Maintained by: NLnet Labs

[Unbound-users] LOGFILE problem

W.C.A. Wijngaards
Mon Jul 13 14:45:43 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Isaac,

No logs via logfile:
- --------------------
This is because unbound opens the logfile /var/log/unbound.log
after the chroot is done to /var/unbound.
Therefore it tries to access /var/unbound/var/log/unbound.log.
This file does not exist?  You can try to mount --bind it there for
example.  Or create the directory /var/unbound/var/log.

Unbound has to open it like this, because it supports logfile rotation
with kill -HUP. When reloaded like that, unbound re-opens the logfile,
so that it can be rotated using a log rotate daemon.

No logs via syslog:
- -------------------
Unbound tries to open the syslog socket (/dev/log) before the chroot is
performed.  Which  version of unbound are you using?
The 1.0 version used to open it after the chroot was done, trying to
open /var/unbound/dev/log (made with mount --bind or devfs on BSD).
But recently this is fixed up, are you having trouble with the new
version then?


Also from your config file it seems you want to have lots of
performance, with queries-per-thread 16K and 4 threads, but you only
increase the rrset-cache, and not increase msg-cache-size: 128m.  Look
at http://unbound.net/documentation/howto_optimise.html for more on
optimising for performance.

Best regards,
   Wouter

On 07/13/2009 01:14 PM, Isaac González wrote:
> Hi,
> 
> I'm unable to get logs via syslog or via logfile.
> 
> Here is my unbound.conf, I'm running it chrooted in /var/unbound, the
> logfile have write permissions to unbound user.
> 
> server:
>     verbosity: 5
>     statistics-interval: 10
>     statistics-cumulative: no
>     extended-statistics: yes
>     num-threads: 4
>     interface: XXXXXXXXXX
>     port: 53
>     outgoing-interface: XXXXXXXX
>     outgoing-range: 16384
>     num-queries-per-thread: 16384
>     rrset-cache-size: 4m
>     rrset-cache-size: 256m
>     do-ip4: yes
>     do-udp: yes
>     do-tcp: yes
>     do-daemonize: yes
>     access-control: 127.0.0.0/8 allow
>     chroot: "/var/unbound"
>     username: "unbound"
>     directory: "/var/unbound"
>     logfile: "/var/log/unbound.log"
>     use-syslog: yes #I'VE ALSO TRIED NO
>     pidfile: "/var/run/unbound.pid"
>     root-hints: "/var/unbound/named.cache"
>     hide-identity: no
>     hide-version: yes
>     identity: "nameserv1"
>     version: ""
>     harden-large-queries: yes
> remote-control:
>     control-enable: yes
>     server-key-file: "/var/unbound/etc/unbound_server.key"
>     server-cert-file: "/var/unbound/etc/unbound_server.pem"
>     control-key-file: "/var/unbound/etc/unbound_control.key"
>     control-cert-file: "/var/unbound/etc/unbound_control.pem"
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkpbLHcACgkQkDLqNwOhpPg4jgCeJ5JOXVdmxz5ocQS3c5Er9Sg5
lTYAnRAgaUskHF+LIdCxu3S7MhwjxU0X
=/hzM
-----END PGP SIGNATURE-----