Logging, monitoring, diagnostics¶
Knot Resolver logs to standard outputs, which is then captured by supervisor
and sent to logging system for further processing.
To read logs use commands usual for your distribution.
E.g. on distributions using systemd-journald use command
journalctl -u kresd@* -f.
During normal operation only errors and other very important events are logged,
so by default logs from Knot Resolver should contain only couple lines a day.
For debugging purposes it is possible to enable very verbose logging using
verbose([true | false])¶
falseto disable verbose logging.
boolean Current state of verbose logging.
Toggle global verbose logging. Use only for debugging purposes. On busy systems vebose logging can produce several MB of logs per second and will slow down operation.
It is also possible to obtain verbose logs for a single request, see chapter Debugging a single request.
Less verbose logging for DNSSEC validation errors can be enabled using DNSSEC validation failure logging module.
Various statistics for monitoring purposes are available in Statistics collector module, including export to central systems like Graphite, Metronome, InfluxDB, or Prometheus format.
Resolver Watchdog is tool to detect and recover from potential bugs that cause the resolver to stop responding properly to queries.
Additional monitoring and debugging methods are described below. If none of these options fits your deployment or if you have special needs you can configure your own checks and exports using Asynchronous events.
- DNSSEC validation failure logging
- Statistics collector
- Name Server Identifier (NSID)
- Debugging a single request
- Dnstap (traffic collection)
- Sentinel for Detecting Trusted Root Keys
- Signaling Trust Anchor Knowledge in DNSSEC
- System time skew detector
- Detect discontinuous jumps in the system time