Syslog

Randy_Bush · April 11, 2008, 8:23am

i have in /etc/syslog.conf

!unbound
*.* /var/log/named

in my conf file, i have

statistics-interval: 3600
and
use-syslog: yes

i restarted syslogd and started unbound. this was some hours ago.

i have nothing in the syslog file

# ls -l /var/log/named
-rw-r--r-- 1 unbound unbound 0 Apr 11 03:30 /var/log/named

randy

Wouter · April 11, 2008, 8:43am

Hi Randy,

When I start with use-syslog: yes, I immediately see
Apr 11 10:39:38 gary unbound: [28655:0] notice: init module 0: validator
in /var/log/messages.

Could this be due to syslog config? Unbound sets identity "unbound" and
LOG_DAEMON for syslog.

Unbound logs 'start of service' when it starts. Are you sure it is
running (just something to check)?

Best regards,
~ Wouter

Randy Bush wrote:

Randy_Bush · April 11, 2008, 8:52am

Wouter Wijngaards wrote:

Hi Randy,

When I start with use-syslog: yes, I immediately see
Apr 11 10:39:38 gary unbound: [28655:0] notice: init module 0: validator
in /var/log/messages.

Could this be due to syslog config? Unbound sets identity "unbound" and
LOG_DAEMON for syslog.

as i said, entry is

!unbound
*.* /var/log/named

and /var/log/named is writable by unbound, and by root of course

Unbound logs 'start of service' when it starts. Are you sure it is
running (just something to check)?

unbound is running for sure. i can see it in ps and i can resolve names.

nothing in /var/log/messages either, btw.

randy

Wouter · April 11, 2008, 9:01am

Randy Bush wrote:

as i said, entry is

!unbound
*.* /var/log/named

This looks fine.

and /var/log/named is writable by unbound, and by root of course
unbound is running for sure. i can see it in ps and i can resolve names.
nothing in /var/log/messages either, btw.

Thanks for checking. I think this is due to the chroot and /dev/log not
being available from inside the chroot. A symbolic link from
/my_chroot/dev/log to /dev/log may work.
(unless the syslog service you are using works differently).

Unbound is probably trying to log the errors when calling syslog...
unbound -d starts unbound attached to the console, and may show more info.

Best regards,
~ Wouter

Randy_Bush · April 11, 2008, 9:06am

Thanks for checking. I think this is due to the chroot and /dev/log not
being available from inside the chroot. A symbolic link from
/my_chroot/dev/log to /dev/log may work.
(unless the syslog service you are using works differently).

hmmmm. my vague memory is that, when jailed, bind runs another syslogd
instance.

yep

bind 581 0.0 3.1 39804 32100 ?? Ss 12Feb08 12:59.20
/usr/sbin/named -t /var/named -u bind
root 23796 0.0 0.1 3184 1008 ?? Ss 13Mar08 0:07.21
/usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s

and we would have to hack this into the freebsd startup script in contrib

randy