Tags

, ,

1. Install bindgraph

# apt-get install bindgraph

2. Enabling logging in bind9
Add a config file where We’ll include logging configuration:

# vi /etc/bind/named.conf
include “/etc/bind/named.conf.log”;

Add definition logging:

# vi /etc/bind/named.conf.log

# Configure the logging options
logging {

category security { security_channel; default; };
category lame-servers { null; };
category default { default; };
category queries { querylog; };

channel security_channel {
file ”/var/log/named/security.log”;
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};

channel default {
file “/var/log/named/bind.log” versions 3 size 5m;
severity warning;
print-time yes;
print-category yes;
print-severity yes;
};

channel “querylog” {
file “/var/log/named/bind-queries.log”;
print-time yes;
print-category yes;
};
};

This log configuration creates a new channel that will send all log output to the log file definition and associate this channel with the predefined category named queries, included with bind software.

3. Create named directory for logging and set correctly permissions:

# mkdir /var/log/named
# chown bind:bind /var/log/named/

4. Restart bind9 service:

# service bind9 restart

5. Configuring bindgraph

Edit bindgraph settings to set the correct file queries log:

# vi /etc/default/bindgraph
DNS_LOG=/var/log/named/bind-queries.log

6. Edit apache settings to access only to the statistics from internal network:

# vi /etc/apache2/sites-enabled/000-default

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from 192.168.1.0/24

7. Restart bindgraph service and apache:

# service bindgraph restart
# service apache2 restart

8. Now we can access our statistics from the link: http://your-ip-address/cgi-bin/bindgraph.cgi

[source: http://opentodo.net/2012/09/monitoring-dns-queries-with-bindgraph/]