Michael,
On 12/13/23 15:43, Michael D. Setzer II wrote:
/var/log/secure
Thank you for your reply, but /var/log is basically empty (meaning very few files located there). journald has absorbed everything and files are no longer the way to get logs from systemd-based environments.
The only thing which contains non-trivial information is /var/log/journal/* which is a bunch of binary files.
My reply below shows how you can get the stunnel-related log messages. I don't believe they are available through any traditional text-based log file.
-chris
On 13 Dec 2023 at 15:37, Christopher Schultz wrote:
Date sent: Wed, 13 Dec 2023 15:37:04 -0500 To: "'stunnel-users@stunnel.org'" stunnel-users@stunnel.org From: Christopher Schultz chris@christopherschultz.net Subject: [stunnel-users] Re: Getting logs in systemd environment patches" <stunnel-users.stunnel.org>
Carter,
On 12/13/23 14:53, cbrowne wrote:
Have you tried doing "find / -name stunnel.log -print" as root. I have found that the log file can be in a number of different locations depending on the system.
There are no files named stunnel.log on my system.
I do not have a specific setting for "output". I was expecting syslog to be used for that purpose without a specific setting. syslog=yes appears to be the default given the man page for stunnel.
But your comment got me more interested in exactly what was happening, so I tried /not/ limiting journalctl --follow to a specific service and I can see all kinds of things coming from stunnel:
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Found 1 ready file descriptor(s) Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=4 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=11 events=0x2001 revents=0x1 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=12 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=13 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=14 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Service [ORU-outbound] accepted (FD=3) from ::ffff:20.204.213.204:55455 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Service [ORU-outbound] started Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Setting local socket options (FD=3) Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Option TCP_NODELAY set on local socket Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174806]: Service [ORU-outbound] accepted connection from ::ffff:20.204.213.204:55455 Dec 13 20:31:00 example.com stunnel[300695]: LOG6[174806]: Peer certificate required Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): before SSL initialization Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): before SSL initialization Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Initializing application specific data for session authenticated Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: SNI: no virtual services defined Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS read client hello Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS write server hello Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS write certificate Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS write key exchange Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS write certificate request Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state (accept): SSLv3/TLS write server done Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Found 1 ready file descriptor(s) Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=4 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=11 events=0x2001 revents=0x1 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=12 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=13 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=14 events=0x2001 revents=0x0 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Service [ORU-outbound] accepted (FD=15) from ::ffff:client.ip:44905 Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Service [ORU-outbound] started Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Setting local socket options (FD=15) Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Option TCP_NODELAY set on local socket Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174807]: Service [ORU-outbound] accepted connection from ::ffff:client.ip:44905 Dec 13 20:31:00 example.com stunnel[300695]: LOG6[174807]: Peer certificate required Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): before SSL initialization Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): before SSL initialization Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Initializing application specific data for session authenticated Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: SNI: no virtual services defined Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS read client hello Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS write server hello Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS write certificate Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS write key exchange Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS write certificate request Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state (accept): SSLv3/TLS write server done Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS alert (read): fatal: certificate unknown Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Remove session callback Dec 13 20:31:00 example.com stunnel[300695]: LOG3[174806]: SSL_accept: ssl/record/rec_layer_s3.c:1605: error:0A000416:SSL routines::sslv3 alert certificate unknown Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174806]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
So this probably just comes down to either systemd/journalctl or me being stupid.
Instead of asking for the journal/log for the "unit" stunnel (i.e. journalctl -u stunnel), you need instead to ask for the "systelog identifier" called stunnel like this:
$ journalctl -t stunnel
If you use --follow you get tail -f behavior, which is nice to see what's happening in real-time.
-chris
On 12/13/2023 2:39 PM, Christopher Schultz wrote:
other systems (e.g. /var/log/seure, /var/log/auth, etc.). It appears the case that I should be able to view the journals using this command:
sudo journalctl --follow -u stunnel.service
But nothing is ever printed there.
stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org
+------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@guam.net mailto:msetzerii@gmail.com mailto:msetzerii@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+