search

FiloSottile / litetlog

A collection of liteweight transparency logging tools, compatible with the Sigsum and Omniwitness ecosystems.
ISC License
9 stars 3 forks source link

litebastion: Is too noisy by default (system logs are spammed) #15

Open rgdd opened 1 month ago

rgdd commented 1 month ago

Here's an example of a typical journal (not 100% sure what causes the below):

Oct 25 12:40:13 bastion-01 litebastion[1455463]: 2024/10/25 12:40:13 http: proxy error: backend unavailable
Oct 25 12:40:13 bastion-01 litebastion[1455463]: 2024/10/25 12:40:13 http: proxy error: backend unavailable
Oct 25 12:40:23 bastion-01 litebastion[1455463]: 2024/10/25 12:40:23 http: proxy error: backend unavailable
Oct 25 12:40:23 bastion-01 litebastion[1455463]: 2024/10/25 12:40:23 http: proxy error: backend unavailable
Oct 25 12:40:33 bastion-01 litebastion[1455463]: 2024/10/25 12:40:33 http: proxy error: backend unavailable
Oct 25 12:40:33 bastion-01 litebastion[1455463]: 2024/10/25 12:40:33 http: proxy error: backend unavailable
Oct 25 12:40:43 bastion-01 litebastion[1455463]: 2024/10/25 12:40:43 http: proxy error: backend unavailable
Oct 25 12:40:43 bastion-01 litebastion[1455463]: 2024/10/25 12:40:43 http: proxy error: backend unavailable
Oct 25 12:40:53 bastion-01 litebastion[1455463]: 2024/10/25 12:40:53 http: proxy error: backend unavailable
Oct 25 12:40:53 bastion-01 litebastion[1455463]: 2024/10/25 12:40:53 http: proxy error: backend unavailable
[snip]

And here's another common one (from someone who knows this is a bastion but it isn't configured):

Oct 07 12:44:49 bastion-01 litebastion[473]: 2024/10/07 12:44:49 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:44:51 bastion-01 litebastion[473]: 2024/10/07 12:44:51 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:44:51 bastion-01 litebastion[473]: 2024/10/07 12:44:51 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:44:54 bastion-01 litebastion[473]: 2024/10/07 12:44:54 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:44:57 bastion-01 litebastion[473]: 2024/10/07 12:44:57 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:44:59 bastion-01 litebastion[473]: 2024/10/07 12:44:59 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:45:01 bastion-01 litebastion[473]: 2024/10/07 12:45:01 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:45:04 bastion-01 litebastion[473]: 2024/10/07 12:45:04 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:45:07 bastion-01 litebastion[473]: 2024/10/07 12:45:07 http: TLS handshake error from ***: unrecognized backend ***
Oct 07 12:45:10 bastion-01 litebastion[473]: 2024/10/07 12:45:10 http: TLS handshake error from ***: unrecognized backend ***
[snip]

And here's another one we see often (likely from someone poking at the server who have no idea what it is):

Oct 25 12:34:49 bastion-01 litebastion[1455463]: 2024/10/25 12:34:49 http: TLS handshake error from ***: acme/autocert: missing server name
Oct 25 12:34:49 bastion-01 litebastion[1455463]: 2024/10/25 12:34:49 http: TLS handshake error from ***: acme/autocert: missing server name
[snip]

Short-term it would be nice to have an option to not get spammed. Long-term this is probably related to getting prom metrics that capture these kinda events in aggregation (#5).