Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: pass (nike.apache.org: domain of dmdabbs@gmail.com designates
 209.85.214.173 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=from:to:references:in-reply-to:subject:date:message-id:mime-version
         :content-type:content-transfer-encoding:x-mailer:thread-index
         :content-language;
        b=bHIkvCiA7yEAdIi3M7J6zUWewVxGX4k2sBVFZ+V+etnylSNGdw3dcMXkv7wxEZQZp6
         kHlSQVb8OVCOLhvK8tV89ak0MUSL52axZ2JtLfQW+HLMLbE0dQzf6PlyQv5wtRCpydOC
         SBEiTmINi8hJ+xWeyla84rw0k0cG6/RGHO1G8=
From: "David Dabbs" <dmdabbs@gmail.com>
To: <dev@httpd.apache.org>
References: <252802.94693.qm@web120102.mail.ne1.yahoo.com>
In-Reply-To: <252802.94693.qm@web120102.mail.ne1.yahoo.com>
Subject: RE: Apache logging
Date: Mon, 13 Sep 2010 00:18:17 -0500
Message-ID: <006601cb5303$13becdb0$3b3c6910$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thread-Index: ActS4/rceuXEyDB1ShitlmrlAyoGMAAHfEVQ
Content-Language: en-us


I'm not sure it is related, but I'd like to know the most efficient way=20
to debug error_log entries such as the following. In the first case, I=20
presume that the referrer was absent or was unable to be read.
Ideally a "conditional" forensics log  (i.e. only on error response =
codes)=20
would probably do it, but I don't think that's possible, right?


Thanks,

David


[Mon Sep 13 04:12:25 2010] [error] [client 71.225.73.189] request =
failed:
error reading the headers


[Mon Sep 13 04:25:22 2010] [error] [client 210.204.226.18] request =
failed:
error reading the headers, referer:
http://foo.com?dtm_com=3D28&dtm_cmagic=3Dd3b1fb&dtm_fid=3D101&dtm_format=3D=
5&cli_pro
mo_id=3D1&dtmc_ver=3D3&dtm_cid=3D2366&dtmc_u2=3D/category&dtmc_u3=3D26047=
&dtmc_u4=3Dnull
&dtmc_u5=3Dnull&dtmc_u9=3Dgp%253Abrowse%253Ababy%253AToddler%2520Girl%252=
0%25281
-5%2520yrs%2529%253ASale%253ASweaters&dtmc_u10=3Dhttp%253A//blah.com/brow=
se/ca
tegory.do%253Fcid%253D26047&dtmc_transaction_id=3D1%3F&dtmc_type=3D090&dt=
mc_cat=3D
037&dtmc_ref=3Dhttp%3A//blah.com/browse/category.do%3Fcid%3D26047&dtmc_ur=
l=3Dhtt
p%3A//fls.doubleclick.net/activityi%3Bsrc%3D2840522%3Btype%3D090%3Bcat%3D=
037
%3Bqty%3D1%3Btran%3Dnull%3Bu%3DUSD%3Bu2%3D/category%3Bu3%3D26047%3Bu4%3Dn=
ull
%3Bu5%3Dnull%3Bu9%3Dgp%253Abrowse%253A%253AToddler%2520Girl%2520%25281-5%=
252
0yrs%2529%253ASale%253ASweaters%3Bu10%3Dhttp%253A//blah.com/browse/catego=
ry.
do%253Fcid%253D26047%3Bord%3D1%3F&


From: Sergio Junqueira =20
Sent: Sunday, September 12, 2010 8:35 PM
To: dev@httpd.apache.org
Subject: Re: Apache logging

>Do you need the first entry to determine which request may have caused
httpd to crash or is there a different reason?

Mod_log_forensics writes the log record as soon as it is=A0received.
Mod_log_config writes the log record after the response is =
available.=A0I
don=B4t want to miss information about any request. Its important to =
identify
all=A0incoming=A0requests, no matter if they fail or=A0succeed.

I would like to trace them=A0having a small log record from =
the=A0incoming
requests.=A0Useful=A0to=A0determine which request may have caused httpd =
to crash,
as you mentioned, and to have 100% guarantee that =
all=A0incoming=A0requests were
logged before Apache started processing it.

Does mod_log_config always writes a log record for =
all=A0incoming=A0requests, no
matter where or when they failed in the processing chain? If this is the
case, mod_log_config=A0provides the %D format=A0to determine when
the=A0incoming=A0request was received and it seems the current =
mod_log_config
record would provide the information I need.

Thanks,
Sergio.

________________________________________
Cc: dev@httpd.apache.org
Sent: Sun, September 12, 2010 7:18:07 AM
Subject: Re: Apache logging

On Fri, 10 Sep 2010, Sergio Junqueira wrote:

> I have a suggestion for the developers of Apache related to =
mod_log_config
or
> mod_log_forensics:
>=20
> 1) To allow mod_log_config to write the log file with a first log =
entry
with
> basic information about the request before it's processed further =
(that
is,
> after receiving the headers). The second log entry (the current =
logging
format)
> would be written after the request processing. A "log ID", just like =
the
> "forensic ID", should be available on both entries.
>=20
> 2)- Or to allow mod_log_forensic to be configured not to write all =
headers
to
> disk. For instance, we should be able to configure it just like we do =
with
> LogFormat on mod_log_config. Or at least allow us to choose to write =
just
the
> 1st request line, without all the headers.

I think 2) would be a reasonable feature request for mod_log_forensic =
and
would be easy to implement. However, I am interested about your actual =
use
case. Do you need the first entry to determine which request may have =
caused
httpd to crash or is there a different reason?


If you are generally interested in better logging in httpd, you may want =
to
read and possibly comment about some new features in 2.3/2.4:

http://httpd.apache.org/docs/trunk/mod/core.html#errorlogformat
http://httpd.apache.org/docs/trunk/mod/core.html#loglevel

Cheers,
Stefan