Log category RPZ to syslog in BIND 9

by scherand   Last Updated August 13, 2019 23:00 PM

I am running a chrooted BIND 9.11 server on FreeBSD 11.2 that has a RPZ configured. It is currently logging RPZ hits in a file, but I would like to (also) send them to syslog.

I can see other log entries (not RPZ) from BIND in /var/log/messages (which is the default destination for syslog), so in general logging to syslog is working (also from the chrooted environment).

It seems that every example or tutorial on the Internet is logging RPZ hits to a file... So am am even wondering if RPZ is somehow special and the logs cannot be written to syslog?

Here is the relevant part of my config as it currently stands:

  channel normal-log {
    // Without a 'file' statement, logs go to syslog
    syslog daemon;
    severity warning;
  channel named-rpz-file {
     file "/var/log/rpz.log" versions 3 size 250k;
     severity info;
     print-time yes;
  channel named-rpz-syslog {
     syslog security;
     severity info;
     print-time yes;
  category rpz {
  // everything else
  category default {

As I do see log entries in /var/log/rpz.log and BIND entries in the default syslog destination (/var/log/messages) I assume both are basically working: syslog and RPZ. But for some strange reason the RPZ entries do not show up in syslog.

Is anybody successfully logging RPZ hits to syslog with (a chrooted) BIND 9?

