Re: RPZ logging
Yep; thanks that worked!!
On Sun, Apr 29, 2018 at 10:38 AM, Blason R <blaso...@gmail.com> wrote:
> hmm..ok let me try. Since I am also wrting parsers in logstash wondering
> what exactly would be the log setting I need to pick up.
>
> On Sun, Apr 29, 2018 at 9:12 AM, Bob Harold <rharo...@umich.edu> wrote:
>
>>
>> On Sat, Apr 28, 2018 at 11:29 PM, Blason R <blaso...@gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> I have been struggligng with exact RPZ/Bind option/statement which
>>> enables the logging for RPZ and shows if the query matches RPZ zone.
>>>
>>> Can someone please help me?
>>>
>>>
>> I think the required rpz logging related lines in my named.conf are:
>>
>> logging {
>>
>> channel "rpz_file" {
>> file "/var/log/named/rpz.log" versions 10 size 104857600;
>> severity dynamic;
>> print-time yes;
>> print-severity yes;
>> print-category yes;
>> };
>>
>> category "rpz" {
>> "rpz_file";
>> };
>> };
>>
>> You might want less versions and/or a smaller size - my values allow rpz
>> logs to fill 1gb of disk.
>>
>> --
>> Bob Harold
>>
>>
>>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ logging
hmm..ok let me try. Since I am also wrting parsers in logstash wondering
what exactly would be the log setting I need to pick up.
On Sun, Apr 29, 2018 at 9:12 AM, Bob Harold <rharo...@umich.edu> wrote:
>
> On Sat, Apr 28, 2018 at 11:29 PM, Blason R <blaso...@gmail.com> wrote:
>
>> Hi Folks,
>>
>> I have been struggligng with exact RPZ/Bind option/statement which
>> enables the logging for RPZ and shows if the query matches RPZ zone.
>>
>> Can someone please help me?
>>
>>
> I think the required rpz logging related lines in my named.conf are:
>
> logging {
>
> channel "rpz_file" {
> file "/var/log/named/rpz.log" versions 10 size 104857600;
> severity dynamic;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
>
> category "rpz" {
> "rpz_file";
> };
> };
>
> You might want less versions and/or a smaller size - my values allow rpz
> logs to fill 1gb of disk.
>
> --
> Bob Harold
>
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ logging
On Sat, Apr 28, 2018 at 11:29 PM, Blason R <blaso...@gmail.com> wrote:
> Hi Folks,
>
> I have been struggligng with exact RPZ/Bind option/statement which enables
> the logging for RPZ and shows if the query matches RPZ zone.
>
> Can someone please help me?
>
>
I think the required rpz logging related lines in my named.conf are:
logging {
channel "rpz_file" {
file "/var/log/named/rpz.log" versions 10 size 104857600;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category "rpz" {
"rpz_file";
};
};
You might want less versions and/or a smaller size - my values allow rpz
logs to fill 1gb of disk.
--
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RPZ logging
Hi Folks, I have been struggligng with exact RPZ/Bind option/statement which enables the logging for RPZ and shows if the query matches RPZ zone. Can someone please help me? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ logging
On Fri, May 20, 2016 at 01:36:42PM +0200, Job wrote: > Hello, > > is it possible to log, regarding the RPZ responce policy, everything > EXPECT the CLIENT PASS THROUGH events? I would like to log only what > is matched. 9.11 (alpha release) has a "log" clause to enable/disable logging per individual policy zones. This is all that's configurable currently for RPZ logging. Mukund signature.asc Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ logging
Hello, is it possible to log, regarding the RPZ responce policy, everything EXPECT the CLIENT PASS THROUGH events? I would like to log only what is matched. Thank you, Francesco ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ Logging
Hello
I have several RPZ zones configured on our caching resolver. e.g.
response-policy {
zone whitelist.rpz.switch.ch. policy passthru;
zone malware.rpz.switch.ch. policy GIVEN;
};
I currently log RPZ hits via syslog to a remote log server. I don't want
the whitelist rpz zone hits to be logged. I guess this is not possible.
Any idea?
Daniel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
