FreeBSD-11 - local_unbound logging

Polytropon freebsd at edvax.de
Sun Aug 13 15:38:30 UTC 2017 

On Sun, 13 Aug 2017 11:11:29 -0400, James B. Byrne wrote:
> Thank you for your help.  I was able to get logging to work following
> your suggestion.
> 
> On Sun, August 13, 2017 10:18, Polytropon wrote:
> > On Sun, 13 Aug 2017 10:02:43 -0400, James B. Byrne via
> > freebsd-questions wrote:
> >> I do not get any errors from unbound-checkconf and the local_unbound
> >> service starts but there is no logfile created; at least none where
> >> I expect it to be (/var/unbound/log/unbound.log).
> >
> > DId you try creating the logfile itself so unbound can append
> > to that file (read: append to an _existing_ file)?
> >
> 
> No I did not.  The man page to which you refer below does not state
> that this is necessary and I am accustomed to services that create
> their own log files where one is passed as a configuration option.
> 
> > Try this first:
> >
> > 	# touch /var/unbound/log/unbound.log
> 
> This worked once I also performed:
> 
>         # chmod 660 /var/unbound/log/unbound.log

Yes, some programs check for file permissions ("as a security
recommendation"); "user r/w, nobody else" or "user+group r/w,
nobody else" are common for files that might contain data that
should not be read outside of a very narrow scope - for example
files like .fetchmailrc where POP3 access information is stored:
you don't want to have your credentials as rw/r/r. ;-)



> > and restart the service. Also check your configuration file:
> > You can provide an absolute path for the logfile (for example
> > with the path and name listed above), so the entry would be:
> >
> > 	logfile: "/var/unbound/log/unbound.log"
> >
> > See "man 5 unbound.conf" for details.
> 
> I read and re-read that reference several times without discerning
> that the user must manually create the log file.  It states:
> 
> logfile: <filename>
>               If "" is given, logging goes to stderr, or nowhere
>               once daemonized.  The logfile is appended to, in the
>               following format:
>               [seconds since 1970] unbound[pid:tid]: type: message.
>               If this option is given, the use-syslog is option is
>               set to "no".  The logfile is reopened (for append)
>               when the config file is reread, on SIGHUP.

I'd say "appended to" and "re-opened (for append)" at least
provides a hint. However, it's fairly common that logfiles
need to exist for a program to write to it. For example,
files managed via syslog.conf need to exist so messages
from a specified program can be written to it, as syslog
will not _create_ new files on its own.



> Is one supposed to infer that since the log file is opened for append
> that the program will not create it if it is missing; and will not
> raise a warning or error respecting that fact either?

Yes, this is how I would interpret that piece of text. Other
considerations may be totally valid, but maybe unbound does
agree with the "syslog consensus" that log files are always
appended to _if_ they exist - which implies that they need
to be created beforehand.




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list