From: Remi Gacogne Date: Tue, 23 Dec 2025 16:27:20 +0000 (+0100) Subject: dnsdist: Disable structured logging by default, add options X-Git-Tag: rec-5.4.0-beta1~33^2~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2f8130cef3919b6b704fd66d52089f2d9c8c14d;p=thirdparty%2Fpdns.git dnsdist: Disable structured logging by default, add options Signed-off-by: Remi Gacogne --- diff --git a/pdns/dnsdistdist/dnsdist-configuration.hh b/pdns/dnsdistdist/dnsdist-configuration.hh index 7ae1158251..28c1484bbd 100644 --- a/pdns/dnsdistdist/dnsdist-configuration.hh +++ b/pdns/dnsdistdist/dnsdist-configuration.hh @@ -109,7 +109,7 @@ struct ImmutableConfiguration bool d_ringsRecordResponses{true}; bool d_snmpEnabled{false}; bool d_snmpTrapsEnabled{false}; - bool d_structuredLogging{true}; + bool d_structuredLogging{false}; }; /* this part of the configuration can be updated at runtime via diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc index 1bee806eac..7d9840c4e4 100644 --- a/pdns/dnsdistdist/dnsdist.cc +++ b/pdns/dnsdistdist/dnsdist.cc @@ -2960,13 +2960,15 @@ struct CommandLineParameters { vector locals; vector remotes; - bool checkConfig{false}; - bool beClient{false}; - bool beSupervised{false}; string command; string config; string uid; string gid; + string structuredLoggingBackend; + bool checkConfig{false}; + bool beClient{false}; + bool beSupervised{false}; + bool useStructuredLogging{false}; }; static void usage() @@ -2976,32 +2978,35 @@ static void usage() cout << "[-e,--execute cmd] [-h,--help] [-l,--local addr]\n"; cout << "[-v,--verbose] [--check-config] [--version]\n"; cout << "\n"; - cout << "-a,--acl netmask Add this netmask to the ACL\n"; - cout << "-C,--config file Load configuration from 'file'\n"; - cout << "-c,--client Operate as a client, connect to dnsdist. This reads\n"; - cout << " controlSocket from your configuration file, but also\n"; - cout << " accepts an IP:PORT argument\n"; + cout << "-a,--acl netmask Add this netmask to the ACL\n"; + cout << "-C,--config file Load configuration from 'file'\n"; + cout << "-c,--client Operate as a client, connect to dnsdist. This reads\n"; + cout << " controlSocket from your configuration file, but also\n"; + cout << " accepts an IP:PORT argument\n"; #if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBCRYPTO) - cout << "-k,--setkey KEY Use KEY for encrypted communication to dnsdist. This\n"; - cout << " is similar to setting setKey in the configuration file.\n"; - cout << " NOTE: this will leak this key in your shell's history\n"; - cout << " and in the systems running process list.\n"; + cout << "-k,--setkey KEY Use KEY for encrypted communication to dnsdist. This\n"; + cout << " is similar to setting setKey in the configuration file.\n"; + cout << " NOTE: this will leak this key in your shell's history\n"; + cout << " and in the systems running process list.\n"; #endif - cout << "--check-config Validate the configuration file and exit. The exit-code\n"; - cout << " reflects the validation, 0 is OK, 1 means an error.\n"; - cout << " Any errors are printed as well.\n"; - cout << "-e,--execute cmd Connect to dnsdist and execute 'cmd'\n"; - cout << "-g,--gid gid Change the process group ID after binding sockets\n"; - cout << "-h,--help Display this helpful message\n"; - cout << "-l,--local address Listen on this local address\n"; - cout << "--supervised Don't open a console, I'm supervised\n"; - cout << " (use with e.g. systemd and daemontools)\n"; - cout << "--disable-syslog Don't log to syslog, only to stdout\n"; - cout << " (use with e.g. systemd)\n"; - cout << "--log-timestamps Prepend timestamps to messages logged to stdout.\n"; - cout << "-u,--uid uid Change the process user ID after binding sockets\n"; - cout << "-v,--verbose Enable verbose mode\n"; - cout << "-V,--version Show dnsdist version information and exit\n"; + cout << "--check-config Validate the configuration file and exit. The exit-code\n"; + cout << " reflects the validation, 0 is OK, 1 means an error.\n"; + cout << " Any errors are printed as well.\n"; + cout << "-e,--execute cmd Connect to dnsdist and execute 'cmd'\n"; + cout << "-g,--gid gid Change the process group ID after binding sockets\n"; + cout << "-h,--help Display this helpful message\n"; + cout << "-l,--local address Listen on this local address\n"; + cout << "--supervised Don't open a console, I'm supervised\n"; + cout << " (use with e.g. systemd and daemontools)\n"; + cout << "--disable-syslog Don't log to syslog, only to stdout\n"; + cout << " (use with e.g. systemd)\n"; + cout << "--log-timestamps Prepend timestamps to messages logged to stdout\n"; + cout << "--structured-logging Enable structured logging\n"; + cout << "--structured-logging-backend BACKEND The backend to use when structured logging is enabled\n"; + cout << " Supported values are 'default', 'json' and 'systemd-journal'\n"; + cout << "-u,--uid uid Change the process user ID after binding sockets\n"; + cout << "-v,--verbose Enable verbose mode\n"; + cout << "-V,--version Show dnsdist version information and exit\n"; } #include "sanitizer.hh" @@ -3178,7 +3183,7 @@ static void reportFeatures() static void parseParameters(int argc, char** argv, CommandLineParameters& cmdLine, ComboAddress& clientAddress) { - const std::array longopts{{{"acl", required_argument, nullptr, 'a'}, + const std::array longopts{{{"acl", required_argument, nullptr, 'a'}, {"check-config", no_argument, nullptr, 1}, {"client", no_argument, nullptr, 'c'}, {"config", required_argument, nullptr, 'C'}, @@ -3189,6 +3194,8 @@ static void parseParameters(int argc, char** argv, CommandLineParameters& cmdLin {"local", required_argument, nullptr, 'l'}, {"log-timestamps", no_argument, nullptr, 4}, {"setkey", required_argument, nullptr, 'k'}, + {"structured-logging", no_argument, nullptr, 's'}, + {"structured-logging-backend", required_argument, nullptr, 5}, {"supervised", no_argument, nullptr, 3}, {"uid", required_argument, nullptr, 'u'}, {"verbose", no_argument, nullptr, 'v'}, @@ -3200,7 +3207,7 @@ static void parseParameters(int argc, char** argv, CommandLineParameters& cmdLin while (true) { // NOLINTNEXTLINE(concurrency-mt-unsafe): only one thread at this point - int gotChar = getopt_long(argc, argv, "a:cC:e:g:hk:l:u:vV", longopts.data(), &longindex); + int gotChar = getopt_long(argc, argv, "a:cC:e:g:hk:l:u:svV", longopts.data(), &longindex); if (gotChar == -1) { break; } @@ -3217,6 +3224,9 @@ static void parseParameters(int argc, char** argv, CommandLineParameters& cmdLin case 4: dnsdist::logging::LoggingConfiguration::setLogTimestamps(true); break; + case 5: + cmdLine.structuredLoggingBackend = optarg; + break; case 'C': cmdLine.config = optarg; break; @@ -3262,6 +3272,9 @@ static void parseParameters(int argc, char** argv, CommandLineParameters& cmdLin case 'l': cmdLine.locals.push_back(boost::trim_copy(string(optarg))); break; + case 's': + cmdLine.useStructuredLogging = true; + break; case 'u': cmdLine.uid = optarg; break; @@ -3644,6 +3657,14 @@ int main(int argc, char** argv) cmdLine.config = SYSCONFDIR "/dnsdist.conf"; parseParameters(argc, argv, cmdLine, clientAddress); + dnsdist::configuration::updateImmutableConfiguration([&cmdLine](dnsdist::configuration::ImmutableConfiguration& config) { + config.d_loggingBackend = cmdLine.structuredLoggingBackend; + config.d_structuredLogging = cmdLine.useStructuredLogging; + }); + + if (cmdLine.useStructuredLogging) { + dnsdist::logging::setup(cmdLine.structuredLoggingBackend); + } dnsdist::configuration::updateRuntimeConfiguration([](dnsdist::configuration::RuntimeConfiguration& config) { config.d_lbPolicy = std::make_shared("leastOutstanding", leastOutstanding, false); diff --git a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst index 5c7cc002b7..59164abb3b 100644 --- a/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst +++ b/pdns/dnsdistdist/docs/manpages/dnsdist.1.rst @@ -44,38 +44,41 @@ Virtual Server for example is often mentioned. Options ------- --a , --acl Add *netmask* to the ACL. --C , --config Load configuration from *file*. ---check-config Test the configuration file (which may be set with **--config** or **-C**) - for errors. dnsdist will show the errors and exit with a non-zero - exit-code when errors are found. --c
, --client
Operate as a client, connect to dnsdist. This will read the dnsdist - configuration for the **controlSocket** statement and connect to it. - When *address* (with an optional port number) is set, dnsdist will connect - to that instead. --k , --setkey When operating as a client(**-c**, **--client**), use *key* as - shared secret to connect to dnsdist. This should be the same key - that is used on the server (set with **setKey()**). Note that this - will leak the key into your shell's history and into the systems - running process list. Only available when dnsdist is compiled with - libsodium or libcrypto support. --e, --execute Connect to dnsdist and execute *command*. --h, --help Display a helpful message and exit. --l, --local
Bind to *address*, Supply as many addresses (using multiple - **--local** statements) to listen on as required. Specify IPv4 as - 0.0.0.0:53 and IPv6 as [::]:53. ---supervised Run in foreground, but do not spawn a console. Use this switch to - run dnsdist inside a supervisor (use with e.g. systemd and - daemontools). ---disable-syslog Disable logging to syslog. Use this when running inside a supervisor - that handles logging (like systemd). ---log-timestamps Prepend timestamps to messages logged to standard out. --u, --uid Change the process user to *uid* after binding sockets. *uid* can be - a name or number. --g, --gid Change the process group to *gid* after binding sockets. *gid* Can - be a name or number. --V, --version Show the dnsdist version and exit. --v, --verbose Be verbose. +-a , --acl Add *netmask* to the ACL. +-C , --config Load configuration from *file*. +--check-config Test the configuration file (which may be set with **--config** or **-C**) + for errors. dnsdist will show the errors and exit with a non-zero + exit-code when errors are found. +-c
, --client
Operate as a client, connect to dnsdist. This will read the dnsdist + configuration for the **controlSocket** statement and connect to it. + When *address* (with an optional port number) is set, dnsdist will connect + to that instead. +-k , --setkey When operating as a client(**-c**, **--client**), use *key* as + shared secret to connect to dnsdist. This should be the same key + that is used on the server (set with **setKey()**). Note that this + will leak the key into your shell's history and into the systems + running process list. Only available when dnsdist is compiled with + libsodium or libcrypto support. +-e, --execute Connect to dnsdist and execute *command*. +-h, --help Display a helpful message and exit. +-l, --local
Bind to *address*, Supply as many addresses (using multiple + **--local** statements) to listen on as required. Specify IPv4 as + 0.0.0.0:53 and IPv6 as [::]:53. +--supervised Run in foreground, but do not spawn a console. Use this switch to + run dnsdist inside a supervisor (use with e.g. systemd and + daemontools). +--disable-syslog Disable logging to syslog. Use this when running inside a supervisor + that handles logging (like systemd). +--log-timestamps Prepend timestamps to messages logged to standard out. +--structured-logging Enable structured logging. +--structured-logging-backend The backend to use when structured logging is enabled. + Supported values are 'default', 'json' and 'systemd-journal'. +-u, --uid Change the process user to *uid* after binding sockets. *uid* can be + a name or number. +-g, --gid Change the process group to *gid* after binding sockets. *gid* Can + be a name or number. +-V, --version Show the dnsdist version and exit. +-v, --verbose Be verbose. **address** are any number of downstream DNS servers, in the same syntax as used with **--local**. If the port is not specified, 53 is used.