[Opendnssec-user] logging

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Fri Sep 18 09:21:31 UTC 2020

On Mon, Sep 07, 2020 at 12:35:33PM -0700, Randy Bush via Opendnssec-user wrote:
> > somehow i have borked signer logging

I've tried the same setup, i.e. added 

    local2.*		/var/log/signer

to /etc/syslog.conf and in the opendnssec/conf.xml


And I've got logging into the expected file when I start the signer.

> havard suggested i look to see if signerd had a socket open to syslogd.
> as far as i can see, it does not.  is this reasonable?

Different Linux/Unix, different syslogs, different setups so your milage
may vary.  But syslog may use an UDP port, or even more likely a unix
domain socket /dev/log in case this can be expected.
Other ports that may be used are 514 and 601, but I don't expect much here.

I would expect syslog to have the file open:
  lsof | grep /var/log/signer

Some suggestions, since logging didn't really change in past revisions:
- Changes to the logging only become effective after restarting the
- The enforcer uses the exact same logging mechanism, does it log something?
- Unrelated, but usefull, you might want to use a minus before the
  /var/log/signer file in /etc/syslog.conf which is faster.
- has syslog been restarted after configuration change?
- is /dev/log writeable by the opendnssec user (either user defined in the
  <User> field in conf.xml or the user starting the signer)?

Like the above suggest, I suspect something system or configuration
related.  Which distribution are you using?

N: (Berry) A.W. van Halderen
E: berry at nlnetlabs.nl
O: NLnet Labs
W: http://www.nlnetlabs.nl/

More information about the Opendnssec-user mailing list