我有隧道v5.44 (Ubuntu 18.04 v3:5.44-1ubuntu3) 在客户端上配置为连接到屏蔽子网中的服务器。远程主机已将 syslog 配置为通过以下方式侦听日志文件隧道联系。当然,客户端配置为通过以下方式将其日志转发到服务器隧道。
这种设置多年来一直很有效,但去年的某个时候(或者前年?天哪2020...),在操作系统升级期间(Ubuntu 16.04 和 18.04),stunnel 现在向日志文件发送垃圾邮件的情况发生了变化数百错误消息数每秒每当远程系统日志服务器重新启动或不可用时。
...
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126349]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126350]: Service [syslog_tunnel] accepted connection from 127.0.0.1:52970
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126350]: s_connect: connect 172.22.15.23:51400: Connection refused (111)
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126350]: No more addresses to connect
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126350]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126351]: Service [syslog_tunnel] accepted connection from 127.0.0.1:52974
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126351]: s_connect: connect 172.22.15.23:51400: Connection refused (111)
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126351]: No more addresses to connect
...
在我的客户端/etc/stunnel/remote_log.conf我有这个,但错误不断填满日志:
client = yes
cert = /etc/stunnel/shared/stunnel.pem
pid = /var/run/stunnel4/syslog_stunnel.pid
syslog = no
output = /var/log/stunnel4/stunnel.log
[syslog_tunnel]
accept = 127.0.0.1:5140
connect = 172.22.15.23:51400
我以为syslog = no会禁用日志记录(手册页),但事实并非如此。有人知道有效的配置或完全禁用垃圾邮件日志记录的配置吗?
答案1
根据手册页
syslog = yes | no(仅限 UNIX)enable logging via syslog
这意味着stunnel将根据服务器配置上的系统日志记录或不记录,这意味着如果设置为no无,则将从 stunnel 发送到系统日志,但是您可以更改
output = /dev/null
或者将调试级别降低到0
debug = 0