Description
OpenBSD has, by default, in basesystem, since 5.7, the relay server named relayd.
-
Website: https://bsd.plumbing/
-
OpenBSD: 6.6, 6.7
The purpose of this article is to learn how to set up a logging of the HTTP(S) stream that passes through relayd.
So very simple!
Configuration
- File configuration is:
/etc/relayd.conf
Global Configuration
In first, we need to declare the global parameter log into the file config.
relayd.conf(5)#log
Explainations
The following log declarations are those signification:
log state changesandlog host checksare useful to follow the state of the host or the checks. Those states can be of type:up: if state is positivedown: if the host is down, or the checks are not good.unknown: if the host is disable or not yet controled.
log connection: to log all the traffic TCP, only if relayd act as relay. 1 .
Note: the optionerrorsis useful when we will log only if TCP connections send errors.
1 In fact, relayd can be configured too as a router, or redirection server.
Filters rules
Relays are able to filter the connections by adding specific filters parameters.
We will use the action match on which we apply the logging option log.
relayd.conf(5)#match
This corresponding action will apply on:
cookie: an action on a cookie. 2 relayd.conf(5)#cookieheader: to target an HTTP header. relayd.conf(5)#headerpath: to scan the asked URL. 2 relayd.conf(5)#pathquery: to analyse the URL queries. 2 relayd.conf(5)#queryurl: to get complete URL. 2 relayd.conf(5)#url
2 only available on HTTP request.
Configuration: example
The follow exampe show us five filters rules:
- the first four on the matching header
- the last log the complete URL
File: /etc/relayd.conf
|
|
Logs
All logs are visibles into:
/var/log/daemon,/var/log/message.
log daemon: example
Code: sh
Into this example, we have:
- done connections
- failed connections, error 403, bloqued by filters rule
block
log message: example
Code: sh
In this other example, we see 3 writing about bloqued rules, with error 403.