httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <b...@wstoddard.com>
Subject Re: Forensic Logging
Date Mon, 29 Dec 2003 20:28:50 GMT
Ben Laurie wrote:
> Jeff Trawick wrote:
> 
>> Ben Laurie wrote:
>>
>>> One of the problems that crops up depressingly often is that someone 
>>> gets owned, and they can't find out why. This is generally because 
>>> the offending request didn't get logged, because the server died 
>>> before it logged it.
>>
>>
>>
>> far more often than getting owned are the run-of-the-mill crashes, 
>> where this would save a bit of time too
> 
> 
> Sure thing.
> 
>>> I propose that we should include this as a standard module.
>>
>>
>> +1 (concept)
> 
> 
> Excellent, do I hear more?
> 
+1 (concept)


>>
>>> I think we should also enable it by default.
>>
>>
>> then simply building new Apache with previous configure invocation 
>> will result in this fresh piece of code inside the server writing 
>> logs...  this doesn't sound very safe to me ;)
> 
> 
> OK, I live in hope :-)
> 
>> I think you should have to specify a log file name for it to do anything 
> 
> 
> Agreed.
> 
>> and:
>>
>> 2.1: fine with me if module is built/loaded by default
>>
>> 1.3, 2.0: I suggest enabling with --enable-modules={most|all} but not 
>> by default
> 
> 
> If it does nothing unless a file is specified, why not enable by default?

Like Jeff, I am more interested in this for debugging process crashes that are not necessarily
related to 
attacks. Might be useful to enable this function by default in a mode where it records information
in an 
in-process buffer that can easily be sniffed out of a core file (tag the buffer with an eye
catcher).

Bill



Mime
View raw message