Update documentation for logging improvements

- Add logging section to README.md with logrotate configuration details - Add comprehensive Logging Configuration section to DOCUMENTATION.md - Update CHANGELOG.md with version 1.4.4 entry for logging features - Update table of contents in DOCUMENTATION.md to include logging section Features documented: - Automatic log rotation with logrotate - Log file locations and management - Manual log management commands - Troubleshooting with logs - Log analysis techniques

Update documentation for logging improvements
- Add logging section to README.md with logrotate configuration details - Add comprehensive Logging Configuration section to DOCUMENTATION.md - Update CHANGELOG.md with version 1.4.4 entry for logging features - Update table of contents in DOCUMENTATION.md to include logging section Features documented: - Automatic log rotation with logrotate - Log file locations and management - Manual log management commands - Troubleshooting with logs - Log analysis techniques
47bb3803 · nextime · fc736a9c · 47bb3803 · 47bb3803 · 47bb3803
Commit 47bb3803 authored Sep 15, 2025 by nextime
Hide whitespace changes
Inline Side-by-side

Showing with 192 additions and 3 deletions

CHANGELOG.md CHANGELOG.md +50 -0

DOCUMENTATION.md DOCUMENTATION.md +113 -3

README.md README.md +29 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,56 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [1.4.4] - 2025-09-15
+
+### Added
+- **Advanced Logging with Logrotate**: Comprehensive logging system for all daemons
+  - Added `/var/log/wssshd/wssshd.log` for main daemon logging with automatic rotation
+  - Added `/var/log/wssshc/wssshc.log` for client daemon logging with automatic rotation
+  - Configured logrotate with weekly rotation, 52-week retention, and automatic compression
+  - Proper file permissions and ownership for security
+  - HUP signal handling for log reopening after rotation
+
+- **Init Script Logging Integration**: Enhanced init scripts to redirect output to log files
+  - Modified `wssshd.init` to use `start-stop-daemon --output` for proper log redirection
+  - Modified `wssshc.init` to redirect output to log files (already implemented)
+  - Ensured correct PID storage while maintaining log redirection
+  - Fallback mechanisms for different start-stop-daemon versions
+
+- **Logrotate Configuration Files**: Professional log management configuration
+  - `/etc/logrotate.d/wssshd` - Configuration for wssshd daemon logs
+  - `/etc/logrotate.d/wssshc` - Configuration for wssshc client logs
+  - Automatic post-rotation HUP signals to daemons
+  - Proper error handling and missing file tolerance
+
+### Changed
+- **Service Management**: Init scripts now properly redirect stdout and stderr to log files
+- **Log Management**: All daemon output is now captured in managed log files
+- **System Integration**: Complete integration with Debian's logrotate system
+
+### Technical Details
+- **Log File Locations**:
+  - wssshd: `/var/log/wssshd/wssshd.log`
+  - wssshc: `/var/log/wssshc/wssshc.log`
+  - Watchdog logs: `/var/log/wssshd/watchdog.log` and `/var/log/wssshc/watchdog.log`
+
+- **Log Rotation Policy**:
+  - Weekly rotation schedule
+  - 52 weeks (1 year) retention period
+  - Automatic gzip compression
+  - Delayed compression for immediate access to recent logs
+  - Proper file ownership (wssshd:wssshd, wssshc:wssshc)
+
+- **Init Script Improvements**:
+  - Used `start-stop-daemon --output` option for wssshd
+  - Maintained backward compatibility with existing installations
+  - Proper error handling for different start-stop-daemon versions
+
+### Security
+- **File Permissions**: Log files created with secure permissions (644)
+- **User Isolation**: Proper user/group ownership for log files
+- **Log Integrity**: Automatic log rotation prevents log file manipulation
+
 ## [1.4.3] - 2025-09-14

 ### Fixed

--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@@ -7,9 +7,10 @@
 3. [Protocol Specification](#protocol-specification)
 4. [API Reference](#api-reference)
 5. [Configuration](#configuration)
-6. [Security](#security)
-7. [Troubleshooting](#troubleshooting)
-8. [Development](#development)
+6. [Logging Configuration](#logging-configuration)
+7. [Security](#security)
+8. [Troubleshooting](#troubleshooting)
+9. [Development](#development)

 ## Overview

@@ -436,6 +437,115 @@ The wssshd server requires:
 2. **Domain Configuration**: Domain suffix for hostname parsing
 3. **SSL Certificates**: Valid certificate and private key files

+## Logging Configuration
+
+### Log Files and Locations
+
+WebSocket SSH implements comprehensive logging with automatic rotation:
+
+- **wssshd Main Log**: `/var/log/wssshd/wssshd.log`
+  - Contains all daemon operations, client connections, tunnel requests
+  - Includes error messages, debug information, and service status
+
+- **wssshc Client Log**: `/var/log/wssshc/wssshc.log`
+  - Records client registration attempts and connection status
+  - Logs WebSocket connection events and reconnection attempts
+
+- **Watchdog Logs**:
+  - `/var/log/wssshd/watchdog.log` - wssshd process monitoring
+  - `/var/log/wssshc/watchdog.log` - wssshc process monitoring
+
+### Logrotate Configuration
+
+All log files are managed by logrotate with the following configuration:
+
+```bash
+/var/log/wssshd/wssshd.log {
+    weekly
+    missingok
+    rotate 52
+    compress
+    delaycompress
+    notifempty
+    create 644 wssshd wssshd
+    postrotate
+        if [ -f /var/run/wssshd.pid ]; then
+            kill -HUP $(cat /var/run/wssshd.pid) 2>/dev/null || true
+        fi
+    endscript
+}
+
+/var/log/wssshc/wssshc.log {
+    weekly
+    missingok
+    rotate 52
+    compress
+    delaycompress
+    notifempty
+    create 644 wssshc wssshc
+    postrotate
+        if [ -f /var/run/wssshc.pid ]; then
+            kill -HUP $(cat /var/run/wssshc.pid) 2>/dev/null || true
+        fi
+    endscript
+}
+```
+
+### Log Rotation Features
+
+- **Weekly Rotation**: Logs are rotated every week
+- **52-Week Retention**: 1 year of log history is maintained
+- **Automatic Compression**: Rotated logs are compressed to save disk space
+- **Delayed Compression**: First rotated log remains uncompressed for immediate access
+- **Permission Management**: Proper file ownership and permissions (644)
+- **Signal Handling**: HUP signal sent to daemons after rotation for log reopening
+
+### Manual Log Management
+
+```bash
+# Force log rotation
+logrotate -f /etc/logrotate.d/wssshd
+logrotate -f /etc/logrotate.d/wssshc
+
+# Check logrotate configuration
+logrotate -d /etc/logrotate.d/wssshd
+
+# View current logs
+tail -f /var/log/wssshd/wssshd.log
+tail -f /var/log/wssshc/wssshc.log
+
+# View compressed logs
+zcat /var/log/wssshd/wssshd.log.1.gz | less
+```
+
+### Log Analysis
+
+Key log entries to monitor:
+
+- **Client Registration**: `"Client X registered"` or `"Client X disconnected"`
+- **Tunnel Operations**: `"Tunnel request for client X"` or `"Tunnel established"`
+- **Errors**: `"Connection failed"`, `"SSL verification failed"`, `"Authentication error"`
+- **Service Status**: `"Daemon started"`, `"Watchdog monitoring active"`
+
+### Troubleshooting with Logs
+
+1. **Connection Issues**:
+   ```bash
+   grep "Connection failed" /var/log/wssshd/wssshd.log
+   grep "WebSocket" /var/log/wssshc/wssshc.log
+   ```
+
+2. **Client Registration Problems**:
+   ```bash
+   grep "register" /var/log/wssshd/wssshd.log
+   grep "Client" /var/log/wssshc/wssshc.log
+   ```
+
+3. **Service Health**:
+   ```bash
+   grep "started\|stopped\|restarted" /var/log/wssshd/watchdog.log
+   ```
+
 ## Security

 ### Encryption

--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ A modern SSH tunneling system that uses WebSocket connections to securely route
 - **Professional Service Management**: Complete init scripts and service integration
 - **Watchdog Monitoring**: Automatic daemon restart and high availability
 - **Enterprise Reliability**: Professional process supervision and monitoring
+- **Advanced Logging**: Automatic log rotation with logrotate for all daemons
 - **Donation Support**: Community funding through PayPal and cryptocurrency

 ## Architecture
@@ -407,6 +408,34 @@ Each client machine must be registered with wssshd using a unique ID:

 The client will maintain a persistent WebSocket connection to the daemon.

+## Logging and Monitoring
+
+### Automatic Log Rotation
+WebSocket SSH includes comprehensive logging with automatic log rotation managed by logrotate:
+
+- **wssshd logs**: `/var/log/wssshd/wssshd.log` - Main daemon logs with weekly rotation
+- **wssshc logs**: `/var/log/wssshc/wssshc.log` - Client daemon logs with weekly rotation
+- **Watchdog logs**: `/var/log/wssshd/watchdog.log` and `/var/log/wssshc/watchdog.log` - Process monitoring logs
+
+### Logrotate Configuration
+All logs are automatically rotated weekly with:
+- 52 weeks of retention (1 year)
+- Automatic compression of rotated logs
+- Proper file permissions and ownership
+- HUP signal sent to daemons after rotation
+
+### Service Integration
+When installed via Debian packages, logging is automatically configured:
+```bash
+# View current logs
+tail -f /var/log/wssshd/wssshd.log
+tail -f /var/log/wssshc/wssshc.log
+
+# Check logrotate status
+logrotate -d /etc/logrotate.d/wssshd
+logrotate -d /etc/logrotate.d/wssshc
+```
+
 ## Security Considerations

 - **SSL/TLS**: All WebSocket communications are encrypted