Bug 202129 - dns/unbound: Can't have any UNBOUND logs with Syslog or Rsyslog
Summary: dns/unbound: Can't have any UNBOUND logs with Syslog or Rsyslog
Status: Closed Not Accepted
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Matthew Seaman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-06 12:55 UTC by Sebcouf
Modified: 2017-02-27 14:56 UTC (History)
2 users (show)

See Also:
jaap: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebcouf 2015-08-06 12:55:57 UTC 
Hello,
I have a problem concerning unbound (unbound-1.5.3_1), i can't receive any logs even with the native 'syslog', 'rsyslog'(rsyslog8-8.10.0 ) or 'syslog-ng' (syslog-ng35-3.5.6_6).
But i can log unbound if i use 'syslogd' to redirect logs in localhost to 'rsyslog'.

Here is my configurations:
########
-/etc/syslog.conf:
*.* @127.0.0.1:514

########
-/usr/local/etc/rsyslog.conf:
module(load="imudp")
input(type="imudp" address="127.0.0.1" port="514")

$WorkDirectory /var/spool/rsyslog       # where to place spool files
$ActionQueueFileName rsyslogclient    # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g     # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on   # save messages to disk on shutdown
$ActionQueueType LinkedList     # run asynchronously
$ActionResumeRetryCount -1      # infinety retries if host is down

## Configuration sISlogs

$template DynaFile,"/var/log/SISlogs/%programname%/%$YEAR%%$MONTH%%$DAY%_%programname%.log"

if $programname startswith 'unbound'and $syslogfacility-text startswith 'daemon' and $syslogseverity-text startswith 'info' then -?DynaFile
& ~

########
-/etc/rc.conf:
# RSYSLOG + SYSLOG
syslogd_enable="YES"
syslogd_flags="-s -n -N"

rsyslogd_enable="YES"
rsyslogd_pidfile="/var/run/syslog2.pid"

########
-/usr/local/etc/unbound/unbound.conf:
server:
        username: unbound
        use-syslog: yes
        log-queries: yes
        directory: "/usr/local/etc/unbound"
        chroot: "/usr/local/etc/unbound"
        pidfile: "/usr/local/etc/unbound/unbound.pid"
...

########

How can i receive unbound logs with only one soft ? ('rsyslog' or 'syslog')
Thanks
Sébastien
Comment 1 Sergey Matveychuk freebsd_committer freebsd_triage 2015-08-18 16:21:41 UTC 
I'm not sure this problem is related to unbound. But try to ask in unbound maillist.
Comment 2 Rene Ladan freebsd_committer freebsd_triage 2016-08-21 11:21:46 UTC 
maintainer reset
Comment 3 VK freebsd_triage 2017-01-12 17:49:08 UTC 
Request feedback from new maintainer.
Comment 4 Jaap Akkerhuis 2017-01-18 14:46:04 UTC 
Unbound logs always to syslog unless otherwise specified.
To separate unbound messages I use in syslog.conf

!unbound
*.*  /var/log/unbound.log

and that works fine for years.

I agree with Sergey that this is likely a syslog configuration problem.
For remote logging on a remote machine I do think your configuration
should look like

!unbound
*.*     @remote_machine

You can test whether the remote machine accept and process the packets with something like

$ logger -h remote_machine -t unbound "Unbound log test"

which should work with the standard syslogd.

Note that your unbound is old, the current version is 1.6.0

Success!
Comment 5 Jaap Akkerhuis 2017-02-27 13:38:00 UTC 
Can someone close this please? Thanks.