[sslh] Request for comments: Connection logging configuration
Jason Cooper
sslh at lakedaemon.net
Fri Dec 11 13:01:25 UTC 2015
Hi Yves,
On Fri, Dec 11, 2015 at 10:57:19AM +0000, Yves Rutschle wrote:
....
> So I'm thinking of adding a log level per protocol in
> configuration file, something like:
>
> protocols:
> (
> { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; log_level: "2"},
> { name: "openvpn"; host: "localhost"; port: "1194"; },
> { name: "http"; host: "localhost"; port: "80"; log_level: "0" },
> { name: "ssl"; host: "localhost"; port: "443"; log_level: "0"},
> { name: "anyprot"; host: "localhost"; port: "443"; }
> );
>
>
> log_level "0" disables all logging for that protocol. It
> defaults to "1", which corresponds to the current logging of
> incoming connections:
This sounds sane, but ...
>
> connection from example.com:46018 to example.net:https forwarded from server:40258 to 192.168.1.10:https
>
> Higher log level won't be used, but I'm thinking I may as
> well put an integer instead of a boolean, to later add more
> logs (probe that worked? disconnections? ... whatever).
>
> Am I missing something obvious that would make this better?
I think syslog (or systemd equivalent) is a better place for this
filtering. Is there any information you could add to the current log
messages that would make it easier for syslog to filter? iow, prepend
the message with 'ssh_rule', 'https_rule', or 'openvpn_rule'?
I'm not opposed to the recommended change, but I also don't see the
point in adding complexity when it's re-inventing the wheel.
thx,
Jason.
More information about the sslh
mailing list