Logging, monitoring, diagnostics¶
To read service logs use commands usual for your distribution. E.g. on distributions using systemd-journald use command journalctl -u kresd@* -f
.
Knot Resolver supports 6 logging levels - crit
, err
, warning
, notice
, info
, debug
. All levels with the same meaning as is defined in syslog.h
. It is possible change logging level using log_level()
function.
log_level('debug') -- too verbose for normal usage
Logging level notice
is set after start by default, so logs from Knot Resolver should contain only couple lines a day. For debugging purposes it is possible to use the very verbose debug
level, but that is generally not usable unless restricted in some way (see below).
In addition to levels, logging is also divided into the groups. All groups are logged by default, but you can enable debug
level for selected groups using log_groups()
function. Other groups are logged to the log level set by log_level()
.
It is also possible to enable debug
logging level for particular requests, with policies or as an HTTP service.
Less verbose logging for DNSSEC validation errors can be enabled by using DNSSEC validation failure logging module.
- log_level([level])¶
- Param:
string
'crit'
,'err'
,'warning'
,'notice'
,'info'
or'debug'
- Returns:
string Current logging level.
Pass a string to set the global logging level.
- verbose([true | false])¶
Deprecated since version 5.4.0: Use
log_level()
instead.- Param:
true
enabledebug
level,false
switch to default level (notice
).- Returns:
boolean
true
whendebug
level is enabled.
Toggle between
debug
andnotice
log level. Use only for debugging purposes. On busy systems verbose logging can produce several MB of logs per second and will slow down operation.
- log_target(target)¶
- Param:
string
'syslog'
,'stderr'
,'stdout'
- Returns:
string Current logging target.
Knot Resolver logs to standard error stream by default, but typical systemd units change that to
'syslog'
. That setting logs directly through systemd’s facilities (if available) to preserve more meta-data.
- log_groups([table])¶
- Param:
table of string(s) representing log groups
- Returns:
table of string with currently set log groups
Use to turn-on debug logging for the selected groups regardless of the global log level. Calling with no argument lists the currently active log groups. To remove all log groups, call the function with an empty table.
log_groups({'io', 'tls'} -- turn on debug logging for io and tls groups log_groups() -- list active log groups log_groups({}) -- remove all log groups
Various statistics for monitoring purposes are available in Statistics collector module, including export to central systems like Graphite, Metronome, InfluxDB, or Prometheus format.
Resolver Watchdog is tool to detect and recover from potential bugs that cause the resolver to stop responding properly to queries.
Additional monitoring and debugging methods are described below. If none of these options fits your deployment or if you have special needs you can configure your own checks and exports using Asynchronous events.
- DNSSEC validation failure logging
- Statistics collector
- Scripting worker
- Name Server Identifier (NSID)
- Debugging a single request
- Watchdog
- Dnstap (traffic collection)
- Sentinel for Detecting Trusted Root Keys
- Signaling Trust Anchor Knowledge in DNSSEC
- System time skew detector
- Detect discontinuous jumps in the system time
- Debugging options
- Logging API