unable to send log to syslog on the host machine

[PrivateCon88]

In unbound.conf, I set

use-syslog: yes verbosity: 3 log-queries: yes # logfile: /dev/null --> comment out

In docker-compose.yml I put network_mode: "host"

Still, I see no unbound log in /var/log/syslog. But nginx docker able to send log to syslog just fine.

Did I miss something?

[MatthewVance]

Can you provide more details such as your compose file and full config?

On Tue, Feb 16, 2021, 2:03 AM PrivateCon88 notifications@github.com wrote:

In unbound.conf, I set

use-syslog: yes verbosity: 3 log-queries: yes logfile: /dev/null --> comment out

In docker-compose.yml I put network_mode: "host"

Still, I see no unbound log in /var/log/syslog. But nginx docker able to send log to syslog just fine.

Did I miss something?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOTPRWVABR4IAKO5OW3S7IRF5ANCNFSM4XV7RWBQ .

[PrivateCon88]

docker-compose.yml

services:
  unbound:
    image: mvance/unbound
    container_name: unbound
    restart: unless-stopped
    volumes:
      - /doh/unbound:/opt/unbound/etc/unbound
    healthcheck:
      disable: true
    network_mode: "host"

unbound.conf

server:

    cache-max-ttl: 86400
    cache-min-ttl: 300
    directory: "/opt/unbound/etc/unbound"
    edns-buffer-size: 1232
    interface: 0.0.0.0@5353
    rrset-roundrobin: yes
    username: "_unbound"

    log-queries: yes
    #logfile: /opt/unbound/etc/unbound/logs/unbound.log
    verbosity: 3

    aggressive-nsec: yes
    delay-close: 10000
    do-daemonize: no
    do-not-query-localhost: no
    neg-cache-size: 4M
    qname-minimisation: yes

    access-control: 0.0.0.0/0 allow

    auto-trust-anchor-file: "var/root.key"
    chroot: "/opt/unbound/etc/unbound"
    deny-any: yes
    harden-algo-downgrade: yes
    harden-below-nxdomain: yes
    harden-dnssec-stripped: yes
    harden-glue: yes
    harden-large-queries: yes
    harden-referral-path: no
    harden-short-bufsize: yes
    hide-identity: yes
    hide-version: yes
    identity: "unbound"

    ratelimit: 1000
    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
    unwanted-reply-threshold: 10000
    use-caps-for-id: yes
    val-clean-additional: yes

    infra-cache-slabs: 4
    incoming-num-tcp: 10
    key-cache-slabs: 4
    msg-cache-size: 300557653
    msg-cache-slabs: 4
    num-queries-per-thread: 4096
    num-threads: 1
    outgoing-range: 8192
    rrset-cache-size: 601115306
    rrset-cache-slabs: 4
    minimal-responses: yes
    prefetch: yes
    prefetch-key: yes
    serve-expired: yes
    so-reuseport: yes

    client-subnet-zone: "."
    client-subnet-always-forward: yes
    max-client-subnet-ipv4: 24
    log-time-ascii: yes
    use-syslog: yes
    log-identity: unbound
    do-tcp: no
    do-ip6: no

[MatthewVance]

Your volume mount looks off to me. Double check that. If in doubt, exec into the container and see if it mounted your config or loaded the default.

On Tue, Feb 16, 2021, 6:25 AM PrivateCon88 notifications@github.com wrote:

docker-compose.yml

services: unbound: image: mvance/unbound container_name: unbound restart: unless-stopped volumes:

• /doh/unbound:/opt/unbound/etc/unbound healthcheck: disable: true network_mode: "host"

unbound.conf

server:

cache-max-ttl: 86400
cache-min-ttl: 300
directory: "/opt/unbound/etc/unbound"
edns-buffer-size: 1232
interface: 0.0.0.0@5353
rrset-roundrobin: yes
username: "_unbound"

log-queries: yes
#logfile: /opt/unbound/etc/unbound/logs/unbound.log
verbosity: 3

aggressive-nsec: yes
delay-close: 10000
do-daemonize: no
do-not-query-localhost: no
neg-cache-size: 4M
qname-minimisation: yes

access-control: 0.0.0.0/0 allow

auto-trust-anchor-file: "var/root.key"
chroot: "/opt/unbound/etc/unbound"
deny-any: yes
harden-algo-downgrade: yes
harden-below-nxdomain: yes
harden-dnssec-stripped: yes
harden-glue: yes
harden-large-queries: yes
harden-referral-path: no
harden-short-bufsize: yes
hide-identity: yes
hide-version: yes
identity: "unbound"

ratelimit: 1000
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
unwanted-reply-threshold: 10000
use-caps-for-id: yes
val-clean-additional: yes

infra-cache-slabs: 4
incoming-num-tcp: 10
key-cache-slabs: 4
msg-cache-size: 300557653
msg-cache-slabs: 4
num-queries-per-thread: 4096
num-threads: 1
outgoing-range: 8192
rrset-cache-size: 601115306
rrset-cache-slabs: 4
minimal-responses: yes
prefetch: yes
prefetch-key: yes
serve-expired: yes
so-reuseport: yes

client-subnet-zone: "."
client-subnet-always-forward: yes
max-client-subnet-ipv4: 24
log-time-ascii: yes
use-syslog: yes
log-identity: unbound
do-tcp: no
do-ip6: no

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61#issuecomment-779804320, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHORG375GT4OUG4WIRPLS7JP5HANCNFSM4XV7RWBQ .

[PrivateCon88]

I did checked by going inside the container. /opt/unbound/etc/unbound/unbound.conf pointing to the correct file in the host machine.

[MatthewVance]

Chroot is yes but syslog is outside that

On Tue, Feb 16, 2021, 8:03 AM PrivateCon88 notifications@github.com wrote:

I did checked by going inside the container. /opt/unbound/etc/unbound/unbound.conf pointing to the correct file in the host machine.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61#issuecomment-779856498, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOVTOWSDX5Z47Q5ZAPTS7J3KHANCNFSM4XV7RWBQ .

[PrivateCon88]

From what I understand, network_mode: "host" will make the container's localhost is the host machine. Works fine with nginx docker passing the log to the syslog outside the container. So weird.

[MatthewVance]

Is nginx config also in a chroot?

On Tue, Feb 16, 2021, 9:00 AM PrivateCon88 notifications@github.com wrote:

From what I understand, network_mode: "host" will make the container's localhost is the host machine. Works fine with nginx docker passing the log to the syslog outside the container. So weird.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61#issuecomment-779892875, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOTIPDXCQQZS2O2GIP3S7KCAPANCNFSM4XV7RWBQ .

[PrivateCon88]

no it's not chroot. is that the reason this unbound docker can't accesss the syslog?

[MatthewVance]

It may be. The config enables chroot for security reasons. You can disable that in your unbound.conf to see if helps.

chroot: ""

The Unbound docs explain the relationship between chroot and log configs. https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/

On Tue, Feb 16, 2021, 9:06 AM PrivateCon88 notifications@github.com wrote:

no it's not chroot. is that the reason this unbound docker can't accesss the syslog?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61#issuecomment-779896593, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOXYSQZNS7M4VYVITDLS7KCVRANCNFSM4XV7RWBQ .

[PrivateCon88]

chroot disabled but still no luck.

[PrivateCon88]

Hey, @MatthewVance I got it working. chroot is not the problem I just need to mount volumes /dev/log:/dev/log. Voila, works. Anyway, thank you for your effort to help me, @MatthewVance

[MatthewVance]

I'm glad you got it working. Thanks for sharing the fix. Out of curiosity, is chroot still enabled with the volume mount fix?

On Tue, Feb 16, 2021, 10:52 AM PrivateCon88 notifications@github.com wrote:

Hey, @MatthewVance https://github.com/MatthewVance I got it working. chroot is not the problem I just need to mount volumes /dev/log:/dev/log. Voila, works. Anyway, thank you for your effort to help me, @MatthewVance https://github.com/MatthewVance

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker/issues/61#issuecomment-779968100, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOQQ6JQBZOJBJLYST3DS7KPE3ANCNFSM4XV7RWBQ .

[PrivateCon88]

Yes, chroot is still enabled.