[Unbound-users] LOGFILE problem
wouter at NLnetLabs.nl
Mon Jul 13 12:45:43 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
No logs via logfile:
This is because unbound opens the logfile /var/log/unbound.log
after the chroot is done to /var/unbound.
Therefore it tries to access /var/unbound/var/log/unbound.log.
This file does not exist? You can try to mount --bind it there for
example. Or create the directory /var/unbound/var/log.
Unbound has to open it like this, because it supports logfile rotation
with kill -HUP. When reloaded like that, unbound re-opens the logfile,
so that it can be rotated using a log rotate daemon.
No logs via syslog:
Unbound tries to open the syslog socket (/dev/log) before the chroot is
performed. Which version of unbound are you using?
The 1.0 version used to open it after the chroot was done, trying to
open /var/unbound/dev/log (made with mount --bind or devfs on BSD).
But recently this is fixed up, are you having trouble with the new
Also from your config file it seems you want to have lots of
performance, with queries-per-thread 16K and 4 threads, but you only
increase the rrset-cache, and not increase msg-cache-size: 128m. Look
at http://unbound.net/documentation/howto_optimise.html for more on
optimising for performance.
On 07/13/2009 01:14 PM, Isaac González wrote:
> I'm unable to get logs via syslog or via logfile.
> Here is my unbound.conf, I'm running it chrooted in /var/unbound, the
> logfile have write permissions to unbound user.
> verbosity: 5
> statistics-interval: 10
> statistics-cumulative: no
> extended-statistics: yes
> num-threads: 4
> interface: XXXXXXXXXX
> port: 53
> outgoing-interface: XXXXXXXX
> outgoing-range: 16384
> num-queries-per-thread: 16384
> rrset-cache-size: 4m
> rrset-cache-size: 256m
> do-ip4: yes
> do-udp: yes
> do-tcp: yes
> do-daemonize: yes
> access-control: 127.0.0.0/8 allow
> chroot: "/var/unbound"
> username: "unbound"
> directory: "/var/unbound"
> logfile: "/var/log/unbound.log"
> use-syslog: yes #I'VE ALSO TRIED NO
> pidfile: "/var/run/unbound.pid"
> root-hints: "/var/unbound/named.cache"
> hide-identity: no
> hide-version: yes
> identity: "nameserv1"
> version: ""
> harden-large-queries: yes
> control-enable: yes
> server-key-file: "/var/unbound/etc/unbound_server.key"
> server-cert-file: "/var/unbound/etc/unbound_server.pem"
> control-key-file: "/var/unbound/etc/unbound_control.key"
> control-cert-file: "/var/unbound/etc/unbound_control.pem"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Unbound-users