Re: Getting logs in systemd environment - stunnel-users

13 Dec 2023


      Carter,
On 12/13/23 14:53, cbrowne wrote:
...
Have you tried doing "find / -name stunnel.log -print" as root.  I have 
found that the log file can be in a number of different locations 
depending on the system.
There are no files named stunnel.log on my system.
I do not have a specific setting for "output". I was expecting syslog to 
be used for that purpose without a specific setting. syslog=yes appears 
to be the default given the man page for stunnel.
But your comment got me more interested in exactly what was happening, 
so I tried /not/ limiting journalctl --follow to a specific service and 
I can see all kinds of things coming from stunnel:
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Found 1 ready 
file descriptor(s)
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=4 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=11 
events=0x2001 revents=0x1
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=12 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=13 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=14 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Service 
[ORU-outbound] accepted (FD=3) from ::ffff:20.204.213.204:55455
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Service 
[ORU-outbound] started
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Setting local 
socket options (FD=3)
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Option 
TCP_NODELAY set on local socket
Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174806]: Service 
[ORU-outbound] accepted connection from ::ffff:20.204.213.204:55455
Dec 13 20:31:00 example.com stunnel[300695]: LOG6[174806]: Peer 
certificate required
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): before SSL initialization
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): before SSL initialization
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Initializing 
application specific data for session authenticated
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: SNI: no 
virtual services defined
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS read client hello
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS write server hello
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS write certificate
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS write key exchange
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS write certificate request
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS state 
(accept): SSLv3/TLS write server done
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Found 1 ready 
file descriptor(s)
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=4 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=11 
events=0x2001 revents=0x1
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=12 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=13 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: FD=14 
events=0x2001 revents=0x0
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[main]: Service 
[ORU-outbound] accepted (FD=15) from ::ffff:client.ip:44905
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Service 
[ORU-outbound] started
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Setting local 
socket options (FD=15)
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Option 
TCP_NODELAY set on local socket
Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174807]: Service 
[ORU-outbound] accepted connection from ::ffff:client.ip:44905
Dec 13 20:31:00 example.com stunnel[300695]: LOG6[174807]: Peer 
certificate required
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): before SSL initialization
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): before SSL initialization
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: Initializing 
application specific data for session authenticated
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: SNI: no 
virtual services defined
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS read client hello
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS write server hello
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS write certificate
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS write key exchange
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS write certificate request
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174807]: TLS state 
(accept): SSLv3/TLS write server done
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: TLS alert 
(read): fatal: certificate unknown
Dec 13 20:31:00 example.com stunnel[300695]: LOG7[174806]: Remove 
session callback
Dec 13 20:31:00 example.com stunnel[300695]: LOG3[174806]: SSL_accept: 
ssl/record/rec_layer_s3.c:1605: error:0A000416:SSL routines::sslv3 alert 
certificate unknown
Dec 13 20:31:00 example.com stunnel[300695]: LOG5[174806]: Connection 
reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
So this probably just comes down to either systemd/journalctl or me 
being stupid.
Instead of asking for the journal/log for the "unit" stunnel (i.e. 
journalctl -u stunnel), you need instead to ask for the "systelog 
identifier" called stunnel like this:
$ journalctl -t stunnel
If you use --follow you get tail -f behavior, which is nice to see 
what's happening in real-time.
-chris
...
On 12/13/2023 2:39 PM, Christopher Schultz wrote:
...
other systems (e.g. /var/log/seure, /var/log/auth, etc.). It appears 
the case that I should be able to view the journals using this command:
sudo journalctl --follow -u stunnel.service
But nothing is ever printed there.