I have istio 1.1.3 with mtls and service-registry on a kubespray k8 cluster. I want to secure all outgoing traffic, hence I create service-entries for each external service that my services want to talk to.
I would like to use istio-proxy logs to see the blocked communication attempts for all sort of traffic.
If i curl from within container to a (blocked) http://google.com i see 404 NR in istio-proxy logs. Also curl receives 404. As expected
If i change call to use https, and curl (still blocked) https://google.com, i see the following curl error (35) Unknown SSL protocol error in connection to google.com:443 and nothing shows up in istio-proxy logs (why nothing?)
How can i see all connection attempts in istio-proxy? I have a pretty convoluted bunch of services that do covert-ops outgoing calls and i need to figure out what hostnames/ips/ports they are trying to hit.
Mixer logs are only showing me the communication to the defined service-entries. How do i see the ones that istio is denying?