Forum Discussion

Cirrus

Nov 01, 2023

Logs for local-db-publisher

We are running the DNS module on a dedicated box. We have DNS log publisher set to the "local-db-publisher" - however, we are not certain where these logs are located. DNS log queries and log respons...

Jeffrey_Granier
Nov 02, 2023
if thats still not logging you might want to open a case on that

Jeffrey_Granier

Employee

Nov 02, 2023

GTM is the older product name that was used with older TMOS versions. GTM is the correct logfile in this case. Typically you would not want to log every query/response as it does have performance impact to your system. Configuring BIG-IP DNS to log dns queries and responses (f5.com).

To log query/responses here are some quick instructions extracted from that KB article above:

Creating a custom DNS logging profile for logging DNS queries and responses

Create a custom DNS logging profile to log both DNS queries and responses when troubleshooting a DDoS attack.

Note: Logging both DNS queries and responses has an impact on the BIG-IP system performance.

On the Main tab, click DNS > Delivery > Profiles > Other > DNS Logging or Local Traffic > Profiles > Other > DNS Logging. The DNS Logging profile list screen opens.
Click Create. The New DNS Logging profile screen opens.
In the Name field, type a unique name for the profile.
From the Log Publisher list, select a destination to which the BIG-IP system sends DNS log entries.
For the Log Queries setting, ensure that the Enabled check box is selected, if you want the BIG-IP system to log all DNS queries.
For the Log Responses setting, select the Enabled check box, if you want the BIG-IP system to log all DNS responses.
For the Include Query ID setting, select the Enabled check box, if you want the BIG-IP system to include the query ID sent by the client in the log messages.
Click Finished.

mbrandon32
Cirrus
Nov 02, 2023
This KB was reviewed and each setting was enabled - outside of Include Query ID. We're in the process of cleaning some zones up and are looking to see what zones may still have hits, so we'd want all queries to be logged.
- Jeffrey_Granier
  Employee
  Nov 02, 2023
  if thats still not logging you might want to open a case on that
  - mbrandon32
    Cirrus
    Nov 06, 2023
    Case logged with support. It DNS logging profile needed to have the log publisher updated to one that has the local-syslog as the destination. Once updated, the query and response logs are logged in /var/log/ltm

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Logs for local-db-publisher

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Logging DNS Requests

ASM logs

ASM LOGS

Reminder: MFA now required to log in to DevCentral

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Elastic"

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS