Query log coverage

Wouter Wijngaards wouter at nlnetlabs.nl
Mon May 13 13:50:37 UTC 2019


Hi Darren,

On 5/7/19 12:09 AM, Darren S. via Unbound-users wrote:
> Is there a simple way in Unbound to output a query log for each client
> query to the resolver? Looking for:
> 
> - All cache hits
> - All cache misses
> - Inclusion of client IP address and query source port
> 
> Was looking at `verbosity` option but understood it to indicate that
> only level 5 logs client info, and only cache misses in that case. I
> have a very low volume deployment and the overhead of query logging
> shouldn't be an issue, but it would be ideal if we didn't have to deal
> with level 5 logging in the output.
> 
> Hoping to avoid dnstap for now as would prefer to stay with native OS
> package and no additional dependencies.

Yes this feature exists already.  In fact a number of config statements.
 The shortest is log-queries: yes in unbound.conf.

log-queries: yes prints that information.
log-replies: yes prints in addition the reply in a short form.

log-tag-queryreply: yes prints the tags "query" and "reply" instead of
"info" that the above two log.

log-local-actions: yes prints local zone activity (but that is not what
you asked for).
log-servfail: yes prints why servfail was returned to clients.

log-time-ascii: yes prints the timestamp in readable format instead of
epoch.

val-log-level: 2 logs DNSSEC validation failures to log (but may also be
included in log-servfail).

Best regards, Wouter

> 
> --
> Darren Spruell
> phatbuckett at gmail.com
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190513/4a7976ad/attachment.bin>


More information about the Unbound-users mailing list