httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Cleanup: obsolete modules?
Date Fri, 06 Mar 1998 01:28:51 GMT
You know what amazes me about the whole mod_log_config thing is that some
very basic necessary features don't exist in it, yet folks insist that it
needs features that it already has (via piping). 

For example, it was only recently that %a was added.  Without that your
logs are probably absolutely useless for security auditing because the
server may or may not have done DNS resolution... and a resolved address
is useless for security auditing.  (See PR#1113 for the first report of
this.) 

Furthermore, completely lame CLF ancestry means that not only do we have a
log format that is ambiguous, but we have a format which is unsafe for
viewing on terminals, and allows for bogus requests to "fake"  other log
entries.  I'm talking here about unprintable characters in request
headers.  (See PR#1358, PR#1598, and PR#1670, and rants I made to
new-httpd probably two years ago now :) 

I've written a completely custom log module which guarantees that you can
split a record on | and be certain that field N contains a particular
value -- no ambiguities.  This works even if folks place | in request
headers.  It also ensures that no record is longer than PIPE_MAX by
truncating client supplied fields to whatever length seemed appropriate
(so log writing is guaranteed atomic).  Unfortunately I wrote this under
contract, and it is not run-time configurable. 

But whatever. 

Why is it that sendmail, qmail, and bind (to pick three random examples) 
do not have any sophisticated logging features?  Somehow they get by
without them.  I read the "grep" man page and it allows me to find the
stuff I need in their logs.  I hear there's also this new tool "perl" 
which is even more powerful and will let me process log files. 

Go ahead, add more features that already exist.  I'm tired of arguing
against them every time it comes up.  It's the windows philosophy:  one
program has to do everything.  It's not the unix philosophy:  small tools
that do one job and do it well. 

Dean

On Thu, 5 Mar 1998, Rodent of Unusual Size wrote:

> Ralf S. Engelschall wrote:
> > 
> > We have two really obsolete modules
> > 
> >    modules/standard/mod_log_agent.c
> >    modules/standard/mod_log_referer.c
> > 
> > which are replaced by mod_log_config.c for a long time, now.
> 
> Hoo boy, here we go again.  No, they are *not* replaced by mod_log_config
> because the latter doesn't provide the RefererIgnore functionality.
> Every time I try to get rid of these by putting that into mod_log_config
> (twice now, if not three times), I get hammered for trying to bloat
> the server with stuff that should be done by a piped logger.
> 
> I have a patch somewhere around that [dis]ables logging on a per-request
> basis depending upon envariable settings.  I still intend to fight to
> get it into mod_log_config and thereby allow the two modules above to
> retire to a well-earned pasture.  (So how come all the cow flops are on
> my side of the fence? ;-)
> 
> I continue to have a strong belief that it is better for the server to
> not log an undesirable message at all than for it to log it just so
> it can be thrown away later, potentially taking up significant disk
> space betimes.
> 
> #ken	P-)}
> 
> Ken Coar                    <http://Web.Golux.Com/coar/>
> Apache Group member         <http://www.apache.org/>
> "Apache Server for Dummies" <http://WWW.Dummies.Com/
> 
> 


Mime
View raw message