Unconfigured Ad Widget

**jon1320** · 11-21-2012, 11:01 PM

check out rsyslog + log analyzer. you can incorp all your software with the syslog facilities and let rsyslog handle the rest.

You can UDP or TCP send the logs to one rsyslog server, they have tons of docs on their site.

Also - check out logstash, elastic search. lots of good youtube vids

**bigmike82** · 11-22-2012, 1:39 AM

*nod* That, however, doesn't present bind-specifc logs in an easy to understand picture for management. I've done syslog aggregration with a Splunk frontend before...it's just that final visual piece that I need.

**spacepope** · 11-26-2012, 1:12 PM

Look into rrdtool. You will have to play with it but you can send it parsed log data and have it generate pretty graphs.

Cacti is another option. It runs off of rrdtool but provides a nice layer in between and a nice interface for setting it up.

Edit: both should run on LAMP. I believe rrdtool is php. Could be perl but I'm fairly sure it's php

Sent from my Galaxy Nexus using Tapatalk 2

**ocabj** · 11-26-2012, 5:41 PM

Just out of curiosity, what type of metrics are you trying to extrapolate from the bind logs?

**sfwdiy** · 11-26-2012, 5:52 PM

Originally posted by spacepope

Look into rrdtool. You will have to play with it but you can send it parsed log data and have it generate pretty graphs.

Cacti is another option. It runs off of rrdtool but provides a nice layer in between and a nice interface for setting it up.

Edit: both should run on LAMP. I believe rrdtool is php. Could be perl but I'm fairly sure it's php

Sent from my Galaxy Nexus using Tapatalk 2

Cacti is a php tool, so I'm guessing that rrdtool is as well.

What kind of data are you looking to pull and graph, exactly?

--B

**rjpsb1** · 11-26-2012, 8:56 PM

graylog2

**nothinghere2c** · 11-29-2012, 9:09 PM

Splunk if you know how to use it imo. you can have the agent ship over the logs to your indexer and search head and analyze i think 500mb of logs per day on the free version

**bigmike82** · 11-29-2012, 10:01 PM

*nod* Unfortunately, none of these are bind specifics, and none are able to generate pretty graphs for me for DNS-specific stuff without an extensive effort.

I ended up exporting the logs to mysql and coding my own analyzer. No pretty graphs yet, but I've got some good stats.

**Eldraque** · 11-29-2012, 10:04 PM

I have no idea whats going on in this thread

**bigmike82** · 11-29-2012, 10:12 PM

Heh.

Bind is program to serves up DNS queries (basically...an address book for websites, which run are found by a string of numbers (and, unfortunately, soon a much, much longer string of numbers and letters)) rather than a friendly name. So when you type in www.calguns.net into your browser, your computer doesn't go to a machine with the address of calguns.net. It goes to a machine with the address of 216.218.212.241.

DNS (and Bind) takes care of that translation.

What I was looking for is a way to monitor the DNS server I set up and manage for my employer.

**nothinghere2c** · 11-29-2012, 11:17 PM

yeah, it does take some tweaking to get it to read the bind logs the way you want with graphs. i'm just getting into splunk with rex and such its pretty interesting. in case you feel like checking out the splunk bind app heres some info on it...

Page not found - Splunk Community

http://splunk-base.splunk.com/apps/22356/splunk-for-bind

Unconfigured Ad Widget

Analyzing Bind logs

Analyzing Bind logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Calguns.net Statistics

What's Going On