Splunk® Supported Add-ons

Splunk Add-on for ISC BIND

Configure ISC BIND server logs

The Splunk Add-on for ISC BIND monitors the log files generated by the ISC BIND server. Configure logging channels for each of the following logs in the ISC BIND server configuration file (named.conf) on the ISC BIND server.

  • notify.log
  • network.log
  • queries.log
  • query-errors.log
  • lame-servers.log

Configure logging channels by updating the logging section of /etc/named.conf as shown in the example.

logging {
channel default_channel {
file "/var/log/named/default.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel general_channel {
file "/var/log/named/general.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel notify_channel {
file "/var/log/named/notify.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel network_channel {
file "/var/log/named/network.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel queries_channel {
file "/var/log/named/queries.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel query-errors_channel {
file "/var/log/named/query-errors.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel lame-servers_channel {
file "/var/log/named/lame-servers.log";
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category default { default_channel; };
category general { general_channel; };
category notify { notify_channel; };
category network { network_channel; };
category queries { queries_channel; };
category query-errors { query-errors_channel; };
category lame-servers { lame-servers_channel; };
};
Last modified on 21 July, 2021
Install the Splunk Add-on for ISC BIND   Configure monitor inputs for the Splunk Add-on for ISC BIND

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters