viewssld
viewssld copied to clipboard
May I know how to check log file
Hello: I have install viewssld on Unbuntu 16.04 even get some problem. After fix all problem. I have change /etc/viewssld.conf like this:
PID-file path (default: /var/run/viewssld.pid)
pid = /var/run/viewssld.pid
daemonize? on/off (default: off)
daemon = on
loglevel 0-10 (default: 0)
loglevel = 10
SSL protocols to decrypt
[webserver] src = ens32 dst = ens35 ip = 192.168.1.100 port = 443 key = /home/abc/key.pem dsslport = 80 Than run command like this : viewssld -c /etc/viewssld.conf root@Utest:/var/log# viewssld -c /etc/viewssld.conf
+---------------------------------------------------+
| Common config |
+---------------------------------------------------+
| Config file: /etc/viewssld.conf |
| PID file: /var/run/viewssld.pid |
| loglevel: 10 |
| daemon: on |
+---------------------------------------------------+
+---------------------------------------------------+
| Config capture webserver |
+---------------------------------------------------+
| Keyfile: /home/abc/key.pem |
| Source Interface: ens32 |
| Destination Interface: ens35 |
| Server IP address: 192.168.100 |
| TCP Port: 443 |
| TCP DSSL Port: 80 |
+---------------------------------------------------+
root@Utest:/var/log# The key.pem is the same pem file ngix https server use and has no password. Ngix web server config file. # HTTPS server # server { listen 443; server_name localhost;
ssl on;
ssl_certificate C:/inetpub/nginx-1.14.0/conf/certificate.pem;
ssl_certificate_key C:/inetpub/nginx-1.14.0/conf/key.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
}
I also add this key.pem to wireshark and works
Web Server use
TLS_RSA_WITH_AES_256_CBC_SHA_256 and TLS 1.0
The issue now is I can see Viewssld runing: root@Utest:/var/log# ps aux | grep viewss root 1779 0.0 0.2 22160 5924 ? Ss 16:33 0:00 viewssld -c /etc/viewssld.conf I can see tcpdump -i ens32 tcp port 443 and host 192.168.1.100 But get nothing form "tcpdump -i ens35"? Is there something wrong,and I can not find log file too. Any one can help me.
Hello I find some message in syslog file: Oct 17 17:06:56 Utest viewssl daemon[1887]: => New Session: 192.168.1.100:443<->192.168.1.121:58791 Oct 17 17:06:56 Utest viewssl daemon[1887]: SSL session: 192.168.1.100:443<->192.168.1.121:58791, error code: -7: SSL Protocol error Oct 17 17:06:56 Utest viewssl daemon[1887]: <= Session closing: 192.168.1.100:443<->192.168.1.121:58791#011pkts recv: 581 pkts drop: 0
See "error code: -7: SSL Protocol error",I even dissable TLS1.0 and use SSL V3 instead. But still get error message. Any one know how to fix this?
@missyoyo do you found resolutions for this error? error code: -7: SSL Protocol error