Love is the best guide to chose right from wrong
Advertise on this site  
Read and enjoy hundreds of helpful earlier posts by categories:
My Love Love Secrets of Love Help Internet SEO Linux admin Funny jokes Fun Kriya Yoga Christmas Editors pick
Philippines Cambodia Business solutions Alternate lifestyle Life and death Politics and God Chat
Deutschsprachige Posts zu folgenden Kategorien:
Liebe Weihnachten Reisen
Anteriores artículos de blog en español:
Dios y amor
Google
 

[Linux admin]Received Thu, 06 Dec 2007 06:58:27 PHT

Howto omit logging of Apache internal dummy connection and local file requests - conditional logging with SetEnvIf on SuSE 10.x and apache2.2

A special situation different from published default solutions thanks to some SuSE relevant changes in apache2.2. configuration procedures made me search hours during several earlier attempts and finally this full night ... until solution found.

The reason why the published solutions for conditional logging / dontlog using SetEnvIf failed to work is the fact that in SuSE the apache2 global configuration is done in a separate file:

/etc/sysconfig/apache2

To enable normal SetEnvIf syntax in your server relevant apache2 configuration files such as the SuSE /etc/apache2/default-server.conf you have to remove in file - /etc/sysconfig/apache2 - the content of the quotes:

APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"

To enable regular manual configuration in apache2 config files. the above line thus needs to look like:

APACHE_ACCESS_LOG=""

Leave below file UNTOUCHED in a SuSE system - this file really is for direct configuration done by apache and NOT by humans on a SuSE Linux system!! The below global.conf file is completely rewritten from scratch after each restart of your apache2 - hence any manual modification get lost.

/etc/apache2/sysconfig.d/global.conf

Instead - place your SetEnvIf configuration in the file "default-server.conf" - again in a clean SuSE apache configuration there should be NO such configuration added to the httpd.conf file !!

/etc/apache2/default-server.conf

The IP 88.198.14.45 is my local IP - replace this IP by your own ... in some cases it may be 127.0.0.1 or whatever your host situation results for your own individual situation - just have a look at the access_log lines you want to omit. ( Use the below code WITHOUT the line numbering !!! )

  1. <IfModule mod_setenvif.c>
  2. SetEnvIf Remote_Addr "88\.198\.14\.45" dontlog
  3. SetEnvIf Request_URI \.ico dontlog
  4. SetEnvIf Request_URI \.css dontlog
  5. SetEnvIf Remote_Addr "::1" dontlog
  6. CustomLog /var/log/apache2/access_log combined env=!dontlog
  7. </IfModule>

After inserting above configuration - first make a syntax test of your apache2 - SuSE Linux has the 2 below tests:

  • rcapache2 configtest
  • rcapache2 extreme-configtest

If both tests result in OK - then you need to restart your apache to make the changes available to the running apache2 server:

rcapache2 restart

Alternatively you may place above conditional logging into vhost config files if you have vhosts. I am lucky to have one server = one domain = one IP just for myself.

Above line 2, 3 and 6. is to omit logging for local requests - that includes:

  • Apache (internal dummy connection) - this is the result of a feature and NO BUG in newer apache versions 2.2 !
  • Any local request such as in my case SSI requests by PHP

Line 4. and 5. are to omit certain other file extensions - in this a.m. case favicon and CSS files. While many do consider omit logging of gif / jpg files, I clearly warn of such practice. any file that is part of your actual CONTENT should be logged. There may be situations that occur later when you need logfiles of precise traffic from earlier months or even years. Examples are but not limited to:

  1. You may find later graphic format files such as gif, jpg or others that contain malicious code !! Log entries of all such files will help you in your forensics to find first occurrence and all related data to the malicious file!!
  2. Part of my ongoing publisher work ( past and future ) will be about protecting from copyright infringement, hot linking and all related work you may one day find necessary. Most of the reports to be sent to hosts/server-owners of hot linkers or copyright infringements may require proof by precise log lines. Hence if you are a photo or graphic publisher, you absolutely need all graphic files to be logged!

Logging however can be omitted either by path - to omit logging of service files, CSS, favicon and above all local requests. Why ? Every logged access sucks some resources because a log line creates one HDD writing access!

You may want to verify the success of your conditional logging in real time to make necessary corrections if needed. I use below tail command and pipe it into the grep to filter / display just the log lines containing the string needed to recognize success or failure of our changes - in my case of omitting local requests I used.

tail -f /var/log/apache2/access_log | grep "88.198.14.45"

Before activating / restarting apache, I had a steady flow of log lines showing my local IP - after applying the above changes - the flow instantly stopped.

If testing for your CSS files - beware that you may have CSS files also as referrer when a CSS calls a gif or background image. omitted is in above CSS as requested file and NOT as referrer.

Learn more about the full scale of logging optimization possibilities using Environment Variables in Apache.

God bless

hans

permalinkpermalink   
AddThis Feed Button
Home

Kriya Yoga, God and Love = Cyberspace Ashram

Internet Blogs - Blog Top Sites Religion blogs Internet Blogs Blog Submission Blog Top List Love