Re: Log Resolving

2016-10-17 Thread W.C.A. Wijngaards via Unbound-users 
Hi Lorenzo,

On 17/10/16 12:52, Lorenzo Mainardi via Unbound-users wrote:
>> Verbosity 2 may also give the information you seek, but much more condensed.
> 
> Can I find some documentation about "verbosity 2" log format?
> 

There isn't really documentation on the format.  An example lookup (I
shortened the lines for easier view).  And I added the ;; in between
lines to separate out the different parts of a single lookup.

notice: init module 0: validator
notice: init module 1: iterator
;;
info: resolving nlnetlabs.nl. A IN
;;
info: priming . IN NS
;;
info: response for . NS IN
info: reply from <.> 202.12.27.33#53
info: query response was ANSWER
;;
info: priming successful for . NS IN
;;
info: response for nlnetlabs.nl. A IN
info: reply from <.> 192.58.128.30#53
info: query response was REFERRAL
;;
info: response for nlnetlabs.nl. A IN
info: reply from  2a00:1188:5::212#53
info: query response was REFERRAL
;;
info: response for nlnetlabs.nl. A IN
info: reply from  2a04:b900::8:0:0:60#53
info: query response was ANSWER

The line with 'resolving  ...' means that this was a cache miss and it
is going to lookup up this query.

The response for  reply from  query response was 
are sequences of lines that belong together.  They tell you what is
happening to the query.  You probably want to see the type ANSWER
response, the last one.  And see that the server for the domain
nlnetlabs.nl and its IP address (and #port number) answered for it.  If
there are errors a response with type ANSWER may never occur in the logs.

Best regards, Wouter



signature.asc
Description: OpenPGP digital signature

Re: Log Resolving

2016-10-17 Thread Lorenzo Mainardi via Unbound-users 
> Verbosity 2 may also give the information you seek, but much more condensed.

Can I find some documentation about "verbosity 2" log format?

Re: Log Resolving

2016-10-17 Thread W.C.A. Wijngaards via Unbound-users 
Hi Lorenzo,

Not easily.  You can set verbosity very high (level 5) and parse the
logfile of unbound.  You can see which queries are not answered from
cache, because it will start the iterator for that query.  You can also
see which upstream servers are used to retrieve the information.

Verbosity 2 may also give the information you seek, but much more condensed.

Best regards, Wouter

On 14/10/16 09:52, Lorenzo Mainardi via Unbound-users wrote:
> Hello to everyone,
> 
> Im trying to insert Unbound log into ELK for analytics and attack
> prevention.
> 
> I would like to log if an entry is in cache or not and which resolver
> it’s used (if it’s not cached)
> 
> There is a way to do it?
> 
> Regards
> 
>  
> 
> * *
> 
> *dig**it**el*
> 
>  
> 
> Via della Fortezza 6 - 50129 Firenze
> 
> www.digitelitalia.com  - 800 901 669
> 
>  
> 
> Ing. Lorenzo Mainardi//
> 
>  
> 
> Tel +39 055 4624933
> 
> Fax +39 055 4624 947
> 
> l...@digitelitalia.com 
> 
>  
> 
>  
> 




signature.asc
Description: OpenPGP digital signature

Log Resolving

2016-10-14 Thread Lorenzo Mainardi via Unbound-users 
Hello to everyone,
Im trying to insert Unbound log into ELK for analytics and attack prevention.
I would like to log if an entry is in cache or not and which resolver it's used 
(if it's not cached)
There is a way to do it?
Regards


digitel

Via della Fortezza 6 - 50129 Firenze
www.digitelitalia.com - 800 901 669

Ing. Lorenzo Mainardi

Tel +39 055 4624933
Fax +39 055 4624 947
l...@digitelitalia.com