Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound no longer logging after 23.01 update

    General pfSense Questions
    3
    5
    458
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by michmoor

      I was recently troubleshooting a Suricata alert and i needed to review the unbound logs. I noticed there wasnt any in my syslog server. So i decided to take a look at the last 30 days and to my surprise Unbound has stopped sending anything to syslog (graylog). Correlating, this seems to have been around the 23.01 update.
      Remote logging options have remained unchanged so not sure whats going on.
      176faa7b-05d3-4009-a3ef-9a5792551624-image.png

      d6c42c2a-6470-4d4b-a9d3-693b639d9727-image.png

      what shows up now are just debugs
      5054a49e-3988-47d1-b593-974ebc33be17-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @michmoor
        last edited by

        Alrighty i found the issue.
        I enabled Python Module under DNS resolver setting. Unchecking that and restarting Unbound i know see all my queries/answers in the logs.

        So the question is what does this setting even do? [im not sure why i even did this]
        300f6301-4c95-4bdf-9dca-511a0c191f85-image.png

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        GertjanG S 2 Replies Last reply Reply Quote 0
        • GertjanG
          Gertjan @michmoor
          last edited by Gertjan

          @michmoor said in Unbound no longer logging after 23.01 update:

          Alrighty i found the issue.
          I enabled Python Module under DNS resolver setting. Unchecking that and restarting Unbound i know see all my queries/answers in the logs.

          Not sure what you mean. I've
          a12f2f12-0165-4740-bc73-74a02af52168-image.png

          and if I want to see a detailed unbound (resolver) query log, I go visit the logs of pfBlockerng :

          74e7c891-3766-4789-91ee-69a700ab29cc-image.png

          Note this log is internal to pfblockerng, and not syslogged.

          Or I switch unbound (resolver) to 'level 3' :

          a145518e-f17c-4602-bd6a-de7ab7d74781-image.png

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @michmoor
            last edited by SteveITS

            @michmoor How were you doing the logging? I was twiddling a bit today and added

            server:
log-queries: yes

            That worked for 3 minutes then apparently stopped logging queries for no apparent reason, until I restarted Unbound just now:

            Mar 31 22:29:00 	unbound 	98566 	[98566:3] info: 10.x.x.x prod.nexusrules.live.com.akadns.net. A IN
Mar 31 22:29:00 	unbound 	98566 	[98566:1] info: 10.x.x.x prod.nexusrules.live.com.akadns.net. AAAA IN
Mar 31 22:28:56 	unbound 	98566 	[98566:0] info: start of service (unbound 1.13.2).
Mar 31 22:28:56 	unbound 	98566 	[98566:0] notice: init module 0: iterator
Mar 31 11:42:15 	unbound 	88124 	[88124:2] info: 10.x.x.x array501.prod.do.dsp.mp.microsoft.com. A IN
Mar 31 11:42:15 	unbound 	88124 	[88124:3] info: 10.x.x.x array501.prod.do.dsp.mp.microsoft.com. AAAA IN

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Rebel Alliance @SteveITS
              last edited by

              Hmm, never mind, I poked around other logs and see

              Mar 31 11:42:22 	syslogd 		kernel boot file is /boot/kernel/kernel
Mar 31 11:42:21 	syslogd 		exiting on signal 15

              ...so apparently there was a reason it stopped logging. Just not a good one.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote ๐Ÿ‘ helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.