Rotate FreeBSD local

Rotate FreeBSD local_unbound Log

Sunday, May 31 2020

Unbound is a special case for log rotation but easy once you know how it’s done. You need to use unbound-control to send the proper signal to re-open the logfile after rotation.

First, make sure a useful log file is written:

mkdir /var/unbound/log/
chown unbound:unbound /var/unbound/log/

# /var/unbound/unbound.conf

server:
    [...]
    logfile: /var/unbound/log/unbound.log
    verbosity: 2
    use-syslog: no
    log-time-ascii: yes
    log-queries: yes
    log-servfail: yes
    val-log-level: 2
    [...]

Make sure the directive control-enable: yes is present:

# /var/unbound/control.conf

# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
remote-control:
    control-enable: yes
    control-interface: /var/run/local_unbound.ctl
    control-use-cert: no

Create a small script:

# /var/unbound/unbound-log-reopen

#!/bin/sh
# This script restarts unbound after log rotation by newsyslog(8).

/usr/local/sbin/unbound-control -c /var/unbound/unbound.conf -q log_reopen

exit 0

chmod 750 /var/unbound/unbound-log-reopen

Create newsyslog configuration:

# /usr/local/etc/newsyslog.conf.d/unbound.conf

# logfilename                 [owner:group]     mode  count  size  when  flags[/pid_file]  [sig_num]
/var/unbound/log/unbound.log  unbound:wheel     640   7      *     @T00  CBRX  /var/unbound/unbound-log-reopen