Is there a simple way in Unbound to output a query log for each client
query to the resolver? Looking for:
- All cache hits
- All cache misses
- Inclusion of client IP address and query source port
Was looking at `verbosity` option but understood it to indicate that
only level 5 logs client info, and only cache misses in that case. I
have a very low volume deployment and the overhead of query logging
shouldn't be an issue, but it would be ideal if we didn't have to deal
with level 5 logging in the output.
Hoping to avoid dnstap for now as would prefer to stay with native OS
package and no additional dependencies.
Hi Darren,
Is there a simple way in Unbound to output a query log for each client
query to the resolver? Looking for:
- All cache hits
- All cache misses
- Inclusion of client IP address and query source port
Was looking at `verbosity` option but understood it to indicate that
only level 5 logs client info, and only cache misses in that case. I
have a very low volume deployment and the overhead of query logging
shouldn't be an issue, but it would be ideal if we didn't have to deal
with level 5 logging in the output.
Hoping to avoid dnstap for now as would prefer to stay with native OS
package and no additional dependencies.
Yes this feature exists already. In fact a number of config statements.
The shortest is log-queries: yes in unbound.conf.
log-queries: yes prints that information.
log-replies: yes prints in addition the reply in a short form.
log-tag-queryreply: yes prints the tags "query" and "reply" instead of
"info" that the above two log.
log-local-actions: yes prints local zone activity (but that is not what
you asked for).
log-servfail: yes prints why servfail was returned to clients.
log-time-ascii: yes prints the timestamp in readable format instead of
epoch.
val-log-level: 2 logs DNSSEC validation failures to log (but may also be
included in log-servfail).
Best regards, Wouter
Hi Darren,
Is there a simple way in Unbound to output a query log for each client
query to the resolver? Looking for:
- All cache hits
- All cache misses
- Inclusion of client IP address and query source port
Was looking at verbosity option but understood it to indicate that
only level 5 logs client info, and only cache misses in that case. I
have a very low volume deployment and the overhead of query logging
shouldn’t be an issue, but it would be ideal if we didn’t have to deal
with level 5 logging in the output.
Hoping to avoid dnstap for now as would prefer to stay with native OS
package and no additional dependencies.
Yes this feature exists already. In fact a number of config statements.
Wonderful! Thanks for reviewing the options. I think I had a different understanding of how the log verbosity was implemented.