Find the answer to your Linux question:
Results 1 to 4 of 4
All, I would like to enable detailed logging for: - DNS requests & replies - tftp requests & replies I would like to setup the log messages to the /var/log/messages ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2003
    Posts
    2

    Enabling logging for named & tftpd on Red Hat?


    All,

    I would like to enable detailed logging for:
    - DNS requests & replies
    - tftp requests & replies

    I would like to setup the log messages to the /var/log/messages file or
    a independent log files in /var/log directory

    Any tips or links would be appreciated?

    T.

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    How much logging do you want?

    if you just want to see that a TCP/UDP packet was sent to that port from a client machine, then an IPtables rule could do the job (logging to syslog).

    eg:
    Code:
    /sbin/iptables -A INPUT -p udp --destination-port 53 -j LOG --log-prefix "DNS Request: "  --log-level=5 -m limit --limit 10/minute --limit-burst 3 --log-tcp-sequence
    
    /sbin/iptables -A INPUT -p udp --destination-port 89 -j LOG --log-prefix "TFTP Request: "  --log-level=5 -m limit --limit 10/minute --limit-burst 3 --log-tcp-sequence
    If you want to see what the exact DNS or TFTP request was, eg, what domain, what file etc, then only the DNS server or TFTP server would know. there may be some logging you can turn on, depending on the daemon, which are you running?

    Jason

  3. #3
    Just Joined!
    Join Date
    Jul 2003
    Posts
    2
    I am running Redhat 7.3

    # uname -a
    Linux 2.4.18-3 #1 Thu Apr 18 07:37:53 EDT 2002 i686 unknown

    i am running named and tfptd

    rpm = tftp-0.28-2

    For TFTP logging I would like to get similar
    logging as I get with yaletftpd from another
    server:

    ie.

    Jul 7 12:04:28 tftpd[1196]: sent 'ata00070edcd051' to 172.18.104.244: succeeded
    Jul 7 12:04:42 tftpd[1197]: sent 'ata00070edcd0d7' to 172.18.104.246: succeeded


    For DNS I would like to get output of name requested and addresses or names replied depending on which type of DNS query is issued (type SRV or A).

    Thanks

    T.

  4. #4
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    For some details on BIND logging, this URL may be of some use:
    http://ism.ucdavis.edu/info/bind/logging.html

    This page: http://publibn.boulder.ibm.com/doc_l...mds5/tftpd.htm show command line switched that can be used to invoke logging of TFTPD file transfers.

    Jason

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •