Question on Unbound logging Best Practices
j dubbz
kapshure at gmail.com
Tue Jun 14 22:22:29 UTC 2016
hi team. We have an Unbound caching server that was setup by another
internal team. However, there is no logging enabled. I not only want this
enabled for troubleshooting internal name resolution issues, but also to
feed into a SIEM, and do other traffic analysis.
My questions (and I know every environment is different)
- Is there a "sizing guide" so one can ascertain how much disk space should
be allocated to the DNS caching host?
- I suppose this might be determined by the log verbosity, so with
verbosity: 1 or verbosity: 3, etc.. how does this come into play?
- Is there anything else to consider other than just adding the #logfile
directive to the .conf file?
- to get the unbound logs over to a syslog/SIEM, I suspect I will need to
use something like rsyslog - correct?
Thanks in advance for any help or advice
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20160614/4dbf54a8/attachment.htm>
More information about the Unbound-users
mailing list