Re: Pen and logging

From: Ulric Eriksson <ulric_at_siag.nu>
Date: Wed, 13 Apr 2005 03:13:08 +0200 (CEST)

On Tue, 12 Apr 2005, Victor Aker wrote:

> We have just implemented freebsd+pen-0.15 for our web server farm, and are
> using IIS (sigh) as our web servers. Right now, my biggest hurdle is
> logging. I'm happy with the level of logging that pen is providing. For
> example:
>
> x.x.x.x 2147192462 y.y.y.y GET / HTTP/1.1
> x.x.x.x 2147192462 y.y.y.y GET /panda.jpg HTTP/1.1
>
> Its simple, but it gives me a source IP, timestamp, destination web server,
> and the file/directory requested. The problem is that most of our
> applications use ssl, and when we hit a secure site, the logs look like
> this:

[garble]

> Do I have to compile ssl into pen in order to make the logs readable, or are
> there other command line switches which I could throw?

There is no good solution for logging with ssl. The ssl support in pen
is not meant for public consumption (i.e. don't use it on production
systems).

You can let the web servers do the logging themselves, which won't
give you the source IP, or you can place an ssl accelerator in front
of the load balancer.

Ulric
Received on Wed Apr 13 2005 - 03:13:10 CEST

This archive was generated by hypermail 2.2.0 : Wed Apr 13 2005 - 03:13:10 CEST