Logrotate Settings in BIND 9
  • 01 Jul 2021
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Logrotate Settings in BIND 9

  • Dark
    Light
  • PDF

Article Summary

Some of our users have asked how to rotate their (traditional, non DNSTAP) logs for BIND 9 to achieve per-day logs.

Here are some possible BIND settings that when combined with the logrotate command (available on most UNIX like systems) will create daily logs:

logging {
        channel ns_log {
                file "/var/log/named/named.log";
                severity dynamic;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
...
        category default { ns_log; };
        category general { ns_log; };
        category config { ns_log; };
};

This disables the BIND size-based log rotation completely.

Once the log file is "just growing", you can use this logrotate configuration to keep 30 days' worth of logs in the /var/log/named/ directory:

/var/log/named/*.log {
  compress
  create 0644 named named
  daily
  dateext
  missingok
  notifempty
  rotate 30
  sharedscripts
  postrotate
    /usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
  endscript
}

Note: this article is based on advice posted on bind-users@lists.isc.org by Stuart Browne.

For more information on how to manage BIND log files, consider watching ISC's 2021 webinars on BIND management presented by Carsten Strotmann. The session on managing log files is available on YouTube.