unbound sending info and debug to syslog....
-
I'm sending unbound logs to a remote syslog destination (QRadar). I have set verbosity to 3 yet it is emitting info: and debug: logs. this is driving my QRadar system crazy as it has to parse and store all that junk. any suggestions?
thanks in advance!
nrf(FWIW turning off logging to remote in log settings didn't propagate to unbound, I had to add use-syslog: no to the custom properties to null it.)
-
@nrf barring any fixes to unbound I found a way to filter these in QRadar using 'routing' rule to drop.
thanks for your help -
@nrf said in unbound sending info and debug to syslog....:
driving my QRadar system crazy as it has to parse and store all that junk. any suggestions?
Is related to :
@nrf said in unbound sending info and debug to syslog....:
I have set verbosity to 3
Lower that settings to have less verbosity.
-
@Gertjan sorry but setting it to zero does not fix the problem. it should be debugging only at HIGH levels of verbosity.
I have it set at 3 for a reason in any case. a documented feature is that different verbosity levels provide certain information.maybe pfsense has included a developer build of unbound or the developer forgot to turn off some test ifdef's that force debug.
problem solved for now but "sloppy"....