Hello, On Tue, Nov 08, 2016 at 03:55:04PM +0100, Arnall wrote: > Hello everyone, > > i've made some test on the 'option dontlognull' / 'no option dontlognull' > and 'tcp-request deny', because i want to be sure that IP in blacklist is > logged correctly. I'm still not sure about the behavior, if i have "no > option dontlognull' i have all denied requests logged, that's OK. But with > 'option dontlognull' i still have "some" denied requests logged from time to > time ( BADREQ + PR-- status, test made with own IP in blacklist ), is there > some kind of cache with 'option dontlognull' that just log the first denied > request and not the others for a specific IP ? It would be interesting to > avoid noise in log files, but the doc just say : option "dontlognull" > indicate that a connection on which no data has been transferred will not be > logged.
In fact there was an action on your connection which is the deny. I'm surprized that some of your connections are not logged when you do this. This option was created to avoid logging useless connections, typically connection probes from external components, or pre-connects from browsers which finally don't send anything. So normally if you actively close with "tcp-request deny", it should be logged. I'd say that if some of them are not logged I'm interested in how to reproduce this to ensure that in the future they will all be logged. > Any hint ? Then do not log, that's much better. You can even change the log level with the "set-log-level silent" directive. That seems to better match your needs. Best regards, Willy
