httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: Forensic Logging
Date Mon, 29 Dec 2003 19:57:09 GMT
Jeff Trawick wrote:

> Ben Laurie wrote:
>> One of the problems that crops up depressingly often is that someone 
>> gets owned, and they can't find out why. This is generally because the 
>> offending request didn't get logged, because the server died before it 
>> logged it.
> far more often than getting owned are the run-of-the-mill crashes, where 
> this would save a bit of time too

Sure thing.

>> I propose that we should include this as a standard module.
> +1 (concept)

Excellent, do I hear more?

>> I think we should also enable it by default.
> then simply building new Apache with previous configure invocation will 
> result in this fresh piece of code inside the server writing logs...  
> this doesn't sound very safe to me ;)

OK, I live in hope :-)

> I think you should have to specify a log file name for it to do anything 


> and:
> 2.1: fine with me if module is built/loaded by default
> 1.3, 2.0: I suggest enabling with --enable-modules={most|all} but not by 
> default

If it does nothing unless a file is specified, why not enable by default?




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

View raw message