# [SOLVED] Blank dnscrypt syslog in top-level root directory?

## RickDeckard

I've had a whole bunch of updates to do to a system that's still running 4.3.3-hardened-r4 today, probably a few months worth, and RBAC is always enabled on the machine.  DNSCrypt usually writes to /var/log/messages but this time it wrote a blank syslog file owned by dnscrypt:dnscrypt to /.  I'm only running DNSCrypt with --ephemeral-keys and --loglevel options as part of an Unbound resolver setup.  

Call me crazy, but shouldn't the syslog always contain information?  Why isn't it writing to messages?  Is there any place I can look to double check and correct this, besides setting --logfile= in /etc/conf.d/dnscrypt-proxy?  And could an update to DNSCrypt have caused this?

I'm not noticing any out of place GRSec entries in the logs.  What can I do to figure this out?

----------

## khayyam

 *RickDeckard wrote:*   

> I've had a whole bunch of updates to do to a system that's still running 4.3.3-hardened-r4 today, probably a few months worth, and RBAC is always enabled on the machine.  DNSCrypt usually writes to /var/log/messages but this time it wrote a blank syslog file owned by dnscrypt:dnscrypt to /.  I'm only running DNSCrypt with --ephemeral-keys and --loglevel options as part of an Unbound resolver setup.

 

RickDeckard ... I have the same ... without hardened/RBAC. The file creation date, and package install date don't seem to suggest the issue started as a result of the later.

```
# ls -l /syslog

-rw-r--r-- 1 dnscrypt dnscrypt 0 2016-06-02 13:55 /syslog

# qlop -Cl =net-dns/dnscrypt-proxy-1.6.1

Sat Feb 20 12:14:03 2016 >>> net-dns/dnscrypt-proxy-1.6.1
```

 *RickDeckard wrote:*   

> Call me crazy, but shouldn't the syslog always contain information?  Why isn't it writing to messages?  Is there any place I can look to double check and correct this, besides setting --logfile= in /etc/conf.d/dnscrypt-proxy?  And could an update to DNSCrypt have caused this?

 

I've tried with '--logfile=/var/log/dnscrypt-proxy.log' and nothing gets logged there, or anywhere currently.

best ... khay

----------

## RickDeckard

I found the DNSCrypt initscript was forcing the syslog write all of a sudden.

So I added DNSCRYPT_LOGFILE=/var/log/messages to the conffile, took out "--logfile=", and now I'm not getting any more "mutually exclusive" warnings or top-level syslog writes.

But DNSCrypt is still refusing to work altogether which has basically brought down my entire internet.  A quick look at the emerge.log file showed it wasn't upgraded as part of the big 4hr-long upgrade so there should never have been any syslog issues in the first place.

----------

## khayyam

 *RickDeckard wrote:*   

> I found the DNSCrypt initscript was forcing the syslog write all of a sudden. So I added DNSCRYPT_LOGFILE=/var/log/messages to the conffile, took out "--logfile=", and now I'm not getting any more "mutually exclusive" warnings or top-level syslog writes.

 

RickDeckard ... yes, I'd meant DNSCRYPT_LOGFILE. I wouldn't point to /var/log/messages as this is used by the syslog facility and you'll end up with both syslog and dnscrypt-proxy attempting to write to the same file.

 *RickDeckard wrote:*   

> But DNSCrypt is still refusing to work altogether which has basically brought down my entire internet.  A quick look at the emerge.log file showed it wasn't upgraded as part of the big 4hr-long upgrade so there should never have been any syslog issues in the first place.

 

Here is how I resolved the issue, re-merge dnscrypt-proxy (my suspicion was that syslog-ng had been updated after the last merge of dnscrypt-proxy and that this caused logopt="--syslog" to fail). Run etc-update/dispatch-conf, and fix the bashism that was introduced.

```
-   if [[ "${DNSCRYPT_LOGFILE}" == "syslog" ]]; then

+   if [ "${DNSCRYPT_LOGFILE}" = "syslog" ]; then
```

Restart dnscrypt-proxy ...

```
Jun 17 19:34:10 aporia dnscrypt-proxy[11814]: Starting dnscrypt-proxy 1.6.1
```

HTH & best ... khay

----------

## RickDeckard

Oh!  OK, I'll try that.  I was under the impression it was safe to write to /var/log/messages because all the DNSCrypt information had gone there before the update.

----------

## khayyam

 *RickDeckard wrote:*   

> Oh!  OK, I'll try that.  I was under the impression it was safe to write to /var/log/messages because all the DNSCrypt information had gone there before the update.

 

RickDeckard ... yes, because '--syslog' was used rather than '--logfile=', so actually its just passing on to syslog and then syslog then writes to /var/log/messages.

best ... khay

----------

## RickDeckard

It worked!  DNSCRYPT_LOGFILE now points to /var/log/dnscrypt/dnscrypt and works if I invoke dnscrypt separately from its initscript with "--user=dnscrypt -d -E -R dnscrypt.org-fr" ... unbound as well as itself still remain crashed in rc-status tho.

I'll poke around some more to see if I can fix that.  As the original issue stands, however, it's solved.

Thank you for your help.

----------

## khayyam

 *RickDeckard wrote:*   

> It worked!  DNSCRYPT_LOGFILE now points to /var/log/dnscrypt/dnscrypt and works if I invoke dnscrypt separately from its initscript with "--user=dnscrypt -d -E -R dnscrypt.org-fr" ... unbound as well as itself still remain crashed in rc-status tho. I'll poke around some more to see if I can fix that.  As the original issue stands, however, it's solved.

 

RickDeckard ... when using '-R,--resolver-name=<name>' you probably also need to provide '-L,--resolvers-list=<file>'.

 *RickDeckard wrote:*   

> Thank you for your help.

 

You're welcome & best ... khay

----------

