<Input in>

Module      im_file

File        'C:\Program Files (x86)\dns.log'（注意这个地方就是上文配的日志路径）

</Input>

<Output out>

Module      om_udp

Host        10.10.10.10（注意这个地方要改成客户的SIP的ip地址）

Port        514

</Output>

<Route route>

Path      in => out

</Route>

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {

              listen-on port 53 { any; };

              listen-on-v6 port 53 { ::1; };

              directory               "/var/named";

              dump-file               "/var/named/data/cache_dump.db";

              statistics-file "/var/named/data/named_stats.txt";

              memstatistics-file "/var/named/data/named_mem_stats.txt";

              recursing-file  "/var/named/data/named.recursing";

              secroots-file   "/var/named/data/named.secroots";

              allow-query     { any; };

              /*

               - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

               - If you are building a RECURSIVE (caching) DNS server, you need to enable

                 recursion.

               - If your recursive DNS server has a public IP address, you MUST enable access

                 control to limit queries to your legitimate users. Failing to do so will

                 cause your server to become part of large scale DNS amplification

                 attacks. Implementing BCP38 within your network would greatly

                 reduce such attack surface

              */

              recursion yes;

              dnssec-enable yes;

              dnssec-validation yes;

              /* Path to ISC DLV key */

              bindkeys-file "/etc/named.root.key";

              managed-keys-directory "/var/named/dynamic";

              pid-file "/run/named/named.pid";

              session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

        channel query_log {

                      syslog local3;

                      severity   info;

                      print-time   yes;

                      print-category  yes;

        };

        category    queries  {  query_log;  };

};

zone "." IN {

              type hint;

              file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imjournal # provides access to the systemd journal

#$ModLoad imklog # reads kernel messages (the same are read from journald)

#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun 514

# Provides TCP syslog reception

#$ModLoad imtcp

#$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files

$WorkDirectory /var/lib/rsyslog

# Use default timestamp format

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,

# not useful and an extreme performance hit

#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/

$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;

# local messages are retrieved through imjournal now.

$OmitLocalLogging on

# File to store the position in the journal

$IMJournalStateFile imjournal.state

#### RULES ####

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.

authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

mail.*                                                  -/var/log/maillog

# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.

uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log

local7.*                                                /var/log/boot.log

# ### begin forwarding rule ###

# The statement between the begin ... end define a SINGLE forwarding

# rule. They belong together, do NOT split them. If you create multiple

# forwarding rules, duplicate the whole block!

# Remote Logging (we use TCP for reliable delivery)

#

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

#$ActionQueueFileName fwdRule1 # unique name prefix for spool files

#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)

#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

#$ActionQueueType LinkedList   # run asynchronously

#$ActionResumeRetryCount -1    # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

#*.* @@remote-host:514

local3.* @10.222.3.146:514

# ### end of the forwarding rule ###