I have stunnel v5.44 (Ubuntu 18.04 v3:5.44-1ubuntu3) configured on a client to connect to a server in a screened subnet. The remote host has syslog configured to listen for logfiles over the stunnel connection. The client, of course, is configured to forward it's logs to the server over stunnel.
This setup has worked great for years, but sometime last year (or year before? gawd 2020...), during OS upgrades (Ubuntu 16.04 and 18.04), something changed where stunnel is now spamming the logfiles with hundreds of error messages per second whenever the remote syslog server is rebooted or unavailable.
...
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126349]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126350]: Service [syslog_tunnel] accepted connection from 127.0.0.1:52970
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126350]: s_connect: connect 172.22.15.23:51400: Connection refused (111)
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126350]: No more addresses to connect
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126350]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 20 04:20:31 nwhost stunnel[25787]: LOG5[2126351]: Service [syslog_tunnel] accepted connection from 127.0.0.1:52974
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126351]: s_connect: connect 172.22.15.23:51400: Connection refused (111)
Jan 20 04:20:31 nwhost stunnel[25787]: LOG3[2126351]: No more addresses to connect
...
In my clientside /etc/stunnel/remote_log.conf I have this, but the errors keep filling up the logs:
client = yes
cert = /etc/stunnel/shared/stunnel.pem
pid = /var/run/stunnel4/syslog_stunnel.pid
syslog = no
output = /var/log/stunnel4/stunnel.log
[syslog_tunnel]
accept = 127.0.0.1:5140
connect = 172.22.15.23:51400
I thought syslog = no would disable logging (man page) but it doesn't. Anyone know of a config that works or something to disable the spammy logging altogether?
