{"id":4344,"date":"2022-01-14T15:37:57","date_gmt":"2022-01-14T21:37:57","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=4344"},"modified":"2022-01-14T15:38:26","modified_gmt":"2022-01-14T21:38:26","slug":"enable-syslog-for-powerdns-recursor","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/enable-syslog-for-powerdns-recursor\/","title":{"rendered":"Enable Syslog for PowerDNS Recursor"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Enable Logging in PowerDNS Recursor Config<\/li><li>Edit Systemd Unit File for PowerDNS to Allow Syslog<\/li><li>Enable Logging in rsyslog Config File<\/li><\/ol>\n\n\n\n<p>The following links were helpful in setting things up.<\/p>\n\n\n\n<p><a href=\"https:\/\/doc.powerdns.com\/recursor\/running.html\">https:\/\/doc.powerdns.com\/recursor\/running.html<\/a><br><a href=\"https:\/\/www.reddit.com\/r\/linuxadmin\/comments\/9lc4jl\/logging_queries_in_pdnsrecursor\/\">https:\/\/www.reddit.com\/r\/linuxadmin\/comments\/9lc4jl\/logging_queries_in_pdnsrecursor\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enable logging in PowerDNS Recursor Config <\/h2>\n\n\n\n<p>First we need to find the line that says &#8220;disable-syslog&#8221; and uncomment\/change it to <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">disable-syslog=no<\/pre>\n\n\n\n<p>Next find the line that says &#8220;quiet&#8221; and uncomment\/change it to <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">quiet=no<\/pre>\n\n\n\n<p>Some other lines you may want to check and change<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">logging-facality=1<br>loglevel=6<\/pre>\n\n\n\n<p> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Edit Systemd Unit File for PowerDNS to allow Syslog <\/h2>\n\n\n\n<p>Next we need to modify the Systemd unit file to allow PowerDNS Recursor to log to syslog.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl edit --full pdns-recursor.service<\/pre>\n\n\n\n<p>On the ExecStart Line, remove the part that says<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">--disable-syslog<\/pre>\n\n\n\n<p>The resulting line should look something like<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[Service]<br>ExecStart=\/usr\/sbin\/pdns_recursor --socket-dir=%t\/pdns-recursor --socket-dir=%t\/pdns-recursor --daemon=no --write-pid=no --log-timestamp=no<\/pre>\n\n\n\n<p>Save the file.<\/p>\n\n\n\n<p> <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enable Logging in rsyslog Config File <\/h2>\n\n\n\n<p>Edit the rsyslog file <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo vim \/etc\/rsyslog.conf<\/pre>\n\n\n\n<p>Add the following line<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">local1.*        \/var\/log\/pdns_recursor.log<\/pre>\n\n\n\n<p>This should now log all of the PowerDNS Recursor log info to &#8220;\/var\/log\/pdns_recursor.log&#8221;<\/p>\n\n\n\n<p>Restart the rsyslog and PowerDNS Recursor service<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl restart rsyslog\nsudo systemctl restart pdns-recursor<\/pre>\n\n\n\n<p>You should now see DNS request in the log file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">tail \/var\/log\/pdns_recursor.log<\/pre>\n\n\n\n<p>They should also show up in the &#8220;\/var\/log\/messages&#8221; <\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enable Logging in PowerDNS Recursor Config Edit Systemd Unit File for PowerDNS to Allow Syslog Enable Logging in rsyslog Config File The following links were helpful in setting things up. https:\/\/doc.powerdns.com\/recursor\/running.htmlhttps:\/\/www.reddit.com\/r\/linuxadmin\/comments\/9lc4jl\/logging_queries_in_pdnsrecursor\/ Enable logging in PowerDNS Recursor Config First we need &hellip; <a href=\"https:\/\/www.incredigeek.com\/home\/enable-syslog-for-powerdns-recursor\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,46,3],"tags":[17,1255,277,7,234,1250,1279,1278,1280],"class_list":["post-4344","post","type-post","status-publish","format-standard","hentry","category-centos-linux","category-dns","category-linux","tag-centos","tag-centos-8","tag-dns","tag-linux-2","tag-log","tag-logging","tag-pdns","tag-powerdns","tag-recursor"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=4344"}],"version-history":[{"count":4,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4344\/revisions"}],"predecessor-version":[{"id":4349,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4344\/revisions\/4349"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=4344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=4344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=4344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}