1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#
# README.logging
#
# Introduction into the new logging feature
# available since v0.96
#
In previous version of dnssec-signer every message was written
to the default stdout and stderr channels, and the logging itself
was handled by a redirection of those chanels to the logger command
or to a file.
Now, since version v0.96, the dnssec-signer command is able to log all
messages by itself. File and SYSLOG logging is supported.
To enable the logging into a file channel, you have to specify
the file or directory name via the commandline option -L (--logfile)
or via the config file parameter "LogFile".
LogFile: ""|"<file>"|"<directory>" (default is "")
If a file is specified, than each run of dnssec-signer will append the
messages to tat file. If a directory is specified, than a file with a
name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run.
Logging into the syslog channel could be enabled via the config file
parameter "SyslogFacility".
SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
For both channels, the log level could be independently set to one
of six log levels:
LG_FATAL, LG_ERROR, LG_WARNING
LB_NOTICE, LG_INFO, LG_DEBUG
The loglevel is settable via the config file parameter :
SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is ERROR)
and
LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is NOTICE)
All the log parameters are settable on the commandline via the generic
option -O "optstring" (--config-option="opt").
A verbose message output to stdout could be achieved by the commandline
option -v (or -v -v).
If you want to log the same messages with loglevel LG_DEBUG to a file or
to syslog, you could enable this by setting the config file option
"VerboseLog" to a value of 1 or 2.
Current logging messages:
LG_FATAL: Not all of the fatal errors are logged
(e.g.: config file or command line option fatal errors are
not logged)
LG_ERROR: All error messages will be logged
LG_WARNING: KSK lifetime expiration
LG_NOTICE:
Start and stop of dnssec-signer
Re-signing events
Key rollover events
Zone reload resp. freeze/thaw of dynamic zone
LG_INFO: Currently none
planned:
Mesages for key generation and key status change
(e.g.: pre-publish -> activate; revoked -> removed etc.)
LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages
Some recomended and useful logging settings
- The default setting
LogFile: ""
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Setting as in version v0.95
LogFile: "zkt-error.log" # or a directory for seperate logfiles
LogLevel: ERROR
SyslogFacility: NONE
VerboseLog: 0
- Setting as in previous versions
LogFile: ""
SyslogFacility: NONE
VerboseLog: 0
- Recommended setting for normal usage
LogFile: "zkt.log" # or a directory for seperate logfiles
LogLevel: ERROR
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Recommended setting for debugging
LogFile: "zkt.log" # or a directory for seperate logfiles
LogLevel: DEBUG
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 2
-
|
