Add Unbound logging to a separate clog file (unbound.log) and reduce noise from every 5minutes to every hour.

3 files changed, 20 insertions, 8 deletions

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 437e68c4..3bc07814 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -31,7 +31,7 @@ if(!function_exists("get_nameservers"))
 	
 
 function unbound_initial_setup() {
-	global $config;
+	global $config, $g;
 
 	if (!array($config['installedpackages']['unbound']['config']))
 		$config['installedpackages']['unbound']['config'] = array();
@@ -49,10 +49,12 @@ function unbound_initial_setup() {
 	// Touch needed files
 	@touch("/usr/local/etc/unbound/root.hints");
 	@touch("/usr/local/etc/unbound/root-trust-anchor");
+	@touch("{$g['varlog_path']}/unbound.log");
 	// Ensure files and folders belong to unbound
 	@chown("/usr/local/etc/unbound/root-trust-anchor", "unbound");
 	@chgrp("/usr/local/etc/unbound/root-trust-anchor", "wheel");
 	@chmod("/usr/local/etc/unbound/root-trust-anchor", 0600);
+	@chown("{$g['varlog_path']}/unbound.log", "unbound");
 	// We do not need the sample conf or the default rc.d startup file
 	@unlink_if_exists("/usr/local/etc/unbound/unbound.conf.sample");
 	@unlink_if_exists("/usr/local/etc/rc.d/unbound");
@@ -274,9 +276,6 @@ function unbound_resync_config() {
 	 */
 	$unbound_config['harden-dnssec-stripped'] = "yes";
 	
-	// Syslog logging
-	$unbound_config['use-syslog'] = "yes";
-	
 	// Host entries
 	$host_entries = unbound_add_host_entries();
 	
@@ -299,7 +298,7 @@ do-ip6: no
 do-udp: yes
 do-tcp: yes
 do-daemonize: yes
-statistics-interval: 300
+statistics-interval: 3600
 extended-statistics: yes
 statistics-cumulative: no
 # Interface IP(s) to bind to
@@ -307,7 +306,7 @@ statistics-cumulative: no
 chroot: ""
 username: "unbound"
 directory: "/usr/local/etc/unbound"
-pidfile: "/var/run/unbound.pid"
+pidfile: "{$g['varrun_path']}/unbound.pid"
 root-hints: "root.hints"
 harden-dnssec-stripped: {$unbound_config['harden-dnssec-stripped']}
 harden-referral-path: no
@@ -316,7 +315,7 @@ private-address: 172.16.0.0/12
 private-address: 192.168.0.0/16
 prefetch: yes
 prefetch-key: yes
-use-syslog: {$unbound_config['use-syslog']}
+use-syslog: yes
 module-config: "{$module_config}"
 unwanted-reply-threshold: 10000000
 {$anchor_file}
@@ -409,6 +408,7 @@ function unbound_uninstall() {
 	// Remove pkg config directory and startup file
 	mwexec("rm -rf /usr/local/etc/unbound");
 	mwexec("rm -f /usr/local/etc/rc.d/unbound.sh");
+	mwexec("rm -f {$g['varlog_path']}/unbound.log");
 
 	// Remove unbound user
 	exec("/usr/sbin/pw userdel unbound");
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 70b4c20e..1103a0fe 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -975,6 +975,11 @@
       <depends_on_package>openssl-1.0.0_2.tbz</depends_on_package>
 	<build_port_path>/usr/ports/dns/unbound</build_port_path>
 	<build_options>WITHOUT_MAN=true</build_options>
+      <logging>
+        <facilityname>unbound</facilityname>
+        <logfilename>unbound.log</logfilename>
+		<logtab>Unbound</logtab>
+      </logging>
     </package>
 	<package>
 		<name>Shellcmd</name>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index fd5f35ec..231c5976 100755
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -986,9 +986,16 @@
       <configurationfile>unbound.xml</configurationfile>
 	  <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
       <depends_on_package>unbound-1.4.7.tbz</depends_on_package>
+      <depends_on_package>expat-2.0.1_1.tbz</depends_on_package>
+      <depends_on_package>openssl-1.0.0_2.tbz</depends_on_package>
         <build_port_path>/usr/ports/dns/unbound</build_port_path>
         <build_options>WITHOUT_MAN=true</build_options>
-    </package>
+		<logging>
+			<facilityname>unbound</facilityname>
+        	<logfilename>unbound.log</logfilename>
+			<logtab>Unbound</logtab>
+		</logging>
+   </package>
 	<package>
 		<name>Shellcmd</name>
 		<website/>