Merging logs under SSL request

From: Nathan Butcher <>
Date: Mon, 27 Nov 2006 17:59:38 +0900

I'm trying to get penlogd to match client IP addresses with weblogs, but
I've reached the end of my rope.

Since pen is unable to insert X-Forwarded-For headers into encrypted SSL
that goes over it, and penlogd cannot match the encrypted content pen
sees and sends, with the unencrypted content the webserver sends,
getting matching logs for SSL seems impossible.

I was thinking that if pen was able to decrypt it's requests on the fly,
send the decrypted request headers to penlogd (where they can match),
and send the SSL traffic unmolested to the waiting HTTPS webserver,
penlogd would be able to merge logs coming from SSL connections.
Would it be possible to get pen to do this at all?

I couldn't get the experimental SSL encapsulation to work at all (seems
broken), but I don't need pen to do all the SSL encapsulation anyway
(much better if the HTTPS webservers on each of my servers take the
resource hit for this). All I need pen to do is translate the request
headers for penlogd so the weblogs have something to match with.

Is there a way to do this? or am I only dreaming?
Received on Mon Nov 27 2006 - 10:04:06 CET

This archive was generated by hypermail 2.2.0 : Mon Nov 27 2006 - 10:04:09 CET