From owner-freebsd-questions@freebsd.org Sun Aug 13 15:38:30 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08819DC4D69 for ; Sun, 13 Aug 2017 15:38:30 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay10.qsc.de (mailrelay10.qsc.de [212.99.163.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 833C6731A1 for ; Sun, 13 Aug 2017 15:38:28 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay10.qsc.de; Sun, 13 Aug 2017 17:38:20 +0200 Received: from r56.edvax.de (port-92-195-45-7.dynamic.qsc.de [92.195.45.7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 722773CBF9; Sun, 13 Aug 2017 17:38:19 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id v7DFcIg9003624; Sun, 13 Aug 2017 17:38:18 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sun, 13 Aug 2017 17:38:18 +0200 From: Polytropon To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD-11 - local_unbound logging Message-Id: <20170813173818.18094d85.freebsd@edvax.de> In-Reply-To: <60c4fb3196dc9b5329af51591cec2e72.squirrel@webmail.harte-lyne.ca> References: <20170813161808.01b27b02.freebsd@edvax.de> <60c4fb3196dc9b5329af51591cec2e72.squirrel@webmail.harte-lyne.ca> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay10.qsc.de with DEA2268349E X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1349 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Aug 2017 15:38:30 -0000 On Sun, 13 Aug 2017 11:11:29 -0400, James B. Byrne wrote: > Thank you for your help. I was able to get logging to work following > your suggestion. > > On Sun, August 13, 2017 10:18, Polytropon wrote: > > On Sun, 13 Aug 2017 10:02:43 -0400, James B. Byrne via > > freebsd-questions wrote: > >> I do not get any errors from unbound-checkconf and the local_unbound > >> service starts but there is no logfile created; at least none where > >> I expect it to be (/var/unbound/log/unbound.log). > > > > DId you try creating the logfile itself so unbound can append > > to that file (read: append to an _existing_ file)? > > > > No I did not. The man page to which you refer below does not state > that this is necessary and I am accustomed to services that create > their own log files where one is passed as a configuration option. > > > Try this first: > > > > # touch /var/unbound/log/unbound.log > > This worked once I also performed: > > # chmod 660 /var/unbound/log/unbound.log Yes, some programs check for file permissions ("as a security recommendation"); "user r/w, nobody else" or "user+group r/w, nobody else" are common for files that might contain data that should not be read outside of a very narrow scope - for example files like .fetchmailrc where POP3 access information is stored: you don't want to have your credentials as rw/r/r. ;-) > > and restart the service. Also check your configuration file: > > You can provide an absolute path for the logfile (for example > > with the path and name listed above), so the entry would be: > > > > logfile: "/var/unbound/log/unbound.log" > > > > See "man 5 unbound.conf" for details. > > I read and re-read that reference several times without discerning > that the user must manually create the log file. It states: > > logfile: > If "" is given, logging goes to stderr, or nowhere > once daemonized. The logfile is appended to, in the > following format: > [seconds since 1970] unbound[pid:tid]: type: message. > If this option is given, the use-syslog is option is > set to "no". The logfile is reopened (for append) > when the config file is reread, on SIGHUP. I'd say "appended to" and "re-opened (for append)" at least provides a hint. However, it's fairly common that logfiles need to exist for a program to write to it. For example, files managed via syslog.conf need to exist so messages from a specified program can be written to it, as syslog will not _create_ new files on its own. > Is one supposed to infer that since the log file is opened for append > that the program will not create it if it is missing; and will not > raise a warning or error respecting that fact either? Yes, this is how I would interpret that piece of text. Other considerations may be totally valid, but maybe unbound does agree with the "syslog consensus" that log files are always appended to _if_ they exist - which implies that they need to be created beforehand. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...