8.3 Configure a Logging syslog Channel - syslog


The syslog option of the logging configuration allows specification of the syslog facility to send log events. A syslog channel should be configured with the value of daemon or other appropriate syslog facility. The default and general categories should be included and the severity level should be info or lower.


Configuring a syslog channel allows BIND to log important information via the standard system syslog facility. It is important that the BIND logs be included with the system monitoring and response that is performed on other system logs, and the syslog facility is helpful to ensure that the important log information isn't lost, or ignored.


Configure a syslog channel to capture at least the default and general categories of log events. For external authoritative name servers, the category lame-servers may be redirect to null, so that it is not logged. Using lame name servers is common for the domains used for SPAM and may overload the log with information that is not very useful.

logging {
. . .
// Syslog
channel default_syslog {
syslog daemon; # send to syslog's daemon facility
severity info; # only send priority info and higher

category default { default_syslog; };
category general { default_syslog; };
// Too many lame servers, especially from SPAM
category lame-servers { null; };

Default Value:

There is no syslog channel by default.

See Also


Item Details


References: 800-53|AU-9(2), CSCv6|6.6

Plugin: Unix

Control ID: a55a1a463d281ccbc322f248f20c7c69cc51c221304abac0794fb8e8d097aa1c