity: yes + severity: info + rate_limiting_log: + file: rate_limiting + print-time: yes + print-category: yes + print-severity: yes + severity: info + rpz_log: + file: rpz + print-time: yes + print-category: yes + print-severity: yes + severity: info + queries_log: + file: queries + print-time: yes + print-category: yes + print-severity: yes + severity: info + query-errors_log: + file: query-errors + print-time: yes + print-category: yes + print-severity: yes + severity: dynamic + default_syslog: + print-time: yes + print-category: yes + print-severity: yes + syslog: daemon + severity: info + default_debug: + file: named.run + print-time: yes + print-category: yes + print-severity: yes + syslog: dynamic + severity: info + category: + default: + - default_syslog + - default_debug + - default_log + config: + - default_syslog + - default_debug + - default_log + dispatch: + - default_syslog + - default_debug + - default_log + network: + - default_syslog + - default_debug + - default_log + general: + - default_syslog + - default_debug + - default_log + resolver: + - auth_servers_log + - default_debug + cname: + - auth_servers_log + - default_debug + delegation-only: + - auth_servers_log + - default_debug + lame-servers: + - auth_servers_log + - default_debug + edns-disabled: + - auth_servers_log + - default_debug + dnssec: + - dnssec_log + - default_debug + notify: + - zone_transfers_log + - default_debug + xfer-in: + - zone_transfers_log + - default_debug + xfer-out: + - zone_transfers_log + - default_debug + update: + - ddns_log + - default_debug + update-security: + - ddns_log + - default_debug + client: + - client_security_log + - default_debug + security: + - client_security_log + - default_debug + rate-limit: + - rate_limiting_log + - default_debug + spill: + - rate_limiting_log + - default_debug + database: + - rate_limiting_log + - default_debug + rpz: + - rpz_log + - default_debug + queries: + - queries_log + query-errors: + - query-errors_log + controls: local: enabled: true