viewssld icon indicating copy to clipboard operation
viewssld copied to clipboard

Published 20 hours ago verified publisher icon plashchynski

May I know how to check log file

Open missyoyo opened this issue 5 years ago • 2 comments

Hello: I have install viewssld on Unbuntu 16.04 even get some problem. After fix all problem. I have change /etc/viewssld.conf like this:

PID-file path (default: /var/run/viewssld.pid)

pid = /var/run/viewssld.pid

daemonize? on/off (default: off)

daemon = on

loglevel 0-10 (default: 0)

loglevel = 10

SSL protocols to decrypt

[webserver] src = ens32 dst = ens35 ip = 192.168.1.100 port = 443 key = /home/abc/key.pem dsslport = 80 Than run command like this : viewssld -c /etc/viewssld.conf root@Utest:/var/log# viewssld -c /etc/viewssld.conf

+---------------------------------------------------+
| Common config                                     |
+---------------------------------------------------+
| Config file: /etc/viewssld.conf                   |
| PID file: /var/run/viewssld.pid                   |
| loglevel: 10                                      |
| daemon: on                                        |
+---------------------------------------------------+


+---------------------------------------------------+
| Config capture webserver                          |
+---------------------------------------------------+
| Keyfile: /home/abc/key.pem                        |
| Source Interface: ens32                           |
| Destination Interface: ens35                      |
| Server IP address: 192.168.100                  |
| TCP Port: 443                                     |
| TCP DSSL Port: 80                                 |
+---------------------------------------------------+

root@Utest:/var/log# The key.pem is the same pem file ngix https server use and has no password. Ngix web server config file. # HTTPS server # server { listen 443; server_name localhost;

    ssl                  on;
    ssl_certificate      C:/inetpub/nginx-1.14.0/conf/certificate.pem;
    ssl_certificate_key  C:/inetpub/nginx-1.14.0/conf/key.pem;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        root   html;
        index  index.html index.htm;
    }
}

} I also add this key.pem to wireshark and works default Web Server use TLS_RSA_WITH_AES_256_CBC_SHA_256 and TLS 1.0

The issue now is I can see Viewssld runing: root@Utest:/var/log# ps aux | grep viewss root 1779 0.0 0.2 22160 5924 ? Ss 16:33 0:00 viewssld -c /etc/viewssld.conf I can see tcpdump -i ens32 tcp port 443 and host 192.168.1.100 But get nothing form "tcpdump -i ens35"? Is there something wrong,and I can not find log file too. Any one can help me.

missyoyo avatar Oct 17 '18 08:10 missyoyo

Hello I find some message in syslog file: Oct 17 17:06:56 Utest viewssl daemon[1887]: => New Session: 192.168.1.100:443<->192.168.1.121:58791 Oct 17 17:06:56 Utest viewssl daemon[1887]: SSL session: 192.168.1.100:443<->192.168.1.121:58791, error code: -7: SSL Protocol error Oct 17 17:06:56 Utest viewssl daemon[1887]: <= Session closing: 192.168.1.100:443<->192.168.1.121:58791#011pkts recv: 581 pkts drop: 0

See "error code: -7: SSL Protocol error",I even dissable TLS1.0 and use SSL V3 instead. But still get error message. Any one know how to fix this?

missyoyo avatar Oct 17 '18 09:10 missyoyo

@missyoyo do you found resolutions for this error? error code: -7: SSL Protocol error

vdministrator avatar Dec 13 '19 08:12 vdministrator