单独的日志设置每个视图绑定？

我在绑定中设置了一个视图，为VPN用户提供了不同的结果，但是我不提供其他查询，以便非vpn查询将会失败并返回到其内部networkingdns服务器。它工作正常，但我厌倦了填写syslog的所有查询“拒绝”消息。

我试着把日志logging{}; 在视图内的部分，但绑定抱怨。有关如何将安全信息分离出来的想法？

这里是我的设置（在named.options.conf中，并加载了一个include）：

logging { channel default_syslog { // Send most of the named messages to syslog. syslog local2; severity debug; }; channel audit_log { // Send the security related messages to a separate file. file "/var/named/system/named.log"; severity debug; print-time yes; }; channel null { null; }; category default { default_syslog; }; category general { default_syslog; }; category security { audit_log; default_syslog; }; category config { default_syslog; }; category resolver { audit_log; }; category xfer-in { audit_log; }; category xfer-out { audit_log; }; category notify { audit_log; }; category client { audit_log; }; category network { audit_log; }; category update { audit_log; }; category queries { audit_log; }; category lame-servers { null; }; };

如果你使用这个方法，一定要旋转这个文件，否则它会增长到很大的比例。

你可以在绑定本身而不是系统日志中做所有的事情。我在我的所有绑定9 DNS服务器上使用这个configuration。只需将下列行插入到named.conf中，运行named-checkconf以确保语法正确，然后重新启动绑定。一旦你确定它正在工作，你可以开始搞乱严重性设置和其他部分。我认为绑定的重新加载应该改变。

 logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };

无法为每个视图指定日志logging。但是，如果使用syslog-ng进行syslog日志logging，则可以使用筛选器筛选出消息。

 filter f_no_named_denied { not match (regex for the message here); };

然后将此filter应用于您用于DNS日志的任何规则。