Ubuntu logoUbuntu logo

This is a simple how-to on getting bindgraph installed on your Ubuntu system. Bindgraph is a handy CGI tool written in Perl that gathers statistics from your BIND9 installation, to see exactly what sort of DNS lookups are made to your DNS server.

Install bindgraph

$ sudo apt-get install bindgraph

Then we need to configure bind9 to log the DNS lookups in such a manner that bindgraph can parse the logs to retrive the information it needs.

$ sudo vim /etc/bind/named.conf

Add the line:

include "/etc/bind/named.conf.log";

Add the actual logging directives:

logging {
        channel simple_log {
                file "/var/log/named/bind.log" versions 3 size 5m;
                severity warning;
                print-time yes;
                print-severity yes;
                print-category yes;
        };

        category default {
                simple_log;
        };

        channel xfer-log {
                file "/var/log/named/xfer.log";
                print-category yes;
                print-severity yes;
                print-time yes;
                severity info;
        };
        category xfer-in { xfer-log; };
        category xfer-out { xfer-log; };
        category notify { xfer-log; };

        channel query_log {
                file "/var/log/named/bind-queries.log";
                print-category yes;
                print-time yes;
        };

        category queries {
                query_log;
        };
};

Then we need to create the log folder needed for our new logging directives

$ sudo mkdir /var/log/named
$ sudo chown root:adm /var/log/named
$ sudo chmod 0770 /var/log/named

Then we need to add the ‘bind’ user to the ‘adm’ group (group used mostly for applications needing to either read/write logs in Ubuntu).

$ sudo adduser bind adm

Then we need to restart bind9 to reflect the new logging directives.

$ sudo service bind9 restart

Now we need to configure bindgraph

$ sudo vim /etc/default/bindgraph

Make sure the variable ‘DNS_LOG’ points to our bind queries log file

DNS_LOG=/var/log/named/bind-queries.log

This next step is optional, but is highly recommended if you don’t want the whole world to access your DNS statistics.

$ sudo vim /etc/apache/sites-enabled/000-default

Add this to your config file anywhere inside the directive

<Location /cgi-bin/bindgraph.cgi>
  AllowOverride None
  Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  Order allow,deny
  Allow from 192.168.1.0/24
</Location>

This step is needed if you run Ubuntu 12.04 LTS. There is an error with the INIT script for the bindgraph package, which can easily be fixed by applying this unified diff.

$ vim bindgraph.patch

Copy and paste the following

--- /tmp/bindgraph/bindgraph 2014-02-17 14:30:32.362138668 -0500
+++ /etc/init.d/bindgraph 2014-02-17 14:36:16.238988085 -0500
@@ -28,6 +28,8 @@
RRD_DIR=/var/lib/bindgraph
RRD_NAME=bindgraph

+USER_GRP="root:adm"
+
test -x $DAEMON || exit 0

if [ -f $CONFIG ]; then
@@ -49,7 +51,7 @@
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$DAEMON"
- if start-stop-daemon --start --quiet --exec $DAEMON -N 15 -c daemon:adm -- \
+ if start-stop-daemon --start --quiet --exec $DAEMON -N 15 -c $USER_GRP -- \
-l $DNS_LOG $FORMAT -d --daemon_rrd=$RRD_DIR --rrd_name=$RRD_NAME $ARGS ;
then
log_end_msg 0
@@ -60,7 +62,7 @@

stop)
log_daemon_msg "Stopping $DESC: " "$DAEMON"
- start-stop-daemon --stop --oknodo --pidfile $PIDFILE -c daemon:adm ;
+ start-stop-daemon --stop --oknodo --pidfile $PIDFILE -c $USER_GRP ;
st=$?
rm -f $PIDFILE
log_end_msg $st

Then apply the patch.

$ sudo patch --verbose /etc/init.d/bindgraph bindgraph.patch

Restart bindgraph and Apache2

$ sudo service bindgraph restart
$ sudo service apache2 restart

Now you can access your DNS statistics by pointing your web browser to http://your-ip-address/cgi-bin/bindgraph.cgi

By Jostein Elvaker Haande

"A free society is a society where it is safe to be unpopular" - Adlai Stevenson

One thought on “[HOWTO] Install bindgraph in Ubuntu”

Leave a Reply

Your email address will not be published. Required fields are marked *