8.3 Configure a Logging syslog Channel - syslog

Information

The syslog option of the logging configuration allows specification of the syslog facility to send log events. A syslog channel should be configured with the value of daemon or other appropriate syslog facility. The default and general categories should be included and the severity level should be info or lower.

Rationale:

Configuring a syslog channel allows BIND to log important information via the standard system syslog facility. It is important that the BIND logs be included with the system monitoring and response that is performed on other system logs, and the syslog facility is helpful to ensure that the important log information isn't lost, or ignored.

Solution

Configure a syslog channel to capture at least the default and general categories of log events. For external authoritative name servers, the category lame-servers may be redirect to null, so that it is not logged. Using lame name servers is common for the domains used for SPAM and may overload the log with information that is not very useful.

logging {
. . .
// Syslog
channel default_syslog {
syslog daemon; # send to syslog's daemon facility
severity info; # only send priority info and higher
};

category default { default_syslog; };
category general { default_syslog; };
// Too many lame servers, especially from SPAM
category lame-servers { null; };

Default Value:

There is no syslog channel by default.

See Also

https://workbench.cisecurity.org/files/1735

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2), CSCv6|6.6

Plugin: Unix

Control ID: 1d394ec775e688a5d024034112d898380372bfb0719117cbb05949d5aecb51b3