Query log coverage
Wouter Wijngaards
wouter at nlnetlabs.nl
Mon May 13 13:50:37 UTC 2019
Hi Darren,
On 5/7/19 12:09 AM, Darren S. via Unbound-users wrote:
> Is there a simple way in Unbound to output a query log for each client
> query to the resolver? Looking for:
>
> - All cache hits
> - All cache misses
> - Inclusion of client IP address and query source port
>
> Was looking at `verbosity` option but understood it to indicate that
> only level 5 logs client info, and only cache misses in that case. I
> have a very low volume deployment and the overhead of query logging
> shouldn't be an issue, but it would be ideal if we didn't have to deal
> with level 5 logging in the output.
>
> Hoping to avoid dnstap for now as would prefer to stay with native OS
> package and no additional dependencies.
Yes this feature exists already. In fact a number of config statements.
The shortest is log-queries: yes in unbound.conf.
log-queries: yes prints that information.
log-replies: yes prints in addition the reply in a short form.
log-tag-queryreply: yes prints the tags "query" and "reply" instead of
"info" that the above two log.
log-local-actions: yes prints local zone activity (but that is not what
you asked for).
log-servfail: yes prints why servfail was returned to clients.
log-time-ascii: yes prints the timestamp in readable format instead of
epoch.
val-log-level: 2 logs DNSSEC validation failures to log (but may also be
included in log-servfail).
Best regards, Wouter
>
> --
> Darren Spruell
> phatbuckett at gmail.com
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190513/4a7976ad/attachment.bin>
More information about the Unbound-users
mailing list