亚洲在线久爱草,狠狠天天香蕉网,天天搞日日干久草,伊人亚洲日本欧美

為了賬號安全,請及時綁定郵箱和手機立即綁定
已解決430363個問題,去搜搜看,總會有你想問的

如何過濾錯誤日志編寫器:TLS 握手錯誤

如何過濾錯誤日志編寫器:TLS 握手錯誤

Go
臨摹微笑 2023-03-07 11:39:29
如何在錯誤日志中過濾掉這類錯誤信息?這些消息充斥著錯誤日志,很難監控應用程序。這些消息主要發生在沒有任何 HTTP 請求的情況下嘗試建立 TLS 連接時2022/10/23 01:05:26 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: read tcp xx.xx.xx.xx:x->xx.xx.xx.xx: read: connection reset by peer2022/10/23 01:05:26 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])2022/10/23 02:58:54 server.go:3230: http: TLS handshake error from xx.xx.xx.xx: EOF
查看完整描述

1 回答

?
瀟瀟雨雨

TA貢獻1833條經驗 獲得超4個贊

http.Server有領域ErrorLog。您可以將其底層編寫器替換為自定義編寫器,該編寫器會過濾掉包含“TLS 握手錯誤”的字符串


下面是一個有兩個服務器的簡單示例。一臺服務器監聽8443端口,使用全量日志。另一臺服務器使用過濾日志,監聽8444端口。


客戶端連接到服務器。具有完整日志的服務器打印http: TLS handshake error from 127.0.0.1:xxxxx: remote error: tls: bad certificate. 帶有過濾日志的服務器什么也沒有。


該示例演示了最簡單的過濾記錄器,它過濾掉具有固定子字符串的行。


package main


import (

    "bytes"

    "context"

    "fmt"

    "io"

    "log"

    "net/http"

    "os"

    "sync"

    "time"

)


// Filters out lines that contain substring

type FilteringWriter struct {

    writer    io.Writer

    substring []byte

}


func (fw FilteringWriter) Write(b []byte) (n int, err error) {

    if bytes.Index(b, fw.substring) > -1 {

        // Filter out the line that matches the pattern

        return len(b), nil

    }

    return fw.writer.Write(b)

}


func NewFilteringWriter(writer io.Writer, pattern string) FilteringWriter {

    return FilteringWriter{

        writer:    writer,

        substring: []byte(pattern),

    }

}


// Server handler function

func HelloWorld(w http.ResponseWriter, req *http.Request) {

    w.Header().Set("Content-Type", "text/plain")

    w.Write([]byte("Hello, world!\n"))

}


// Trivial server executor

func runServer(server *http.Server, wg *sync.WaitGroup) {

    server.ListenAndServeTLS("server.crt", "server.key")

    wg.Done()

}


// Shutdown server

func shutdownServer(server *http.Server) {

    ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(2*time.Second))

    server.Shutdown(ctx)

    cancel()

}


func main() {

    fullLogger := log.New(

        os.Stderr,

        "full: ",

        log.LstdFlags,

    )

    // Log that filters "TLS handshake error"

    errorLogger := log.New(

        NewFilteringWriter(

            os.Stderr,

            "http: TLS handshake error",

        ),

        "filtered: ",

        log.LstdFlags,

    )


    serverMux := http.NewServeMux()

    serverMux.HandleFunc("/hello", HelloWorld)


    server1 := &http.Server{

        Addr:     "localhost:8443",

        Handler:  serverMux,

        ErrorLog: fullLogger,

    }

    server2 := &http.Server{

        Addr:     "localhost:8444",

        Handler:  serverMux,

        ErrorLog: errorLogger,

    }


    wg := sync.WaitGroup{}

    wg.Add(2)

    go runServer(server1, &wg)

    go runServer(server2, &wg)


    // Test loggers

    // Client connects to the servers

    // The server with the full log prints

    // `http: TLS handshake error from 127.0.0.1:53182: remote error: tls: bad certificate`

    // the server with the filtering log pints nothing

    client := http.Client{}


    time.Sleep(100 * time.Millisecond)

    log.Println("Client connects to the server with full log")

    reponse, err := client.Get(fmt.Sprintf("https://%s/hello", server1.Addr))

    if err != nil {

        log.Printf("Client failed: %v", err)

    } else {

        log.Printf("Server returned: %v", reponse)

    }


    time.Sleep(100 * time.Millisecond)

    log.Println("Client connects to the server with filtered log")

    reponse, err = client.Get(fmt.Sprintf("https://%s/hello", server2.Addr))

    if err != nil {

        log.Printf("Client failed: %v", err)

    } else {

        log.Printf("Server returned: %v", reponse)

    }


    shutdownServer(server1)

    shutdownServer(server2)

    wg.Wait()

}

輸出:


2022/10/27 19:20:52 Client connects to the server with full log

2022/10/27 19:20:52 Client failed: Get "https://localhost:8443/hello": x509: certificate is not valid for any names, but wanted to match localhost

full: 2022/10/27 19:20:52 http: TLS handshake error from 127.0.0.1:53182: remote error: tls: bad certificate

2022/10/27 19:20:52 Client connects to the server with filtered log

2022/10/27 19:20:52 Client failed: Get "https://localhost:8444/hello": x509: certificate is not valid for any names, but wanted to match localhost

如您所見,服務器 1 有日志行,服務器 2 沒有日志行。


查看完整回答
反對 回復 2023-03-07
  • 1 回答
  • 0 關注
  • 122 瀏覽
慕課專欄
更多

添加回答

舉報

0/150
提交
取消
微信客服

購課補貼
聯系客服咨詢優惠詳情

 幫助反饋 APP下載

慕課網APP
您的移動學習伙伴

 公眾號

掃描二維碼
關注慕課網微信公眾號