Hi, since I started using OpenAS2, I'd had the EmailLogger disabled because of something that was going on when I first started up. I recently noticed that and turned it back on. Over the weekend, I received several emails on it that I think were related to random connection attempts (probably hacker probes or something) that started with lines like this:
2019-07-27 12:34:55.964 ERROR java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
...
2019-07-27 12:34:56.473 ERROR java.lang.NullPointerException
at org.openas2.processor.msgtracking.BaseMsgTrackingModule.buildMap(BaseMsgTrackingModule.java:62)
at org.openas2.processor.msgtracking.BaseMsgTrackingModule.handle(BaseMsgTrackingModule.java:19)
at org.openas2.processor.DefaultProcessor.handle(DefaultProcessor.java:65)
...
2019-07-27 12:34:56.194 ERROR javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
...
2019-07-28 00:13:25.990 ERROR java.io.IOException: Content-Length missing and no "Transfer-Encoding" header found to determine how to read message body.
at org.openas2.util.HTTPUtil.readData(HTTPUtil.java:250)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:99)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:202)
...
2019-07-28 00:55:11.619 ERROR javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
...
Since I expect this type of alerting will continue, and it's definitely not the kind of email I want to have to be processing and ignoring, is there any way to custom filter which types of log events get emailed?
E.g., I definitely would like to have reports on any type of failure that seems to get past the initial SSL handshaking and at least partially proceeds through authentication (anything where the SSL handshake completes [indicating it's not just a port probe or something] and where there's some indication that the partner has a valid AS2 ID [or pair of IDs] is something I would want to see errors emailed).
If there's not any such capability available for at least the EmailLogger, I would suggest that such a feature be considered for future inclusion.
I guess it could be as simple as allowing a list of phrases to not email alert on, but what would probably be better is something more formal as I'd suggested above where connections must complete an SSL handshake and supply valid AS2 ID pairs. In that way, if a connection had started but was interrupted, e.g., I'd get an email. Or, if a transmission completed, but there was a problem decrypting or verifying a signature, etc., again that'd be good to see via email.
Thanks for considering.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Currently there is no way to filter the logging via email. The email logger is hard coded to only send ERROR level messages. I can see that there is a relatively simple change that would probably do what you want and will implement a test version for you to try out and let you know when it is available.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, since I started using OpenAS2, I'd had the EmailLogger disabled because of something that was going on when I first started up. I recently noticed that and turned it back on. Over the weekend, I received several emails on it that I think were related to random connection attempts (probably hacker probes or something) that started with lines like this:
Since I expect this type of alerting will continue, and it's definitely not the kind of email I want to have to be processing and ignoring, is there any way to custom filter which types of log events get emailed?
E.g., I definitely would like to have reports on any type of failure that seems to get past the initial SSL handshaking and at least partially proceeds through authentication (anything where the SSL handshake completes [indicating it's not just a port probe or something] and where there's some indication that the partner has a valid AS2 ID [or pair of IDs] is something I would want to see errors emailed).
If there's not any such capability available for at least the EmailLogger, I would suggest that such a feature be considered for future inclusion.
I guess it could be as simple as allowing a list of phrases to not email alert on, but what would probably be better is something more formal as I'd suggested above where connections must complete an SSL handshake and supply valid AS2 ID pairs. In that way, if a connection had started but was interrupted, e.g., I'd get an email. Or, if a transmission completed, but there was a problem decrypting or verifying a signature, etc., again that'd be good to see via email.
Thanks for considering.
Currently there is no way to filter the logging via email. The email logger is hard coded to only send ERROR level messages. I can see that there is a relatively simple change that would probably do what you want and will implement a test version for you to try out and let you know when it is available.
Sounds great, thanks!
2.9.1 that provides enhancements to filter the Email logger messages has been released.
See the OpenAS2HowTo in the release package for information on additional parameters