Open nexusofdoom opened 5 years ago
@nexusofdoom The documentation at: https://nlnetlabs.nl/documentation/unbound/unbound.conf/ clearly states that you must choose one of the options and not both. I believe you can stream the logfile into syslog somehow.
I am using graylog with filebeat and it's sending the logs from the dns machine to another. I can also recieve syslog in graylog..
this is what I have setup to log :-)
server: verbosity: 1 statistics-interval: 10 num-threads: 2 interface: 192.168.30.230 cache-min-ttl: 2100 cache-max-ttl: 86400 prefetch: yes num-threads: 2 do-daemonize: yes do-ip6: no do-udp: yes do-tcp: yes access-control: 0.0.0.0/0 allow log-queries: yes logfile: /var/log/unbound.log use-syslog: no hide-version: yes identity: "lancache DNS" harden-short-bufsize: no harden-large-queries: no harden-glue: yes rrset-cache-size: 256m msg-cache-size: 128m so-reuseport: yes
#use-syslog: no
in ubuntu since apparmor was blocking it :-)
sudo nano /etc/apparmor.d/usr.sbin.unbound
needed to add this /{,var/}log/*.log rw,
also needed to do this sudo nano /etc/logrotate.conf
/var/log/unbound.log { weekly rotate 5 compress compresscmd xz create 0644 root utmp }
These settings in /etc/unbound/unbound.conf Code: logfile: log/unbound.log use-syslog: no will generate logging in /var/unbound/log/unbound.log But Code: use-syslog: yes will show logging in /var/log/all.log but not /var/log/unbound.log How should Syslog be configurated to use /var/log/unbound.log?