Re: Stop mod_ssl from writing errors to the general Apache error logfile

Re: Stop mod_ssl from writing errors to the general Apache error logfile

am 03.08.2002 08:29:51 von Randy Harmon

Sorry for picking up months later on this thread; I've just gone to the
mailing list archives and lo! there was my problem, discussed but not
resolved satisfactorily. I'll quote sparingly to bring you back up to
speed.

----- Original Message -----
From: "Owen Boyle"
Subject: Re: Stop mod_ssl from writing errors to the general Apache error
logfile

[Bert Cortin:]
[clip: "[error] mod_ssl: SSL handshake interrupted by system" is sullying my
ErrorLog against my wishes]
> > I dont what no ErrorLog at all but just no SSL errors in my ErrorLog
(even
> > inside the virtual host!). I don't see the point that if I set
SSLLogLevel
> > to none that this only means that no dedicated SSL logging is done, but
> > messages of level ``error'' are still written to the general Apache
error

> I think you're missing a crucial point - you can have SEVERAL
> error_logs... You do not need to have just one ErrorLog directive, you
> can also have an ErrorLog inside a VH and it will receive log messages
> only from that VH. Since you need a separate VH for SSL, it is easy to
> put an extra ErrorLog directive inside the SSL VH and it will trap all
> the error messages generated by requests to that VH. So your config
> would look like:
>
> ErrorLog logs/main_error_log
>
> ErrorLog logs/SSL_error_log
>
>
> Then you will get TWO error_logs... and the main_error_log will not have
> any SSL errors in it.
[clip: send the SSL VH's error log to /dev/null to not get errors from the
SSL VH]

Sorry, Owen, but it seems like you might be missing the OP's point. If his
situation is as mine (which by his examples, it clearly is), your solution
doesn't really address the problem.

My specific problem is, my load-balancing system monitors the SSL servers,
and it causes a "SSL handshake interrupted by system" message about 4 times
a minute. Since I know this isn't a problem, I don't want to see it chewing
roughly 1 kilobyte per minute of disk space - it adds up to 3.6 megs per day
of pure junk. But I *really* want to see other error messages, especially
those generated by my own modules running in this SSL vhost.

I'd most prefer to skip *just* this message, as I don't regard it as an
error in the first place... and Hopefully the System: Connection reset by
peer (errno: 104) which always follows is easily removed/suppressed at the
same time. Other mod_ssl errors, I'm happy to be made aware of. Any chance
of getting such a fix into a coming version?

Independently of that specific request, though, I feel there's a misfeature
that could be corrected. The docs clearly describe the behavior that
SSLLogLevel doesn't affect the ErrorLog, just the SSLLog. My humble opinion
is that this may be incorrect behavior, regardless of how well-documented.
The symptom is that "SSLLogLevel none" doesn't suppress error messages from
being logged. One of two fixes seems reasonable to me: Add an
SSLErrorLogLevel directive, to allow separate control over the log level for
the ErrorLog, or make the log level for the ErrorLog pay attention to the
SSLLogLevel directive.

Hopefully my input as a real user of the software is helpful to the
development team, even if I'm not able to contribute the actual patches to
implement my suggestions. Thanks both retroactively and in advance for the
great software and future refinements, respectively.

Randy


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org