Hi,
Is there a method to rotate the unbound log file in windows?
Access to the file is denied in all cases unless the unbound server is stopped.
In order to get the create time of a new log file set correctly the server must be stopped for at least 15 seconds due to “File System Tunnelling” see:
https://www.forensixchange.com/posts/19_04_13_windows-file-system-tunneling/
Thanks
RayG
Try this one:
Thanks for the pointer Yuri,
I took a look and it would appear to work in the same way that I had envisaged. The unbound process has to be stopped to gain access, the log file renamed and unbound restarted at which point it will create a new log file.
The program I have been using takes just under 0.6 Seconds to achieve that process but during that time any requests that were made that have outstanding replies and any new requests will fail. I have noticed that on several occasions this has caused a process to have issues.
I see there is a “log_reopen” facility in the “unbound_control.exe” but it is not clear at all how this can be used. If Unbound, when this command was used, renamed the log file and then started a new one it would fulfil the necessary requirements but alas the log file remains inaccessible. Even if the log_reopen would relinquish its hold on the file for a set time period then an external program could achieve what is required.
I suspect the best option is for unbound to rename the file as at that point is has full control over what is happening and hopefully buffer new log entries. There could be configuration items to give the new name for the log file and perhaps for how large the log file could be for each given verbosity level. If the date/time were appended to the name that it would always be unique.
Would this be a reasonable suggestion given I have not found or seen any other way apart from the stop/rename/start method I am currently using which has issues.
RayG
RayG via Unbound-users writes:
> I took a look and it would appear to work in the same way that I had
> envisaged. The unbound process has to be stopped to gain access, the log
> file renamed and unbound restarted at which point it will create a new
> log file.
Under UNIX , you want first to rename the ld logfile and then restart
unbound/reoepn the logfile. I donlt know whether Windows behaves
the same.
jaap
Hi Jaap,
Everything I have tried so far in renaming or moving the file while Unbound
is running has not worked. The only way would seem to be Stop/Rename/Start
but as I said this can (and has) caused an issue more than once as running
the task on a schedule it Just runs regardless of what else unbound may be
doing.
If I could I would do what you suggest but I cannot.
RayG
Syslog?
If you could find a syslog server that would handle log create/write/rotate itself then that might fit more naturally within what I assume are platform security/access limitations. Then unbound just logs to syslog.
Joe
Hi Joe,
I did have a syslog server but the Solarwinds (not flavour of the month
these days) wanted a shed load of money to keep it up to date. I have not
looked into trying another one at this time.
IMHO I think this is possible something Unbound on Windows should support,
it does not sound like a big thing to implement. Bit then I am not writing
the software, I hope they can kelp in this aspect.
RayG
"RayG" writes:
> Hi Joe,
>
> I did have a syslog server but the Solarwinds (not flavour of the month
> these days) wanted a shed load of money to keep it up to date. I have not
> looked into trying another one at this time.
>
> IMHO I think this is possible something Unbound on Windows should support,
The windows file semantibs are apparently different then in UniX.
So syslog sould be my suggestion as well.
There are quite of free syslogs servers for windows, a single google
search give me the following hit
<https://www.ittsystems.com/best-free-syslog-server-windows/>\. There
are likely more
jaap
Hi Jaap,
I took a look at some of those offerings and there does not seem to be a
"free" one at all. They all want money and at £100 or there abouts, that's a
bit too much just to get unbound's logging to rotate neatly.
I did try and install one and from what I understand, I comment the "#
logfile:" entry and enable the "use-syslog: yes" and it should all work. But
I had no luck in getting this to function as it should.
RayG
Perhaps consider whether Windows is the best platform to be running unbound on?
Joe
Having installed a syslog server on my system and as far as I can tell its working in itself. What I cannot find out is where unbound it trying to send messages to. At this point in time it would appear to be the event log which is not what I was expecting use_syslog I would have expected it to go to the local system UDP/TCP on port 514 but that does not seem to be happening.
It is not at all helpful to clutter up the eventlog Administrative events with a whole load of unbound error messages (these come from "REFUSED" lookups.
Thinking about this further I would perhaps have expected to see some form of configuration as to where to send syslog messages but again I have found no useful information.
So I have to say at this time the windows implementation writing to a physical file seems to be the best option.
Perhaps Jaap can shed some light on how syslog is supposed to work on windows and what I can do to facilitate rotating log files given that most of what I have tried and has been suggested has not resulted in a positive outcome.
RayG
"RayG" writes:
> Having installed a syslog server on my system and as far as I can tell its working in itself. What I cannot find out is where unbound it trying to send messages to. At this point in time it would appear to be the event log which is not what I was expecting use_syslog I would have expected it to go to the local system UDP/TCP on port 514 but that does not seem to be happening.
>
> It is not at all helpful to clutter up the eventlog Administrative events with a whole load of unbound error messages (these come from "REFUSED" lookups.
So that apparently listens to port 514.
>
> Thinking about this further I would perhaps have expected to see some form of configuration as to where to send syslog messages but again I have found no useful information.
>
> So I have to say at this time the windows implementation writing to a physical file seems to be the best option.
>
> Perhaps Jaap can shed some light on how syslog is supposed to work on windows and what I can do to facilitate rotating log files given that most of what I have tried and has been suggested has not resulted in a positive outcome.
>
No, I cann't. I'm not a Windows user so I wouldn't know. If nobody
else on this list answers, I suggest you take this to a "how to run
windows" list. Or just try google.
jaao
Hi Jaap
So who in NLnetlabs works on Windows?
Someone must know how the offering for windows works, it is a downloadable offering on your website and works well from what I have seen.
RayG
install cygwin and run logrotat as you would do on linux. (or i guess you could use that integrated linux on windows?)
Hi RayG,
My colleague Wouter suggested the following and I believe it will work on Windows (haven't tested; not a windows user):
1.
`unbound-control.exe set_option logfile: unbound-2.log`
this will change the value for the logfile in the unbound *running* configuration.
2.
`unbound-control.exe log_reopen`
this tells unbound to end the old logfile and switch logging to unbound-2.log and then starts writing to the new file.
This is of course not automated and not configurable but you can script it and rotate however you want.
Note that during 1 above I would also change the value in the configuration file itself so that the last logfile value is saved for a restart.
Hope that helps.
Best regards,
-- George
Sorry Eric,
I don’t want to clutter up my system with unwanted software. Cygwin should not be required. The solution should be native to windows if windows is supported.
RayG
Hi George,
Ah! - I had not thought of that method 
apologies
Tested, and it will do the job nicely - just need to do a bit of programming and all will be well.
It has the added bonus (perhaps) if you set the access permissions correctly there is not need for admin privs.
RayG