unbound logfile: How does it work?

[getopt]

In unbound.conf() can be read

      # unbound.conf(5) config file for unbound(8).
      server:
           directory: "/etc/unbound"
           username: unbound
           # make sure unbound can access entropy from inside the chroot.
           # e.g. on linux the use these commands (on BSD, devfs(8) is used):
           #      mount --bind -n /dev/random /etc/unbound/dev/random
           # and  mount --bind -n /dev/log /etc/unbound/dev/log
           chroot: "/etc/unbound"
           # logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
           pidfile: "/etc/unbound/unbound.pid"
           # verbosity: 1      # uncomment and increase to get more logging.

but

 # mount --bind -n /dev/random /etc/unbound/dev/random
mount: illegal option -- -
# mount --bind -n /dev/log /etc/unbound/dev/log
mount: illegal option -- -

with

 # grep log /etc/unbound/unbound.conf
        logfile: /var/log/unbound.log
        use-syslog: no         # yes makes no difference
        log-time-ascii: yes
        log-queries: yes
        val-log-level: 2

always results in

 # ls -l /var/log/unbound.log
-rw-------  1 root  wheel  0  8 Jun 14:23 /var/log/unbound.log
# ls -l /var/unbound/var/log/unbound.log
-rw-r-----  1 root  unbound  0 23 Sep 07:45 /var/unbound/var/log/unbound.log

Having read this http://unbound.net/pipermail/unbound-us ... 00674.html
did not lead to a solution. The size of the logfile stays zero. How to do it the right way?

 

[usdmatt]

There is not a --bind option to mount on FreeBSD. As mentioned in the unbound config file, those commands are for linux and you need to use devfs() on FreeBSD.

mount -t devfs devfs /etc/unbound/dev

This assumes the chroot/directory settings in the config file are set to /etc/unbound (as per the config file quote in your post).
You should end up will a full set of devices, including random, in /etc/unbound/dev

You mention /var/unbound quite a few times in your post, but the config file at the top of your post lists /etc/unbound. I think this may be where some of the issue is coming from.

If unbound is set to use a chroot directory of /etc/unbound, then all paths will be relative to that. So if the log file in the configuration is set to /var/log/unbound.log, the log file should appear in /etc/unbound/var/log/unbound.log.

 

[getopt]

These settings in /etc/unbound/unbound.conf

        logfile: log/unbound.log
        use-syslog: no

will generate logging in /var/unbound/log/unbound.log
But

        use-syslog: yes

will show logging in /var/log/all.log but not /var/log/unbound.log
How should Syslog be configurated to use /var/log/unbound.log?

 

[DenisVS]

Same question.
How to rearrange directories for more appropriate to FreeBSD starndart?
I wish to see the log file in the /var/log dir.

 

[DenisVS]

Unfortunately not works…

# mkdir -p  /var/log/unbound

# chown unbound:unbound /var/log/unbound
# mcedit /var/unbound/unbound.conf
# cat /var/unbound/unbound.conf | grep '\.log'
logfile: /var/log/unbound/unbound.log
# cat /var/unbound/unbound.conf | grep verbosity
verbosity: 5

# /etc/rc.d/local_unbound stop
# /etc/rc.d/local_unbound start
# ll /var/log/unbound/
total 0
# touch /var/log/unbound/unbound.log
# chown unbound:unbound /var/log/unbound/unbound.log
# ll /var/log/unbound/
total 0
-rw-r--r--  1 unbound  unbound  0 17 ноя 08:35 unbound.log
# /etc/rc.d/local_unbound stop
# /etc/rc.d/local_unbound start
# ll /var/log/unbound/
total 0
-rw-r--r--  1 unbound  unbound  0 17 ноя 08:35 unbound.log
# chmod 777 /var/log/unbound/unbound.log
# /etc/rc.d/local_unbound stop
# /etc/rc.d/local_unbound start
# ll /var/log/unbound/
total 0
-rwxrwxrwx  1 unbound  unbound  0 17 ноя 08:35 unbound.log*

 

[getopt]

Unbound runs chrooted. Therefore it cannot access files outside it's chroot.
See unbound.conf(5).

 

[xtaz]

I run unbound from the port rather than the base system, but in case it's useful to anyone I'll share how I solved this.

In /etc/rc.conf:

syslogd_flags="-l /usr/local/etc/unbound/var/run/log"
devfs_set_rulesets="/usr/local/etc/unbound/dev=devfsrules_unbound"

In /etc/devfs.rules:

[devfsrules_unbound=10]
add hide
add path random unhide

In /etc/syslog.conf:

!unbound
*.*                                             /var/log/dns.log
!*

In /usr/local/etc/unbound:

mkdir dev var var/run

In unbound.conf:

chroot: "/usr/local/etc/unbound"

Hopefully you get the jist of what is going on here. This is my particular choice for how to set it up but I have chrooted unbound into /usr/local/etc/unbound, mounted a devfs into the dev directory in there, and created a syslog socket in the var/run directory in there. This allows unbound to use syslog and it logs messages into /var/log/dns.log.