Works fine, but I very often get error log lines like this:
2010:04:13-13:07:50 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:It is almost impossible to find out which workstation or which program on a workstation has caused this, as neither the src ip nor the destination ip of the SSL connection is logged.
2010:04:13-13:07:50 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
2010:04:13-13:07:50 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:
2010:04:13-13:07:51 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
2010:04:13-13:07:51 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:
2010:04:13-13:07:51 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
2010:04:13-13:07:51 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac2078" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:
2010:04:13-13:07:52 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ae8ef8" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
2010:04:13-13:07:52 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ae8ef8" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:
2010:04:13-13:07:53 asg httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9ac9928" function="ssl_log_errors" file="ssl.c" line="40" message="C: 5661:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
Of course somewhere later in the logs i see log lines like this:
2010:04:13-13:07:54 asg httpproxy[5661]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="172.30.2.77" dstip="" user="" statuscode="502" cached="0" profile="REF_WAHdEIHIfR (test)" filteraction=" ()" size="0" time="0 ms" request="0x99a9928" url="216.219.112.250" exceptions="" error="Unable to get peer certificate"
but as these log lines have nothing in common with the ssl error lines (not even the request ID is the same!) this is not more than a clue whether these logs are correlated to each other or not.
To be honest even in this example I am not sure whether the above written ssl errors are really bound to the access log line.
In some other tests, I got hundrets of ssl errors log lines, but not even one single access log line. (e.g. when starting a DropBox client on a PC in the LAN). That´s really a problem.
Could you add the src and dest ip in the log lines? That would be perfect.
