[Opendnssec-user] logging
(Berry) A.W. van Halderen
berry at nlnetlabs.nl
Fri Sep 18 09:21:31 UTC 2020
On Mon, Sep 07, 2020 at 12:35:33PM -0700, Randy Bush via Opendnssec-user wrote:
> > somehow i have borked signer logging
I've tried the same setup, i.e. added
local2.* /var/log/signer
to /etc/syslog.conf and in the opendnssec/conf.xml
<Common>
<Logging>
<Verbosity>3</Verbosity>
<Syslog><Facility>local2</Facility></Syslog>
</Logging>
And I've got logging into the expected file when I start the signer.
> havard suggested i look to see if signerd had a socket open to syslogd.
> as far as i can see, it does not. is this reasonable?
Different Linux/Unix, different syslogs, different setups so your milage
may vary. But syslog may use an UDP port, or even more likely a unix
domain socket /dev/log in case this can be expected.
Other ports that may be used are 514 and 601, but I don't expect much here.
I would expect syslog to have the file open:
lsof | grep /var/log/signer
Some suggestions, since logging didn't really change in past revisions:
- Changes to the logging only become effective after restarting the
signer.
- The enforcer uses the exact same logging mechanism, does it log something?
- Unrelated, but usefull, you might want to use a minus before the
/var/log/signer file in /etc/syslog.conf which is faster.
- has syslog been restarted after configuration change?
- is /dev/log writeable by the opendnssec user (either user defined in the
<User> field in conf.xml or the user starting the signer)?
Like the above suggest, I suspect something system or configuration
related. Which distribution are you using?
\Berry
--
N: (Berry) A.W. van Halderen
E: berry at nlnetlabs.nl
O: NLnet Labs
W: http://www.nlnetlabs.nl/
More information about the Opendnssec-user
mailing list