I want to send dhcpd/named log messages to their own file

I'm running dhcpd 4.2.5-P1 and bind 9.9.5-P1 on Slackware64 14.1. I get the following messages in /var/log/messages:
Apr 13 23:17:24 mail dhcpd: Added reverse map from 56.0.168.192.in-addr.arpa. to HOLLY.hprs.local.
Apr 13 23:17:24 mail named[1430]: client 192.168.0.56#55449: updating zone 'hprs.local/IN': deleting rrset at 'HOLLY.hprs.local' AAAA
Apr 13 23:17:24 mail named[1430]: client 192.168.0.56#55449: updating zone 'hprs.local/IN': deleting rrset at 'HOLLY.hprs.local' A
Apr 13 23:17:24 mail named[1430]: client 192.168.0.56#55449: updating zone 'hprs.local/IN': adding an RR at 'HOLLY.hprs.local' A
Apr 13 23:18:44 mail dhcpd: isc-dhcpd-4.2.5-P1
Apr 13 23:19:04 mail dhcpd: DHCPINFORM from 192.168.0.57 via eth1
Apr 13 23:19:04 mail dhcpd: DHCPACK to 192.168.0.57 (c8:9c:dc:fe:e9:86) via eth1
Apr 13 23:19:29 mail dhcpd: DHCPINFORM from 192.168.0.58 via eth1
Apr 13 23:19:29 mail dhcpd: DHCPACK to 192.168.0.58 (2c:27:d7:2f:cf:7a) via eth1

Open in new window

I'd like to stick all these message into their own logfile, not in /var/log/messages. Can someone give me straighforward instructions on how to do this? The manpage on dhcpd says,
The log-facility statement

         log-facility facility;

         This statement causes the DHCP server to do all  of  its  logging  on  the  specified  log  facility  once  the
         dhcpd.conf  file  has been read.  By default the DHCP server logs to the daemon facility.  Possible log facili-
         ties include auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, ntp, security, syslog, user, uucp,
         and  local0  through  local7.  Not all of these facilities are available on all systems, and there may be other
         facilities available on other systems.

         In addition to setting this value, you may need to modify your syslog.conf file to  configure  logging  of  the
         DHCP server.  For example, you might add a line like this:

              local7.debug /var/log/dhcpd.log
... and continues from there. These instructions are basically gobbledygook to me. What exactly settings do I need in dhcpd.conf, syslog.conf to get all dhcpd messages to go to the suggested /var/log/dhcpd.log? I don't really know what "log facilities" are and hope I don't need to get educated on that concept to simply log to a specific file.
LVL 1
jmarkfoleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
I'm not sure it will be exaclty the same for Slackware but this usually works...

Basically you need something like this in your /etc/dhcpd.conf:
log-facility local7;

Open in new window


Depending on the system either of the following can work...

Add this in your /etc/syslog.conf:
# DHCP
local7.debug             /var/log/dhcp/dhcpd.log

Open in new window


Or, add "local7.none" to the syslog.conf, like so:
*.info;mail.none;authpriv.none;cron.none;local7.none         /var/log/messages

Open in new window


You can touch the /var/log/dhcp/dhcpd.log and for good measure maybe restart syslog and dhcpd if feasible:
restart syslog
restart dhcpd
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmarkfoleyAuthor Commented:
OK, that semi-worked. It is now logging dhcpd messages to both /etc/log/messages and the new dhcpd.log.

How do I get it to only go to dhcpd.log (I'm trying to keep clutter down in .../messages)?
0
jmarkfoleyAuthor Commented:
This is in my /etc/syslog.conf:
*.info;*.!warn;\
        authpriv.none;cron.none;mail.none;news.none     -/var/log/messages

Open in new window

I take this to mean that anything info level messages will go to /var/log/messages, right? Which is probably why my dhcpd messages are going there too. Would I then exclude these messages from /var/log/messages by changing that to:
*.info;*.!warn;\
        authpriv.none;cron.none;mail.none;news.none;local7.none     -/var/log/messages

Open in new window

You may have been saying that in your 2nd example, but your use of "or" make it sound like I should choose either on example or the other.

Pending your response, I'll give that a shot.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jmarkfoleyAuthor Commented:
OK, that did in fact work. No more dhcpd: messages in /var/log/messages. Now I'll see if I can do the same for named:

I'll be back! ...
0
Zephyr ICTCloud ArchitectCommented:
Hi, sorry ... Lost track a little ... Thanks, might be somewhat different for named, can't remember everything exactly but I'll look into it ...
0
jmarkfoleyAuthor Commented:
Interesting with named ... Following instructions at http://www.zytrax.com/books/dns/ch7/logging.html, I set up the named log in named.conf as:
logging{
  channel marks_log {
    syslog local7;
    severity info;
  };
  category default{
    marks_log;
  };
};

Open in new window

That partially worked. I got the following messages in my dhcpd.log (I guess I need to rename this):
Apr 17 01:28:11 mail named[10966]: managed-keys-zone: loaded serial 0
Apr 17 01:28:11 mail named[10966]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 17 01:28:11 mail named[10966]: zone 0.168.192.in-addr.arpa/IN: loaded serial 233
Apr 17 01:28:11 mail named[10966]: zone hprs.local/IN: loaded serial 2014094050
Apr 17 01:28:11 mail named[10966]: zone localhost/IN: loaded serial 2
Apr 17 01:28:11 mail named[10966]: all zones loaded
Apr 17 01:28:11 mail named[10966]: running

Open in new window

But still more than 100 messages like the following also in /var/log/message:
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 125.100.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 126.100.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 127.100.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 0.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 254.169.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: D.F.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 8.E.F.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 9.E.F.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: A.E.F.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: B.E.F.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Apr 17 01:28:11 mail named[10966]: command channel listening on 127.0.0.1#953
Apr 17 01:28:11 mail named[10966]: command channel listening on ::1#953

Open in new window

When I set severity to "debug" in named.conf, all these messages went to my new dhcpd.log AND the debug level ones still went to /var/log/messages.

Before I suppose all of these were going to /var/log/messages, but why are some now going to /var/log/dhcpd.log and the debug level going to /var/log/messages? Why are there any debug level messages at all given my syslog.conf:
local7.debug    /var/log/dhcpd.log

*.info;*.!warn;\
        authpriv.none;cron.none;mail.none;news.none;local7.none -/var/log/messages

*.warn;\
        authpriv.none;cron.none;mail.none;news.none     -/var/log/syslog

*.=debug                                                -/var/log/debug

authpriv.*                                              -/var/log/secure

cron.*                                                  -/var/log/cron

mail.*                                                  -/var/log/maillog

*.emerg                                                 *

uucp,news.crit                                          -/var/log/spooler

Open in new window

0
Zephyr ICTCloud ArchitectCommented:
For starters, you could create separate logs in your named file, something like this:

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
   channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

Open in new window


.. and so on, can use separate files for everything ... Source

Now, does this solve the fact that there's still logs in your syslog, might not ... I followed the mentioned guideline and I'm not seeing the extra logs in my syslog, but maybe I'm forgetting something, still need a good dose of caffeine, so bear with me.

Also, more info here
0
jmarkfoleyAuthor Commented:
Well, this all seems to be working OK. I still get a bazillion "named: automatic empty zone" messages in /var/log/messages when named starts, but this might be because starting up may have a special message level, or these messages get output before named processes the 'logging' config. Thereafter, the named messages all go to the designated file. I think I can live with this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.