Hi,
I'm new to stunnel and it isn't clear to me how the log rolling feature works.
I built stunnel 5.49 with gcc 4.2.0 on Solaris 10. I'm running it on Solaris 11.3 SPARC. Using openssl 1.0.2p
The config file has disabled syslog and is logging to stunnel.log.
Command line is: stunnel stunnel.conf where stunnel.conf contains the following: syslog = no output = stunnel.log debug = 7
[service-exterior] client = no options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 options = -NO_TLSv1.2 cert = /path/to/stunnel.pem curve = zzz accept = testhost:32100 connect = 127.0.0.1:32200
[service-interior] client = yes options = NO_SSLv2 options = NO_SSLv3 accept = 127.0.0.1:32200 connect = 127.0.0.1:32100 sslVersion = TLSv1 ciphers = zzz TIMEOUTconnect = 60
The log rollowing steps I tried that don't work are: mv stunnel.log stunnel.log.1 kill -USR1 <stunnelpid>
The log message "LOG7[main]: Processing SIGNAL_REOPEN_LOG" shows up in stunnel.log.1. However, new client connections to host:32100 do not trigger creation of a new stunnel.log file. In fact, logging stops to stunnel.log.1 as soon as the USR1 is processed. The new client connections work as before, but there isn't any logging.
I restarted stunnel and tried the test again with these steps: mv stunnel.log stunnel.log.1 touch stunnel.log kill -USR1 <stunnelpid> That also doesn't work.
Please let me know the correct sequence of steps to roll the stunnel.log
Thank you, -- Tom
Tom,
Kill the stunnel process. Then mv the log. This will allow stunnel to right to a new log file.
Best regards,
Dan
Daniel Trickett Head of Database Services | MBS Business Technology BX-TCS-O Oracle ERP Business Services of Merck KGaA, Darmstadt, Germany
Planned Absence –
MilliporeSigma A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA office 781-533-3017 |cell 978-761-3506 |email daniel.trickett@emdmillipore.commailto:daniel.trickett@emdmillipore.com
From: stunnel-users stunnel-users-bounces@stunnel.org On Behalf Of Tom Hood Sent: Tuesday, September 11, 2018 5:02 PM To: stunnel-users@stunnel.org Subject: [stunnel-users] stunnel log rolling
Hi,
I'm new to stunnel and it isn't clear to me how the log rolling feature works.
I built stunnel 5.49 with gcc 4.2.0 on Solaris 10. I'm running it on Solaris 11.3 SPARC. Using openssl 1.0.2p
The config file has disabled syslog and is logging to stunnel.log.
Command line is: stunnel stunnel.conf where stunnel.conf contains the following: syslog = no output = stunnel.log debug = 7
[service-exterior] client = no options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 options = -NO_TLSv1.2 cert = /path/to/stunnel.pem curve = zzz accept = testhost:32100 connect = 127.0.0.1:32200http://127.0.0.1:32200
[service-interior] client = yes options = NO_SSLv2 options = NO_SSLv3 accept = 127.0.0.1:32200http://127.0.0.1:32200 connect = 127.0.0.1:32100http://127.0.0.1:32100 sslVersion = TLSv1 ciphers = zzz TIMEOUTconnect = 60
The log rollowing steps I tried that don't work are: mv stunnel.log stunnel.log.1 kill -USR1 <stunnelpid>
The log message "LOG7[main]: Processing SIGNAL_REOPEN_LOG" shows up in stunnel.log.1. However, new client connections to host:32100 do not trigger creation of a new stunnel.log file. In fact, logging stops to stunnel.log.1 as soon as the USR1 is processed. The new client connections work as before, but there isn't any logging.
I restarted stunnel and tried the test again with these steps: mv stunnel.log stunnel.log.1 touch stunnel.log kill -USR1 <stunnelpid> That also doesn't work.
Please let me know the correct sequence of steps to roll the stunnel.log
Thank you, -- Tom
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
Hi Daniel,
The trick is how to roll the logs without an interruption of service (i.e. without a stunnel restart). I believe stunnel claims to support this, but I think the feature might be broken in 5.49
Thanks, -- Tom
On Wed, Sep 12, 2018 at 5:43 AM Daniel Trickett < daniel.trickett@emdmillipore.com> wrote:
Tom,
Kill the stunnel process. Then mv the log. This will allow stunnel to right to a new log file.
Best regards,
Dan
Daniel Trickett
Head of Database Services | MBS Business Technology
BX-TCS-O Oracle ERP
Business Services of Merck KGaA, Darmstadt, Germany
*Planned Absence –*
*MilliporeSigma*
A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA
office 781-533-3017 |cell 978-761-3506 |email *daniel.trickett@emdmillipore.com daniel.trickett@emdmillipore.com*
*From:* stunnel-users stunnel-users-bounces@stunnel.org *On Behalf Of *Tom Hood *Sent:* Tuesday, September 11, 2018 5:02 PM *To:* stunnel-users@stunnel.org *Subject:* [stunnel-users] stunnel log rolling
Hi,
I'm new to stunnel and it isn't clear to me how the log rolling feature works.
I built stunnel 5.49 with gcc 4.2.0 on Solaris 10. I'm running it on Solaris 11.3 SPARC. Using openssl 1.0.2p
The config file has disabled syslog and is logging to stunnel.log.
Command line is: stunnel stunnel.conf
where stunnel.conf contains the following:
syslog = no
output = stunnel.log
debug = 7
[service-exterior]
client = no
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
options = -NO_TLSv1.2
cert = /path/to/stunnel.pem
curve = zzz
accept = testhost:32100
connect = 127.0.0.1:32200
[service-interior]
client = yes
options = NO_SSLv2
options = NO_SSLv3
accept = 127.0.0.1:32200
connect = 127.0.0.1:32100
sslVersion = TLSv1
ciphers = zzz
TIMEOUTconnect = 60
The log rollowing steps I tried that don't work are:
mv stunnel.log stunnel.log.1
kill -USR1 <stunnelpid>
The log message "LOG7[main]: Processing SIGNAL_REOPEN_LOG" shows up in stunnel.log.1. However, new client connections to host:32100 do not trigger creation of a new stunnel.log file. In fact, logging stops to stunnel.log.1 as soon as the USR1 is processed. The new client connections work as before, but there isn't any logging.
I restarted stunnel and tried the test again with these steps:
mv stunnel.log stunnel.log.1
touch stunnel.log
kill -USR1 <stunnelpid>
That also doesn't work.
Please let me know the correct sequence of steps to roll the stunnel.log
Thank you,
-- Tom
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
Hi Tom,
Is what you refer to? I think the open and re-open only happen when the service is stopped and restarted. It hasn’t rolled over like Apache in my short experience.
log = append | overwrite log file handling This option allows you to choose whether the log file (specified with the output option) is appended or overwritten when opened or re-opened. default: append
Best regards,
Dan
Daniel Trickett Head of Database Services | MBS Business Technology BX-TCS-O Oracle ERP Business Services of Merck KGaA, Darmstadt, Germany
Planned Absence –
MilliporeSigma A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA office 781-533-3017 |cell 978-761-3506 |email daniel.trickett@emdmillipore.commailto:daniel.trickett@emdmillipore.com
From: Tom Hood tom.w.hood@gmail.com Sent: Wednesday, September 12, 2018 1:10 PM To: Daniel Trickett daniel.trickett@emdmillipore.com Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] stunnel log rolling
Hi Daniel,
The trick is how to roll the logs without an interruption of service (i.e. without a stunnel restart). I believe stunnel claims to support this, but I think the feature might be broken in 5.49
Thanks, -- Tom
On Wed, Sep 12, 2018 at 5:43 AM Daniel Trickett <daniel.trickett@emdmillipore.commailto:daniel.trickett@emdmillipore.com> wrote: Tom,
Kill the stunnel process. Then mv the log. This will allow stunnel to right to a new log file.
Best regards,
Dan
Daniel Trickett Head of Database Services | MBS Business Technology BX-TCS-O Oracle ERP Business Services of Merck KGaA, Darmstadt, Germany
Planned Absence –
MilliporeSigma A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA office 781-533-3017 |cell 978-761-3506 |email daniel.trickett@emdmillipore.commailto:daniel.trickett@emdmillipore.com
From: stunnel-users <stunnel-users-bounces@stunnel.orgmailto:stunnel-users-bounces@stunnel.org> On Behalf Of Tom Hood Sent: Tuesday, September 11, 2018 5:02 PM To: stunnel-users@stunnel.orgmailto:stunnel-users@stunnel.org Subject: [stunnel-users] stunnel log rolling
Hi,
I'm new to stunnel and it isn't clear to me how the log rolling feature works.
I built stunnel 5.49 with gcc 4.2.0 on Solaris 10. I'm running it on Solaris 11.3 SPARC. Using openssl 1.0.2p
The config file has disabled syslog and is logging to stunnel.log.
Command line is: stunnel stunnel.conf where stunnel.conf contains the following: syslog = no output = stunnel.log debug = 7
[service-exterior] client = no options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 options = -NO_TLSv1.2 cert = /path/to/stunnel.pem curve = zzz accept = testhost:32100 connect = 127.0.0.1:32200http://127.0.0.1:32200
[service-interior] client = yes options = NO_SSLv2 options = NO_SSLv3 accept = 127.0.0.1:32200http://127.0.0.1:32200 connect = 127.0.0.1:32100http://127.0.0.1:32100 sslVersion = TLSv1 ciphers = zzz TIMEOUTconnect = 60
The log rollowing steps I tried that don't work are: mv stunnel.log stunnel.log.1 kill -USR1 <stunnelpid>
The log message "LOG7[main]: Processing SIGNAL_REOPEN_LOG" shows up in stunnel.log.1. However, new client connections to host:32100 do not trigger creation of a new stunnel.log file. In fact, logging stops to stunnel.log.1 as soon as the USR1 is processed. The new client connections work as before, but there isn't any logging.
I restarted stunnel and tried the test again with these steps: mv stunnel.log stunnel.log.1 touch stunnel.log kill -USR1 <stunnelpid> That also doesn't work.
Please let me know the correct sequence of steps to roll the stunnel.log
Thank you, -- Tom
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
Hi Dan,
I was referring to this text in the stunnel man page https://www.stunnel.org/static/stunnel.html:
SIGUSR1
Close and reopen the *stunnel* log file. This function can be used for log rotation.
-- Tom
On Wed, Sep 12, 2018 at 11:15 AM Daniel Trickett < daniel.trickett@emdmillipore.com> wrote:
Hi Tom,
Is what you refer to? I think the open and re-open only happen when the service is stopped and restarted. It hasn’t rolled over like Apache in my short experience.
*log* = append | overwrite
log file handling
This option allows you to choose whether the log file (specified with the *output* option) is appended or overwritten when opened or re-opened.
default: append
Best regards,
Dan
Daniel Trickett
Head of Database Services | MBS Business Technology
BX-TCS-O Oracle ERP
Business Services of Merck KGaA, Darmstadt, Germany
*Planned Absence –*
*MilliporeSigma*
A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA
office 781-533-3017 |cell 978-761-3506 |email *daniel.trickett@emdmillipore.com daniel.trickett@emdmillipore.com*
*From:* Tom Hood tom.w.hood@gmail.com *Sent:* Wednesday, September 12, 2018 1:10 PM *To:* Daniel Trickett daniel.trickett@emdmillipore.com *Cc:* stunnel-users@stunnel.org *Subject:* Re: [stunnel-users] stunnel log rolling
Hi Daniel,
The trick is how to roll the logs without an interruption of service (i.e. without a stunnel restart). I believe stunnel claims to support this, but I think the feature might be broken in 5.49
Thanks,
-- Tom
On Wed, Sep 12, 2018 at 5:43 AM Daniel Trickett < daniel.trickett@emdmillipore.com> wrote:
Tom,
Kill the stunnel process. Then mv the log. This will allow stunnel to right to a new log file.
Best regards,
Dan
Daniel Trickett
Head of Database Services | MBS Business Technology
BX-TCS-O Oracle ERP
Business Services of Merck KGaA, Darmstadt, Germany
*Planned Absence –*
*MilliporeSigma*
A business of Merck KGaA, Darmstadt, Germany
EMD Millipore Corporation | 80 Ashby Road | Bedford, MA 01730 | USA
office 781-533-3017 |cell 978-761-3506 |email *daniel.trickett@emdmillipore.com daniel.trickett@emdmillipore.com*
*From:* stunnel-users stunnel-users-bounces@stunnel.org *On Behalf Of *Tom Hood *Sent:* Tuesday, September 11, 2018 5:02 PM *To:* stunnel-users@stunnel.org *Subject:* [stunnel-users] stunnel log rolling
Hi,
I'm new to stunnel and it isn't clear to me how the log rolling feature works.
I built stunnel 5.49 with gcc 4.2.0 on Solaris 10. I'm running it on Solaris 11.3 SPARC. Using openssl 1.0.2p
The config file has disabled syslog and is logging to stunnel.log.
Command line is: stunnel stunnel.conf
where stunnel.conf contains the following:
syslog = no
output = stunnel.log
debug = 7
[service-exterior]
client = no
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
options = -NO_TLSv1.2
cert = /path/to/stunnel.pem
curve = zzz
accept = testhost:32100
connect = 127.0.0.1:32200
[service-interior]
client = yes
options = NO_SSLv2
options = NO_SSLv3
accept = 127.0.0.1:32200
connect = 127.0.0.1:32100
sslVersion = TLSv1
ciphers = zzz
TIMEOUTconnect = 60
The log rollowing steps I tried that don't work are:
mv stunnel.log stunnel.log.1
kill -USR1 <stunnelpid>
The log message "LOG7[main]: Processing SIGNAL_REOPEN_LOG" shows up in stunnel.log.1. However, new client connections to host:32100 do not trigger creation of a new stunnel.log file. In fact, logging stops to stunnel.log.1 as soon as the USR1 is processed. The new client connections work as before, but there isn't any logging.
I restarted stunnel and tried the test again with these steps:
mv stunnel.log stunnel.log.1
touch stunnel.log
kill -USR1 <stunnelpid>
That also doesn't work.
Please let me know the correct sequence of steps to roll the stunnel.log
Thank you,
-- Tom
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.
Click http://www.emdgroup.com/emd/imprint/mail_disclaimer.html to access the German, French, Spanish and Portuguese versions of this disclaimer.
-
Daniel Trickett -
Tom Hood