I have apache 2.2.22 server installed on ubuntu linux.
I created a virtual host on port 443 and I want all telnet indications to that port to be listed in the access log.
so for example if I telnet to that port on port 443 and I don't write anything, it disconnects me after a few seconds and then it shows an indication in the access log.
192.168.1.140 - - [15/Jul/2013:11:40:19 +0300] "-" 408 0 "-" "-"
but if i telnet port 443 and type some garbage text and it disconnects me I see no indication in the access log that I tried to connect.
this is my access log directive in apache configuration file:
CustomLog ${APACHE_LOG_DIR}/apache-ssl-access.log combined
how can I fix it that even when I telnet to that port and type garbage I will still see an indication that someone tried to connect ?
I have reqtimeout module enabled.
thank you.
The reason for this is that the connection to port 443 is handled in two steps. The first one is the SSL negotiation. For this to work, the client needs to speak valid SSL. The second step is the actual HTTP. Only the second step is logged in the access log.
Since, when you're telnetting, you aren't doing a successful SSL negotiation, you never get to the second step.
If you want to just verify that logging works as designed, you should use
openssl s_client -connect your.server.name:443instead of telnet. This will open an SSL session to your server.If you want to log even aborted connections, you can add
to the SSL virtual host. This will become a huge log if you have a lot of SSL traffic; I've seen disks getting full within hours of setting this.
You can't do this directly in Apache. It will not log the junk into the error.log.
However, you can create a firewall rule that will produce log events into your syslog! For example, first create a new firewall chain to do the logging:
With that set up you now need to do two things: First, tell the firewall to let all packets for established connections through with no logging. Second, log everything else:
That's it!