Unbound log rotation

Can someone please post a working logrotation config file for unbound log files?

The log file in my setup don't get rotated. It fills up disk to 100%.
What are the file permissions/ownership of unbound.log?

This does NOT work for me:

/var/log/unbound/unbound.log {
        daily
        rotate 31
        compress
        delaycompress
        missingok
        notifempty
        create 644 unbound unbound
}

Try:

EDIT:

pi@ph5:~ $ ps -o uid,user,gid,group,pid,cmd -C unbound
  UID USER       GID GROUP      PID CMD
  109 unbound    114 unbound    483 /usr/sbin/unbound -d

pi@ph5:~ $ stat /var/log/unbound/unbound.log
[..]
Access: (0644/-rw-r--r--)  Uid: (  109/ unbound)   Gid: (  114/ unbound)

@deHakkelaar Thanks.
Saw that earlier. Tried without success.
Changed path to /usr/sbin/unbound-control to match the correct path and weekly to daily.
Permissions and ownership are OK.

sudo service unbound restart
Change from weekly to daily shouldn't make the difference for success.
Tomorrow I will post if the logs are rotated.

Did you reload or maybe even restart logrotate after making the changes ?

sudo service logrotate reload

sudo service logrotate restart

Only restart
Also changed the permissions of /var/log/unbound to 777

pi@ph5:~ $ stat /var/log/unbound/
[..]
Access: (0755/drwxr-xr-x)  Uid: (  109/ unbound)   Gid: (  114/ unbound)

Changed permission of directory to 755
User pihole: unbound-control: command not found
sudo unbound-control: shows options.

Thats ok.
logrotate runs as the root user so can access or run anything.
But it wont change current ownership/permissions of the logs unless if you tell it to.

Thanks for your info. Tomorrow I can post if the log is rotated.

Out of curiosity, what is being logged in the unbound log that is filling your disk? What verbosity are you using for the log option?

verbosity: 5
I know it is high but if I lower it the disk only takes longer to fill up.

@deHakkelaar If I do a manual test of logrotate (-d), it shows the log not need rotation because it already is rotated.

If you comment out that line in the pi-hole unbound configuration file, the log will go into syslog and be rotated automatically. With verbosity 0, there are no unbound entries on a daily basis. With verbosity 1, just a few.

    # If no logfile is specified, syslog is used
    # logfile: "/var/log/unbound/unbound.log"
    verbosity: 0

Hmm that link specifically says:

note that --force will rotate file(s) even if they do not meet the specified criteria such as minsize, age, etc.

Ah well ... wait

EDIT:

pi@ph5:~ $ man logrotate
[..]
       -f, --force
              Tells  logrotate to force the rotation, even if it doesn't
              think this is necessary.  Sometimes this is  useful  after
              adding  new  entries to a logrotate config file, or if old
              log files have been removed by hand, as the new files will
              be created, and logging will continue correctly.

Tried --force:

[1602008337] unbound-control[6703:0] warning: control-enable is 'no' in the config file.
[1602008337] unbound-control[6703:0] error: connect: Connection refused for 127.0.0.1 port 8953
error: error running shared postrotate script for '/var/log/unbound/unbound.log '

Only have to find out now how to solve this.

pi@ph5:~ $ man unbound.conf
[..]
       control-enable: <yes or no>
            The option is used to  enable  remote  control,  default  is
            "no".  If turned off, the server does not listen for control
            commands.

Found the same online.
control-enable: yes in /etc/unbound/unbound.conf.d/pi-hole.conf:
sudo service unbound restart
sudo systemctl status unbound.service

Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 06 20:36:34 PIHOLE systemd[1]: Failed to start Unbound DNS server.
Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Oct 06 20:36:34 PIHOLE systemd[1]: Stopped Unbound DNS server.
Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Start request repeated too quickly.
Oct 06 20:36:34 PIHOLE systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 06 20:36:34 PIHOLE systemd[1]: Failed to start Unbound DNS server.

The log IS rotated...?????

pi@ph5:~ $ sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
remote-control:
    control-enable: yes

server:
    # If no logfile is specified, syslog is used
#    logfile: "/var/log/unbound/unbound.log"
#    logfile: "/var/log/unbound/unbound.log"
    verbosity: 0
[..]

pi@ph5:~ $ sudo service unbound restart
pi@ph5:~ $

pi@ph5:~ $ sudo netstat -nltup | grep 'Proto\|:8953 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      7858/unbound

pi@ph5:~ $ sudo /usr/sbin/unbound-control log_reopen
ok

@deHakkelaar I didn't had remote-control: line. Had it under server:
I think it's OK now.
Thanks again.