[DNSfirewalls] RPZ logging verbosity - controllable?
anne at encs.concordia.ca
Mon Dec 15 22:37:21 UTC 2014
I'm experimenting with RPZ, and the first thing I put in was a
"whitelist" zone to prevent any subsequent ones (some of which
will be maintained automatically from external sources) from
trashing resolution for anything in my own domain.
That turns out to cause a *lot* of logging of the form:
Dec 15 17:05:50 courage named: rpz: info: client
127.0.0.1#48870 (hvg.ece.concordia.ca): view internal:
rpz QNAME PASSTHRU rewrite hvg.ece.concordia.ca
Now, I would usually want to see hits on my RPZs, since they
tell me which of my clients are being tricked into trying
to access probably malware sites, but logging every PASSTHRU
instance is too verbose for me.
Is there any way to turn off the logging for the PASSTHRU
entries, or better, for hits on a particular RPZ, without
losing the logging for the other hits? I suspect that the
answer is "no", and my only option would be to remove the
"rpz" category from my syslog channel, but I thought I'd
ask just in case.
Really neat feature, BTW!
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
anne at encs.concordia.ca +1 514 848-2424 x2285
More information about the DNSfirewalls