Sorry for picking up months later on this thread; I've just gone to the mailing list archives and lo! there was my problem, discussed but not resolved satisfactorily. I'll quote sparingly to bring you back up to speed.
----- Original Message ----- From: "Owen Boyle" <[EMAIL PROTECTED]> Subject: Re: Stop mod_ssl from writing errors to the general Apache error logfile [Bert Cortin:] [clip: "[error] mod_ssl: SSL handshake interrupted by system" is sullying my ErrorLog against my wishes] > > I dont what no ErrorLog at all but just no SSL errors in my ErrorLog (even > > inside the virtual host!). I don't see the point that if I set SSLLogLevel > > to none that this only means that no dedicated SSL logging is done, but > > messages of level ``error'' are still written to the general Apache error > I think you're missing a crucial point - you can have SEVERAL > error_logs... You do not need to have just one ErrorLog directive, you > can also have an ErrorLog inside a VH and it will receive log messages > only from that VH. Since you need a separate VH for SSL, it is easy to > put an extra ErrorLog directive inside the SSL VH and it will trap all > the error messages generated by requests to that VH. So your config > would look like: > > ErrorLog logs/main_error_log > <VirtualHost ip-addr:433> > ErrorLog logs/SSL_error_log > </VirtualHost> > > Then you will get TWO error_logs... and the main_error_log will not have > any SSL errors in it. [clip: send the SSL VH's error log to /dev/null to not get errors from the SSL VH] Sorry, Owen, but it seems like you might be missing the OP's point. If his situation is as mine (which by his examples, it clearly is), your solution doesn't really address the problem. My specific problem is, my load-balancing system monitors the SSL servers, and it causes a "SSL handshake interrupted by system" message about 4 times a minute. Since I know this isn't a problem, I don't want to see it chewing roughly 1 kilobyte per minute of disk space - it adds up to 3.6 megs per day of pure junk. But I *really* want to see other error messages, especially those generated by my own modules running in this SSL vhost. I'd most prefer to skip *just* this message, as I don't regard it as an error in the first place... and Hopefully the System: Connection reset by peer (errno: 104) which always follows is easily removed/suppressed at the same time. Other mod_ssl errors, I'm happy to be made aware of. Any chance of getting such a fix into a coming version? Independently of that specific request, though, I feel there's a misfeature that could be corrected. The docs clearly describe the behavior that SSLLogLevel doesn't affect the ErrorLog, just the SSLLog. My humble opinion is that this may be incorrect behavior, regardless of how well-documented. The symptom is that "SSLLogLevel none" doesn't suppress error messages from being logged. One of two fixes seems reasonable to me: Add an SSLErrorLogLevel directive, to allow separate control over the log level for the ErrorLog, or make the log level for the ErrorLog pay attention to the SSLLogLevel directive. Hopefully my input as a real user of the software is helpful to the development team, even if I'm not able to contribute the actual patches to implement my suggestions. Thanks both retroactively and in advance for the great software and future refinements, respectively. Randy ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
