Pipe BIND9 logs to a shell.php script

I am trying to extract some data from BIND9's query log. I like to pipe the queries to a script first and then parse it, then log it.

How do I do this? Please help.

logging { channel simple_log { file "/var/log/named/log.sh" versions 10 size 10m; <--- is this possible? print-time yes; print-severity yes; print-category yes; }; category default { simple_log; }; category queries { simple_log; }; };


Solution 1:

You need to use a fifo. This is a "special" file that is really a socket; when processes open this special file and read/write to it, other processes that are connected get the results of those read/writes.

For example, BIND9 would be configured to log to a fifo, then your PHP script would open the fifo as well, and just do reads from it. Every time BIND9 did a write, PHP would return a read.

See man mkfifo, but essentially:

mkfifo /var/log/named/log.fifo

Have BIND9 log to that (remove the versions and size parameters, they won't work with a fifo), then the PHP to read and parse it is up to you, but just remember you open and read from it like any normal file. Reads will block until there is something written to it.

As a test, you can do this:

In Terminal 1:

mkfifo /tmp/test_fifo
cat /tmp/test_fifo

The cat will block because there's nothing to read yet. This is simulating PHP reading from the test_fifo.

Now in Terminal 2:

echo foo >/tmp/test_fifo

Observe how Terminal 1 returns your "foo". This is simulating BIND9 writing something in.

When you're done with a fifo, rm it like any other normal file.