lost and found ( for me ? )

BIND : view queries logs with bindgraph

Here’s how to install bindgraph to monitor queries log with GUI ( RRD graph ).
root@ubuntu1204-vm1:~# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"
root@ubuntu1204-vm1:~# uname -ri
3.2.0-44-generic x86_64

install bind9 and bindgraph via apt-get
root@ubuntu1204-vm1:~# apt-get install bind9 bindgraph



root@ubuntu1204-vm1:~# bindgraph.pl --version
bindgraph 0.2 by {dela,md}@linux.it
root@ubuntu1204-vm1:~# named -version
BIND 9.8.1-P1

[ bindgraph ]

bindgraph configuration file.
I used default config.
root@ubuntu1204-vm1:~# less /etc/default/bindgraph
DNS_LOG=/var/log/bind9-query.log
LOG_FORMAT=bind93

[ bind ]

enable queries log
root@ubuntu1204-vm1:~# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
version none;
auth-nxdomain no;    # conform to RFC1035
# listen-on-v6 { any; };
listen-on-v6 { none; };
recursion yes;
};

# enable queries log for bindgraph
logging {
       channel "log_queries" {
               file "/var/log/bind9-query.log";
               severity info;
               print-time yes;
               print-category yes;
       };

       category queries { "log_queries"; };
};

create a query log file and change file owner
root@ubuntu1204-vm1:~# touch /var/log/bind9-query.log
root@ubuntu1204-vm1:~# chown bind:bind /var/log/bind9-query.log

restart bind9
root@ubuntu1204-vm1:~# service bind9 restart

confirm if query logging is enabled.
root@ubuntu1204-vm1:~# rndc status
version: 9.8.1-P1 (version.bind/txt/ch disabled)
CPUs found: 2
worker threads: 2
number of zones: 18
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[ apache ]

install apache to view DNS queries graph via web browser
root@ubuntu1204-vm1:~# apt-get install apache2

cgi for bindgraph has been installed under /usr/lib/cgi-bin/
root@ubuntu1204-vm1:~# dpkg -L bindgraph | grep -i cgi
/usr/lib/cgi-bin
/usr/lib/cgi-bin/bindgraph.cgi

I used default httpd configuration.
# cat /etc/apache2/sites-available/default
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

   Alias /doc/ "/usr/share/doc/"
   <Directory "/usr/share/doc/">
       Options Indexes MultiViews FollowSymLinks
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 127.0.0.0/255.0.0.0 ::1/128
   </Directory>

</VirtualHost>
root@ubuntu1204-vm1:~#

start bindgraph and httpd
# service bindgraph restart
# service apache2 restart

start an web browser and access to http:// your BIND server IP/cgi-bin/bindgraph.cgi
If you can’t see the graph , please type the following command and then access to your BIND.
This might help you diagnose problems.. ( this is as-is based info … )
root@ubuntu1204-vm1:~# /usr/bin/perl -w /usr/sbin/bindgraph.pl -l /var/log/bind9-query.log --format=bind93 -d --daemon_rrd=/var/lib/bindgraph --rrd_name=bindgraph

root@ubuntu1204-vm1:~# ll -d /var/lib/bindgraph/*
-rw-r--r-- 1 root root 7106208  5月 31 02:48 /var/lib/bindgraph/bindgraph.rrd

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.