[stunnel-users] Reverse DNS lookup in stunnel log possible?

Sat Jul 27 00:47:01 CEST 2013

What would be the benefit? It would slow stunnel down.
On Jul 26, 2013 5:47 PM, "mkanet at yahoo.com" <mkanet at yahoo.com> wrote:

> Thanks, I guess I could do the equivalent with a batch file; but, was
> really hoping for buitin support for this in stunnel.  It would be nice to
> see in the upcoming 5.00 release as an option.
>
> -----------------
>
> Don't know on windows, but did a little test with a script to get the
> hostnames. First did a test using you records, and then used my current
> stunnel.log
>
> script stlog.chk
> ==================
> grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' /var/log/stunnel.log | sort | uniq
> >stout
>
> echo "" >stout2
> for a in `cat stout` ; do
>   echo -n $a " ">>stout2;
>   host $a | awk '{print $5}' >>stout2;
> done
>
>
> The results of stout2 are
> 127.0.0.1  localhost.
> 173.194.74.108  qe-in-f108.1e100.net.
> 173.194.74.109  qe-in-f109.1e100.net.
> 192.168.128.201  3(NXDOMAIN)
> 74.125.25.108  pa-in-f108.1e100.net.
> 74.125.25.109  pa-in-f109.1e100.net.
>
> Probable would want to add some code to filter out private address.
>
>
> Final step would be to scan original log and add the name on
> each of the lines with an ip.
> +----------------------------------------------------------+
>   Michael D. Setzer II -  Computer Science Instructor
>   Guam Community College  Computer Center
>   mailto:mikes at kuentos.guam.net <mikes at kuentos.guam.net>
>
>   mailto:msetzerii at gmail.com <msetzerii at gmail.com>
>   http://www.guam.net/home/mikes
>   Guam - Where America's Day Begins
>   G4L Disk Imaging Project maintainer
>   http://sourceforge.net/projects/g4l/
> +----------------------------------------------------------+
>
> http://setiathome.berkeley.edu (Original)
> Number of Seti Units Returned:  19,471
> Processing time:  32 years, 290 days, 12 hours, 58 minutes
> (Total Hours: 287,489)
>
> BOINC at HOME CREDITS
> SETI        15540600.945971   |   EINSTEIN    12495097.479852
> ROSETTA      8051875.704643   |   ABC         16197684.012277
>
>   ----- Forwarded Message -----
>  *From:* "mkanet at yahoo.com" <mkanet at yahoo.com>
> *To:* "stunnel-users at stunnel.org" <stunnel-users at stunnel.org>
> *Sent:* Friday, July 26, 2013 11:16 AM
> *Subject:* Fw: Reverse DNS lookup in stunnel log possible?
>
> I haven't posted on this mail list in a while.  Is there anyone still out
> there?  I hope I'm sending to the correct mail-list.  Is there a better
> place I can ask my question below?
>
> I'm pretty sure I can't be the first person who wanted to see reverse DNS
> name lookup in the stunnel log.  I tried looking in the settings and
> documentation; but, didn't see anything related to this.
>
>   ----- Forwarded Message -----
>
> I currently have stunnel strip SSL from incoming https connections; which
> then passes the connections to a proxy before ultimately reaching my web
> server.  So, the only easy way to see where incoming connections are coming
> from are in the stunnel log.
>
> Below, is a small example of what my stunnel log looks like (no, those
> arent the real IPs [image: *:) happy]).  The information below would be
> much more useful to me if it included the DNS names in addition to their
> numeric IP.
>
> I currently have the latest Windows version of stunnel installed.  It
> would be great to know how to get it to resolve DNS names as well in the
> log file; preferably without impeding general stunnel performance.  I tried
> several debug levels; but none them did reverse DNS lookup.  Hopefully
> someone know how to do this on a Windows stunnel setup.
>
> 2013.07.23 10:16:00 LOG5[10152:15136]: Service [stunnel-sslh] connected
> remote server from 24.12.152.129:58773
> 2013.07.23 10:16:00 LOG3[10152:15136]: SSL_read: Connection reset by peer
> (WSAECONNRESET) (10054)
> 2013.07.23 10:16:00 LOG5[10152:15136]: Connection reset: 272 byte(s) sent
> to SSL, 96 byte(s) sent to socket
> 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] accepted
> connection from 71.194.51.232:5535
> 2013.07.23 10:17:53 LOG5[10152:4000]: connect_blocking: connected
> 24.12.152.129:7777
> 2013.07.23 10:17:53 LOG5[10152:4000]: Service [stunnel-sslh] connected
> remote server from 24.12.152.129:58799
> 2013.07.23 10:17:53 LOG5[10152:13212]: Service [stunnel-sslh] accepted
> connection from 71.194.51.232:5508
> 2013.07.23 10:17:53 LOG5[10152:3348]: Service [stunnel-sslh] accepted
> connection from 71.194.51.232:5509
> 2013.07.23 10:17:53 LOG5[10152:2884]: Service [stunnel-sslh] accepted
> connection from 71.194.51.232:5519
>
>
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130726/7d165054/attachment.html>