I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs ). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below?
I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this.
----- Forwarded Message -----
I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs ). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
I don't think stunnel does host name lookup from ip. But you can try messing with your windows hosts file.
On Friday, July 26, 2013, mkanet@yahoo.com wrote:
I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below?
I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this.
----- Forwarded Message -----
I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs [image: *:) happy]). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
On 26 Jul 2013 at 11:16, mkanet@yahoo.com wrote:
Date sent: Fri, 26 Jul 2013 11:16:22 -0700 (PDT) From: "mkanet@yahoo.com" mkanet@yahoo.com To: "stunnel-users@stunnel.org" stunnel-users@stunnel.org Subject: [stunnel-users] Fw: Reverse DNS lookup in stunnel log possible? Send reply to: "mkanet@yahoo.com" mkanet@yahoo.com patches" <stunnel-users.stunnel.org> mailto:stunnel-users-request@stunnel.org?subject=unsubscribe mailto:stunnel-users-request@stunnel.org?subject=subscribe
I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below?
I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this.
----- Forwarded Message -----
I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs *:) happy). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log
script stlog.chk ================== grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
stout
echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done
The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net. 173.194.74.109 qe-in-f109.1e100.net. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net. 74.125.25.109 pa-in-f109.1e100.net.
Probable would want to add some code to filter out private address.
Final step would be to scan original log and add the name on each of the lines with an ip. +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 15540600.945971 | EINSTEIN 12495097.479852 ROSETTA 8051875.704643 | ABC 16197684.012277
Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option.
-----------------
Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log script stlog.chk ================== grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
stout
echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net. 173.194.74.109 qe-in-f109.1e100.net. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net. 74.125.25.109 pa-in-f109.1e100.net. Probable would want to add some code to filter out private address. Final step would be to scan original log and add the name on each of the lines with an ip. +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+ http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489) BOINC@HOME CREDITS SETI 15540600.945971 | EINSTEIN 12495097.479852 ROSETTA 8051875.704643 | ABC 16197684.012277 ----- Forwarded Message ----- From: "mkanet@yahoo.com" mkanet@yahoo.com To: "stunnel-users@stunnel.org" stunnel-users@stunnel.org Sent: Friday, July 26, 2013 11:16 AM Subject: Fw: Reverse DNS lookup in stunnel log possible?
I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below?
I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this.
----- Forwarded Message -----
I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs ). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
On 26 Jul 2013 at 14:47, mkanet@yahoo.com wrote:
Date sent: Fri, 26 Jul 2013 14:47:18 -0700 (PDT) From: "mkanet@yahoo.com" mkanet@yahoo.com To: "stunnel-users@stunnel.org" stunnel-users@stunnel.org Subject: Re: [stunnel-users] Reverse DNS lookup in stunnel log possible? Send reply to: "mkanet@yahoo.com" mkanet@yahoo.com patches" <stunnel-users.stunnel.org> mailto:stunnel-users-request@stunnel.org?subject=unsubscribe mailto:stunnel-users-request@stunnel.org?subject=subscribe
Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option.
You could also just copy the stunnel.log file to a linux system to do the processing, or perhaps use windows unix/linux commands.
Modified version that now will actually add the name to each line Added filtering out 127.0.0 and 192.168 changes and now creates the file stunnelx.org that will have all the additions. Does end up with the :port afterwards, but that is minor.
First line does wrap. ============ grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq | grep -v 127.0.0 | grep -v 192.168. >stout
echo -n "" >stout2 echo -n "" >stout2x for a in `cat stout` ; do echo -n $a " ">>stout2; echo -n "s/"$a"/"$a" " >>stout2x; host $a | awk '{print $5}' >>stout2; host $a | awk '{print $5"/g"}' >>stout2x; done sed -f stout2x /var/log/stunnel.log >stunnelx.log =======
+----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 15540600.945971 | EINSTEIN 12495097.479852 ROSETTA 8051875.704643 | ABC 16197684.012277
What would be the benefit? It would slow stunnel down. On Jul 26, 2013 5:47 PM, "mkanet@yahoo.com" mkanet@yahoo.com wrote:
Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option.
Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log
script stlog.chk
grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
stout
echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done
The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net. 173.194.74.109 qe-in-f109.1e100.net. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net. 74.125.25.109 pa-in-f109.1e100.net.
Probable would want to add some code to filter out private address.
Final step would be to scan original log and add the name on each of the lines with an ip. +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mikes@kuentos.guam.net
mailto:msetzerii@gmail.com msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 15540600.945971 | EINSTEIN 12495097.479852 ROSETTA 8051875.704643 | ABC 16197684.012277
----- Forwarded Message ----- *From:* "mkanet@yahoo.com" mkanet@yahoo.com *To:* "stunnel-users@stunnel.org" stunnel-users@stunnel.org *Sent:* Friday, July 26, 2013 11:16 AM *Subject:* Fw: Reverse DNS lookup in stunnel log possible?
I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below?
I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this.
----- Forwarded Message -----
I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log.
Below, is a small example of what my stunnel log looks like (no, those arent the real IPs [image: *:) happy]). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP.
I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup.
2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
The benefit would be the added convenience of seeing meaningful DNS names instead of numeric IPs for those that prefer this. The added load on stunnel would be trivial for reverse dns lookups on separate process threads.
----------------- What would be the benefit? It would slow stunnel down. On Jul 26, 2013 5:47 PM, "mkanet@yahoo.com" mkanet@yahoo.com wrote: Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option. ----------------- Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log script stlog.chk ================== grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
stout
echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net. 173.194.74.109 qe-in-f109.1e100.net. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net. 74.125.25.109 pa-in-f109.1e100.net. Probable would want to add some code to filter out private address. Final step would be to scan original log and add the name on each of the lines with an ip. +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+ http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489) BOINC@HOME CREDITS SETI 15540600.945971 | EINSTEIN 12495097.479852 ROSETTA 8051875.704643 | ABC 16197684.012277 ----- Forwarded Message ----- From:"mkanet@yahoo.com" mkanet@yahoo.com To: "stunnel-users@stunnel.org" stunnel-users@stunnel.org Sent: Friday, July 26, 2013 11:16 AM Subject: Fw: Reverse DNS lookup in stunnel log possible? I haven't posted on this mail list in a while. Is there anyone still out there? I hope I'm sending to the correct mail-list. Is there a better place I can ask my question below? I'm pretty sure I can't be the first person who wanted to see reverse DNS name lookup in the stunnel log. I tried looking in the settings and documentation; but, didn't see anything related to this. ----- Forwarded Message ----- I currently have stunnel strip SSL from incoming https connections; which then passes the connections to a proxy before ultimately reaching my web server. So, the only easy way to see where incoming connections are coming from are in the stunnel log. Below, is a small example of what my stunnel log looks like (no, those arent the real IPs ). The information below would be much more useful to me if it included the DNS names in addition to their numeric IP. I currently have the latest Windows version of stunnel installed. It would be great to know how to get it to resolve DNS names as well in the log file; preferably without impeding general stunnel performance. I tried several debug levels; but none them did reverse DNS lookup. Hopefully someone know how to do this on a Windows stunnel setup. 2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58773 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent to SSL, 96 byte(s) sent to socket 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5535 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected 24.12.152.129:7777 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected remote server from 24.12.152.129:58799 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5508 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5509 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted connection from 71.194.51.232:5519
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
It is slower because it would have to do a DNS lookup for every IP. Sure, it could be cached but its just informational.
On Friday, July 26, 2013, mkanet@yahoo.com wrote:
The benefit would be the added convenience of seeing meaningful DNS names instead of numeric IPs for those that prefer this. The added load on stunnel would be trivial for reverse dns lookups on separate process threads.
What would be the benefit? It would slow stunnel down. On Jul 26, 2013 5:47 PM, "mkanet@yahoo.com <javascript:_e({}, 'cvml', 'mkanet@yahoo.com');>" <mkanet@yahoo.com <javascript:_e({}, 'cvml', 'mkanet@yahoo.com');>> wrote: Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option.
Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log
script stlog.chk
grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
stout
echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done
The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net. 173.194.74.109 qe-in-f109.1e100.net. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net. 74.125.25.109 pa-in-f109.1e100.net.
Probable would want to add some code to filter out private address.
Final step would be to scan original log and add the name on
stunnel-users mailing list stunnel-users@stunnel.org <javascript:_e({}, 'cvml', 'stunnel-users@stunnel.org');> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Hello, Not particularly demanding on that matter, but if it is slower, could that be an option in the conf file : LogReverseDNS=yes/no ?
Anyway, even in that case, there will be an extra charge to stunnel...
Regards Pierre
Le 27/07/2013 02:28, Brian Wilkins a écrit :
It is slower because it would have to do a DNS lookup for every IP. Sure, it could be cached but its just informational.
On Friday, July 26, 2013, mkanet@yahoo.com mailto:mkanet@yahoo.com wrote:
The benefit would be the added convenience of seeing meaningful DNS names instead of numeric IPs for those that prefer this. The added load on stunnel would be trivial for reverse dns lookups on separate process threads. ----------------- What would be the benefit? It would slow stunnel down. On Jul 26, 2013 5:47 PM, "mkanet@yahoo.com <javascript:_e({}, 'cvml', 'mkanet@yahoo.com');>" <mkanet@yahoo.com <javascript:_e({}, 'cvml', 'mkanet@yahoo.com');>> wrote: Thanks, I guess I could do the equivalent with a batch file; but, was really hoping for buitin support for this in stunnel. It would be nice to see in the upcoming 5.00 release as an option. ----------------- Don't know on windows, but did a little test with a script to get the hostnames. First did a test using you records, and then used my current stunnel.log script stlog.chk ================== grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq >stout echo "" >stout2 for a in `cat stout` ; do echo -n $a " ">>stout2; host $a | awk '{print $5}' >>stout2; done The results of stout2 are 127.0.0.1 localhost. 173.194.74.108 qe-in-f108.1e100.net <http://qe-in-f108.1e100.net/>. 173.194.74.109 qe-in-f109.1e100.net <http://qe-in-f109.1e100.net/>. 192.168.128.201 3(NXDOMAIN) 74.125.25.108 pa-in-f108.1e100.net <http://pa-in-f108.1e100.net/>. 74.125.25.109 pa-in-f109.1e100.net <http://pa-in-f109.1e100.net/>. Probable would want to add some code to filter out private address. Final step would be to scan original log and add the name on _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org <javascript:_e({}, 'cvml', 'stunnel-users@stunnel.org');> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users