Hello John, I think it should be possible to use chroot and have there custom socket mapped directly to rsyslog.
bind-chroot should be available in CentOS, try running named-chroot.service instead of named.service. I have not tried it on real installation, but I guess it should be easiest way to use arbitrary socket different than common one. Regards, Petr On 5/20/21 11:34 PM, John Thurston wrote: > Many years ago, when we ran ISC BIND on Solaris, we created a logging > channel to send the logged-queries to the local syslogd. We then had our > local syslogd forward most of the traffic on to a central syslog server. > > I just tried to re-implement something like that on CentOS, and thought > I had it working . . until it was exposed to full production traffic > load. The output to our central syslog server was truncated, and my > local system log was filled with messages saying jourald was activating > ratelimiting. !? > > My subsequent read of the docs indicates that BIND on CentOS 7, while > being told it is sending to 'syslogd', is sending to 'journald' which is > handling all the messages and forwarding them on to 'syslogd'. I don't > want journald handling my thousands of messages per second from BIND. I > don't want that information in my journal logs. I just want it out in > the central syslog server. > > Is there some direct way to get the logging channel of BIND pointed > directly into the local syslogd? (which would then apply its forwarding > rules to get traffic to the central syslog server) > > I thought about trying to rip jourald out entirely, and quickly decided > that was a path to madness. > > The only thing I can come up with is to activate dnstap, and have some > other process absorbing the data and spewing it directly to the central > syslogd. > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
