Date: Sun, 13 Aug 2017 17:38:18 +0200 From: Polytropon <freebsd@edvax.de> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD-11 - local_unbound logging Message-ID: <20170813173818.18094d85.freebsd@edvax.de> In-Reply-To: <60c4fb3196dc9b5329af51591cec2e72.squirrel@webmail.harte-lyne.ca> References: <d07d474ff8fa5689248708eaa62d506d.squirrel@webmail.harte-lyne.ca> <20170813161808.01b27b02.freebsd@edvax.de> <60c4fb3196dc9b5329af51591cec2e72.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Aug 2017 11:11:29 -0400, James B. Byrne wrote:
> Thank you for your help. I was able to get logging to work following
> your suggestion.
>
> On Sun, August 13, 2017 10:18, Polytropon wrote:
> > On Sun, 13 Aug 2017 10:02:43 -0400, James B. Byrne via
> > freebsd-questions wrote:
> >> I do not get any errors from unbound-checkconf and the local_unbound
> >> service starts but there is no logfile created; at least none where
> >> I expect it to be (/var/unbound/log/unbound.log).
> >
> > DId you try creating the logfile itself so unbound can append
> > to that file (read: append to an _existing_ file)?
> >
>
> No I did not. The man page to which you refer below does not state
> that this is necessary and I am accustomed to services that create
> their own log files where one is passed as a configuration option.
>
> > Try this first:
> >
> > # touch /var/unbound/log/unbound.log
>
> This worked once I also performed:
>
> # chmod 660 /var/unbound/log/unbound.log
Yes, some programs check for file permissions ("as a security
recommendation"); "user r/w, nobody else" or "user+group r/w,
nobody else" are common for files that might contain data that
should not be read outside of a very narrow scope - for example
files like .fetchmailrc where POP3 access information is stored:
you don't want to have your credentials as rw/r/r. ;-)
> > and restart the service. Also check your configuration file:
> > You can provide an absolute path for the logfile (for example
> > with the path and name listed above), so the entry would be:
> >
> > logfile: "/var/unbound/log/unbound.log"
> >
> > See "man 5 unbound.conf" for details.
>
> I read and re-read that reference several times without discerning
> that the user must manually create the log file. It states:
>
> logfile: <filename>
> If "" is given, logging goes to stderr, or nowhere
> once daemonized. The logfile is appended to, in the
> following format:
> [seconds since 1970] unbound[pid:tid]: type: message.
> If this option is given, the use-syslog is option is
> set to "no". The logfile is reopened (for append)
> when the config file is reread, on SIGHUP.
I'd say "appended to" and "re-opened (for append)" at least
provides a hint. However, it's fairly common that logfiles
need to exist for a program to write to it. For example,
files managed via syslog.conf need to exist so messages
from a specified program can be written to it, as syslog
will not _create_ new files on its own.
> Is one supposed to infer that since the log file is opened for append
> that the program will not create it if it is missing; and will not
> raise a warning or error respecting that fact either?
Yes, this is how I would interpret that piece of text. Other
considerations may be totally valid, but maybe unbound does
agree with the "syslog consensus" that log files are always
appended to _if_ they exist - which implies that they need
to be created beforehand.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170813173818.18094d85.freebsd>