httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Forensic Logging
Date Mon, 29 Dec 2003 13:39:28 GMT
One of the problems that crops up depressingly often is that someone 
gets owned, and they can't find out why. This is generally because the 
offending request didn't get logged, because the server died before it 
logged it.

So, I've written a forensic logging module. What this does is log the 
request as soon as all the headers have been read, then log again when 
its complete. Any request that doesn't complete should be viewed with 
great suspicion!

I also include a script that parses the log and reports on incomplete 
requests.

I propose that we should include this as a standard module. I think we 
should also enable it by default. The 1.3 module and script are enclosed 
for review. I'm about to embark on porting it to 2.x.

As always, comments/questions welcome.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


Mime
View raw message