After you have downloaded rules from an RPZ feed, you can test the downloaded policies by using the dig command and observing log messages that contain redirect or rewrite responses in the syslog. The NIOS appliance supports generation of RPZ log messages in CEF (Common Event Format). Note that non-RPZ messages cannot be generated in CEF.
You must enable the rpz option in the Logging Category of the Grid DNS Properties editor to receive RPZ related messages in the syslog. For information about configuring the logging category, see Setting DNS Logging Categories Using a Syslog Server#bookmark2793.
To view RPZ log messages in the syslog, you can use the system filter RPZ Logs from the Quick Filter to filter the messages. Note that only messages in CEF are displayed.
To view RPZ log messages:
...
The name server recursive cache makes a syslog entry when an RPZ functionality fails. The syslog message log format is as follows:
rpz <TYPE> rewrite <QUERY> via <RPZ_RECORD><ERROR_MESSAGE>
where: <TYPE> is one of following RPZ action types: QNAME, IP, NSIP, NSDNAME, CLIENT-IP;
<QUERY> is a query record to process;
<RPZ_RECORD> is an RPZ record that is used to perform an action to the query;
<ERROR_MESSAGE> is a message with error details. Example: NS address rewrite rrset failed:, concatentate() failed:, NS db_find() failed:, stop on qresult in rpz_rewrite() failed:, stop on unrecognized qresult in rpz_rewrite() failed:, etc.
To test RPZ feed policies:
- Open a terminal console on your computer.
- Type the command dig @<your DNS server IP> <queried domain>.
- Go to the Administration tab -> Logs tab -> Syslog tab to view CEF log messages.
...
- .
...