[nsd-users] Basic Logging Support Via Syslog

Lew Payne lew.payne at gmail.com
Tue Sep 1 23:01:00 UTC 2009


Some SYS-V shared-memory calls, and a very small circular buffer would
be fine. You could make the data available, and leave it up to us to
extract it or write a simple logger if you're feeling generous.  If
you included a simple one or two byte incrementing counter at the head
of each entry, we could easily detect screw-ups on our part (failure
to read buffer before wrap-around), as well as easily determine old
data from new.

That's assuming you don't want to use async calls and log to a file
(in which case you just abandon failed writes... which would be fine,
also).

It would certainly be better than the problems posed by running
tcpdump, especially in a production environment.

Hint - For years, I've been using log data (HTTP requests for
nonexistent pages or domains, SMTP requests for nonexistent users,
IMAP and POP3 requests for nonexistent users, etc, etc) to firewall
malicious probes.  The only thing not protected, since switching from
bind to nsd, has been the DNS servers due to lack of adequate logging
facilities.  The performance, ease of use, reliability and security of
nsd has vastly outweighed the logging issue.  However, it would serve
as a crowning touch.

-Lew Payne

On Tue, Sep 1, 2009 at 4:43 PM, Joerg
Sonnenberger<joerg at britannica.bec.de> wrote:
>
> tcpdump can be used without promiscuous mode though.
>
> Back to the original topic, if logging was desirable, using shared
> memory and a separate gathering process is likely a much better idea.



More information about the nsd-users mailing list