Description
OpenBSD has, by default, in basesystem, since 5.7, the relay server named relayd.
-
Website: https://bsd.plumbing/
-
OpenBSD: 6.6, 6.7
The purpose of this article is to learn how to set up a logging of the HTTP(S) stream that passes through relayd.
So very simple!
Configuration
- File configuration is:
/etc/relayd.conf
Global Configuration
In first, we need to declare the global parameter log
into the file config.
relayd.conf(5)#log
Explainations
The following log declarations are those signification:
log state changes
andlog host checks
are useful to follow the state of the host or the checks. Those states can be of type:up
: if state is positivedown
: if the host is down, or the checks are not good.unknown
: if the host is disable or not yet controled.
log connection
: to log all the traffic TCP, only if relayd act as relay. 1 .
Note: the optionerrors
is useful when we will log only if TCP connections send errors.
1 In fact, relayd can be configured too as a router, or redirection server.
Filters rules
Relays are able to filter the connections by adding specific filters parameters.
We will use the action match
on which we apply the logging option log
.
relayd.conf(5)#match
This corresponding action will apply on:
cookie
: an action on a cookie. 2 relayd.conf(5)#cookieheader
: to target an HTTP header. relayd.conf(5)#headerpath
: to scan the asked URL. 2 relayd.conf(5)#pathquery
: to analyse the URL queries. 2 relayd.conf(5)#queryurl
: to get complete URL. 2 relayd.conf(5)#url
2 only available on HTTP request.
Configuration: example
The follow exampe show us five filters rules:
- the first four on the matching header
- the last log the complete URL
File: /etc/relayd.conf
|
|
Logs
All logs are visibles into:
/var/log/daemon
,/var/log/message
.
log daemon: example
Code: sh
Into this example, we have:
- done connections
- failed connections, error 403, bloqued by filters rule
block
log message: example
Code: sh
In this other example, we see 3 writing about bloqued rules, with error 403.