This is a simple how-to on getting bindgraph installed on your Ubuntu system. Bindgraph is a handy CGI tool written in Perl that gathers statistics from your BIND9 installation, to see exactly what sort of DNS lookups are made to your DNS server.
Install bindgraph
$ sudo apt-get install bindgraph
Then we need to configure bind9 to log the DNS lookups in such a manner that bindgraph can parse the logs to retrive the information it needs.
$ sudo vim /etc/bind/named.conf
Add the line:
include "/etc/bind/named.conf.log";
Add the actual logging directives:
logging {
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
simple_log;
};
channel xfer-log {
file "/var/log/named/xfer.log";
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
channel query_log {
file "/var/log/named/bind-queries.log";
print-category yes;
print-time yes;
};
category queries {
query_log;
};
};
Then we need to create the log folder needed for our new logging directives
$ sudo mkdir /var/log/named $ sudo chown root:adm /var/log/named $ sudo chmod 0770 /var/log/named
Then we need to add the ‘bind’ user to the ‘adm’ group (group used mostly for applications needing to either read/write logs in Ubuntu).
$ sudo adduser bind adm
Then we need to restart bind9 to reflect the new logging directives.
$ sudo service bind9 restart
Now we need to configure bindgraph
$ sudo vim /etc/default/bindgraph
Make sure the variable ‘DNS_LOG’ points to our bind queries log file
DNS_LOG=/var/log/named/bind-queries.log
This next step is optional, but is highly recommended if you don’t want the whole world to access your DNS statistics.
$ sudo vim /etc/apache/sites-enabled/000-default
Add this to your config file anywhere inside the directive
<Location /cgi-bin/bindgraph.cgi> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from 192.168.1.0/24 </Location>
This step is needed if you run Ubuntu 12.04 LTS. There is an error with the INIT script for the bindgraph package, which can easily be fixed by applying this unified diff.
$ vim bindgraph.patch
Copy and paste the following
--- /tmp/bindgraph/bindgraph 2014-02-17 14:30:32.362138668 -0500 +++ /etc/init.d/bindgraph 2014-02-17 14:36:16.238988085 -0500 @@ -28,6 +28,8 @@ RRD_DIR=/var/lib/bindgraph RRD_NAME=bindgraph +USER_GRP="root:adm" + test -x $DAEMON || exit 0 if [ -f $CONFIG ]; then @@ -49,7 +51,7 @@ case "$1" in start) log_daemon_msg "Starting $DESC" "$DAEMON" - if start-stop-daemon --start --quiet --exec $DAEMON -N 15 -c daemon:adm -- \ + if start-stop-daemon --start --quiet --exec $DAEMON -N 15 -c $USER_GRP -- \ -l $DNS_LOG $FORMAT -d --daemon_rrd=$RRD_DIR --rrd_name=$RRD_NAME $ARGS ; then log_end_msg 0 @@ -60,7 +62,7 @@ stop) log_daemon_msg "Stopping $DESC: " "$DAEMON" - start-stop-daemon --stop --oknodo --pidfile $PIDFILE -c daemon:adm ; + start-stop-daemon --stop --oknodo --pidfile $PIDFILE -c $USER_GRP ; st=$? rm -f $PIDFILE log_end_msg $st
Then apply the patch.
$ sudo patch --verbose /etc/init.d/bindgraph bindgraph.patch
Restart bindgraph and Apache2
$ sudo service bindgraph restart $ sudo service apache2 restart
Now you can access your DNS statistics by pointing your web browser to http://your-ip-address/cgi-bin/bindgraph.cgi
Howto install bindgraph in Ubuntu: This is a simple howto on getting bindgraph installed on your Ubuntu system… http://t.co/8fdd0pRUrs