Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: pass (athena.apache.org: domain of dennisml@conversis.de
 designates 213.203.219.181 as permitted sender)
Message-ID: <5113AA8A.3090008@conversis.de>
Date: Thu, 07 Feb 2013 14:22:18 +0100
From: Dennis Jacobfeuerborn <dennisml@conversis.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: no http-404 errors in ErrorLog
References: <51138F69.3040708@thelounge.net> <5113A082.8050907@conversis.de>
 <5113A1B4.80400@thelounge.net>
In-Reply-To: <5113A1B4.80400@thelounge.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

On 02/07/2013 01:44 PM, Reindl Harald wrote:
> 
> 
> Am 07.02.2013 13:39, schrieb Dennis Jacobfeuerborn:
>> On 02/07/2013 12:26 PM, Reindl Harald wrote:
>>> ErrorLog "/var/log/apache_error.log"
>>> LogLevel info
>>>
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=35768
>>>
>>> what is here "fixed in 2.4.1"?
>>> httpd-2.4.3 does not log 404 errors in ErrorLog
>>>
>>> imagine admins like me with some hundret vhosts and all
>>> of the systems and templates are developed inside the
>>> own company - fine with httpd-2.4 you have to grab in
>>> each access-log to see typos - that is impossible
>>>
>>> the "opening for a denial of service attack on the disk
>>> space of the server" is simply borked because the same
>>> would affect CustomLog and if you do not want 404 in
>>> the ErrorLog use a higher LogLevel
>>>
>>> additionally if your server allows a DOS to the disk
>>> space from single client-IPs you should consider
>>> learning to use rate-controls in front of the httpd
>>>
>>
>> A 404 is an "error" related to the content of the site and shouldn't really
>> be logged in the error log at all no matter the log-level. The error log
>> should only contain messages relating to httpd and its health.
>>
>> Content related error are already logged in the access logs
> 
> and that is a break compared with 2.2

That's why the release is called 2.4 and not 2.2.x.

> [root@arrakis:~]$ locate access_log | wc -l
> 268
> 
> you really believe it is possible to watch 268 logfiles without
> spend a lot of work in scripts and reportings not interesting
> you permanently?
> 
> with the old behavior it was easy to grep thrugh 404 errors
> of any vhost and find broken images in CSS files and so on

Why can't you grep/awk through the access log files the same way you
grep/awk through the error logs? Just because there's more than one log file?

> in my opinion of someone breaks the logging-behavior he should
> implement a "Error404Log" at the same time or leave it as it
> was for decades
> 

Just because the new behavior isn't to your liking doesn't mean its
"broken". I for one welcome this change greatly. The "Error404Log" idea
isn't all that bad but a bit limited. If such a thing were implemented I
would rather like to see something like a "ContentErrorLog" that also
contains denied access and other errors that prevent content from being
delivered.

Regards,
  Dennis