httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Houston <>
Subject Re: [users@httpd] Logging Base64 decoded info in access_log
Date Sat, 27 Jul 2013 08:29:01 GMT
On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
> Thanks Pete, yes, post processing the log file nightly is the option I was
> considering. I am doing it currently on a per request basis. But I was
> hoping to avoid it if I could do it in real time by calling on B64 decode
> on the cookie.

I do not see the advantage in doing it in real time over
post-processing. The docs are pretty clear on this too. says

	As with conditional logging, piped logs are a very powerful tool,
	but they should not be used where a simpler solution like off-line
	post-processing is available.

which is good advice.

> Piped logs is an option I did not consider even though I am currently using
> it for logs rotation. Can you suggest how I can achieve what you are
> proposing w/o loosing out on the log rotation functionality.
> I have the following in my httpd config:
> -------
> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400"
> combined env=!dontlog
> #where dontlog are a couple of load balancers IP address I want to keep out
> of the access logs.
> -----------

If you go against the advice in the documentation and decide to do it
with piped logs just use something like 

	CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log
86400" combined env=!dontlog

And remember the docs also say:

	Piped log processes are spawned by the parent Apache httpd process,
	and inherit the userid of that process. This means that piped log
	programs usually run as root. It is therefore very important to keep
	the programs simple and secure.

Good luck,

Openstrike - improving business through open source or call 01722 770036 / 07092 020107

View raw message