Logging, monitoring, diagnostics

To read service logs use commands usual for your distribution. E.g. on distributions using systemd-journald use command journalctl -u kresd@* -f.

Knot Resolver supports 6 logging levels - crit, err, warning, notice, info, debug. All levels with the same meaning as is defined in syslog.h. It is possible change logging level using log_level() function.

log_level('debug') -- too verbose for normal usage

Logging level notice is set after start by default, so logs from Knot Resolver should contain only couple lines a day. For debugging purposes it is possible to use the very verbose debug level, but that is generally not usable unless restricted in some way (see below).

In addition to levels, logging is also divided into the groups. All groups are logged by default, but you can enable debug level for selected groups using log_groups() function. Other groups are logged to the log level set by log_level().

It is also possible to enable debug logging level for particular requests, with policies or as an HTTP service.

Less verbose logging for DNSSEC validation errors can be enabled by using DNSSEC validation failure logging module.


string 'crit', 'err', 'warning', 'notice', 'info' or 'debug'


string Current logging level.

Pass a string to set the global logging level.

verbose([true | false])

Deprecated since version 5.4.0: Use log_level() instead.


true enable debug level, false switch to default level (notice).


boolean true when debug level is enabled.

Toggle between debug and notice log level. Use only for debugging purposes. On busy systems verbose logging can produce several MB of logs per second and will slow down operation.


string 'syslog', 'stderr', 'stdout'


string Current logging target.

Knot Resolver logs to standard error stream by default, but typical systemd units change that to 'syslog'. That setting logs directly through systemd’s facilities (if available) to preserve more meta-data.


table of string(s) representing ref:log groups <config_log_groups>


table of string with currently set log groups

Use to turn-on debug logging for the selected groups regardless of the global log level. Calling with no argument lists the currently active log groups. To remove all log groups, call the function with an empty table.

log_groups({'io', 'tls'}  -- turn on debug logging for io and tls groups
log_groups()              -- list active log groups
log_groups({})            -- remove all log groups

Various statistics for monitoring purposes are available in Statistics collector module, including export to central systems like Graphite, Metronome, InfluxDB, or Prometheus format.

Resolver Watchdog is tool to detect and recover from potential bugs that cause the resolver to stop responding properly to queries.

Additional monitoring and debugging methods are described below. If none of these options fits your deployment or if you have special needs you can configure your own checks and exports using Asynchronous events.