Enable Syslog for PowerDNS Recursor

Posted on January 14, 2022 by admin

Enable Logging in PowerDNS Recursor Config
Edit Systemd Unit File for PowerDNS to Allow Syslog
Enable Logging in rsyslog Config File

The following links were helpful in setting things up.

https://doc.powerdns.com/recursor/running.html
https://www.reddit.com/r/linuxadmin/comments/9lc4jl/logging_queries_in_pdnsrecursor/

Enable logging in PowerDNS Recursor Config

First we need to find the line that says “disable-syslog” and uncomment/change it to

disable-syslog=no

Next find the line that says “quiet” and uncomment/change it to

quiet=no

Some other lines you may want to check and change

logging-facality=1
loglevel=6

Edit Systemd Unit File for PowerDNS to allow Syslog

Next we need to modify the Systemd unit file to allow PowerDNS Recursor to log to syslog.

systemctl edit --full pdns-recursor.service

On the ExecStart Line, remove the part that says

--disable-syslog

The resulting line should look something like

[Service]
ExecStart=/usr/sbin/pdns_recursor --socket-dir=%t/pdns-recursor --socket-dir=%t/pdns-recursor --daemon=no --write-pid=no --log-timestamp=no

Save the file.

Enable Logging in rsyslog Config File

Edit the rsyslog file

sudo vim /etc/rsyslog.conf

Add the following line

local1.*        /var/log/pdns_recursor.log

This should now log all of the PowerDNS Recursor log info to “/var/log/pdns_recursor.log”

Restart the rsyslog and PowerDNS Recursor service

sudo systemctl restart rsyslog
sudo systemctl restart pdns-recursor

You should now see DNS request in the log file.

tail /var/log/pdns_recursor.log

They should also show up in the “/var/log/messages”

Enable Logging for firewalld

Posted on October 6, 2021 by admin

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

Enable Firewall Logging
Check Logs
Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/

Arduino Print Analog Sensor Input to Serial Monitor

Posted on April 23, 2020 by admin

Need to Specify the serial input
Start the serial connection
Print input to log

// Set analog pin variable
const int aPin = A0;

void setup() {
  // Start Serial connection
  Serial.begin(9600);
}

void loop() {
  // Print analog input to Serial Monitor
  Serial.println(analogRead(aPin));
}

Check Access Logs for website

Posted on October 10, 2019 by admin

Typically on a cPanel host your access logs are kept in

/usr/local/apache/domlogs/username/incredigeek.com

Where username is your cPanel username and incredigeek.com is your website.

To view the logs you can use tail -f to follow the log.

tail -f /usr/local/apache/domlogs/username/incredigeek.com

You can also use grep to search the logs.

grep "text to search" /usr/local/apache/domlogs/username/incredigeek.com

Journalctl command options

Posted on July 12, 2019 by admin

Follow output

journalctl -f

Follow service

journalctl -f -u sshd

Print x many lines. Change x to the amount of lines you want printed

journalctl -n 25 -u sshd

Cisco turn on remote log

Posted on July 12, 2019 by admin

Swap out logserveraddress with the ip or hostname of your remote log server

terminal config
logging on
logging logserveraddress
quit
wr

cPanel Logs

Posted on July 8, 2015 by admin

How to view the logs

There are multiple ways to view log files, here are some common ways.

tail the log, shows the 10 most recent log entries.

tail /var/log/messages

tail the log and keep monitoring it for new entries.

tail -f /var/log/messages

Find specific info in log file

cat /var/log/messages | grep texttosearch

cPanel Log Paths

Main log

/var/log/messages

Access logs

/usr/local/cpanel/logs/access_log

Access logs for a specific domain

/home/user/access-logs/domainname.com

Account Transfers/miscellaneous logs

/var/cpanel/logs

Auditing Log (Account creation and deletions)

/var/cpanel/accounting.log

Backup Logs

/usr/local/cpanel/logs/cpbackup

CPHULKD Log

/usr/local/cpanel/logs/cphulkd.log

DNSAdmin, DNS Clustering

/usr/local/cpanel/logs/dnsadmin_log

Task Queue Processing Daemon

/usr/local/cpanel/logs/queueprocd.log

DBMapping

/usr/local/cpanel/logs/setupdbmap_log

Easy Apache Build logs

/usr/local/cpanel/logs/easy/apache/

Error logs

/usr/local/cpanel/logs/error_log
/var/log/cpanel

License log

/usr/local/cpanel/logs/license_log

local database modifications

/usr/local/cpanel/logs/build_locale_database_log

/usr/local/cpanel/logs/login_log

Bandwidth History

/var/cpanel/bandwidth/{USERNAME}

Service Status Logs

/var/log/chkservd.log

Tailwatch log

/usr/local/cpanel/logs/tailwatch_log

Update Analysis Reporting

/usr/local/cpanel/logs/updated_analysis/{TIMESTAMP}.log

Update log UPCP

/var/cpanel/updatelogs/updated.{TIMESTAMP}.log

cPanel Email Logs

Horde log

/var/cpanel/horde/log/

RoundCube

/var/cpanel/roundcube/log/

Squirrel Mail

/var/cpanel/squirrelmail/

Panic log

/usr/local/cpanel/logs/panic_log

Delivery and receipt log

/var/log/exim_mainlog

Incoming mail queue

/var/spool/exim/input/

Log of messages rejected based on ACLS or other policies

/var/log/exim_rejectlog

Unexpected/Fatal error log

/var/log/exim_paniclog

IMAP, POP login attempts, transactions, fatal errors and spam scoring

/var/log/maillog

Mailman

/usr/local/cpanel/3rdparty/mailmain/logs

MySQL

MySQL error log

/var/lib/mysql/{SERVER_NAME}.err

MySQL slow query log (if enabled in my.cnf)

/var/log/slowqueries

Incredigeek

Tag Archives: log