httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Forensic Logging
Date Mon, 29 Dec 2003 19:57:09 GMT
Jeff Trawick wrote:

> Ben Laurie wrote:
> 
>> One of the problems that crops up depressingly often is that someone 
>> gets owned, and they can't find out why. This is generally because the 
>> offending request didn't get logged, because the server died before it 
>> logged it.
> 
> 
> far more often than getting owned are the run-of-the-mill crashes, where 
> this would save a bit of time too

Sure thing.

>> I propose that we should include this as a standard module.
> 
> +1 (concept)

Excellent, do I hear more?

> 
>> I think we should also enable it by default.
> 
> then simply building new Apache with previous configure invocation will 
> result in this fresh piece of code inside the server writing logs...  
> this doesn't sound very safe to me ;)

OK, I live in hope :-)

> I think you should have to specify a log file name for it to do anything 

Agreed.

> and:
> 
> 2.1: fine with me if module is built/loaded by default
> 
> 1.3, 2.0: I suggest enabling with --enable-modules={most|all} but not by 
> default

If it does nothing unless a file is specified, why not enable by default?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message