httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Logging Base64 decoded info in access_log
Date Sat, 27 Jul 2013 22:20:24 GMT
On 28/07/2013 3:36 AM, "Rainer Jung" <rainer.jung@kippdata.de> wrote:
>
> On 27.07.2013 10:29, Pete Houston wrote:
> > On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
> >> Thanks Pete, yes, post processing the log file nightly is the option I
was
> >> considering. I am doing it currently on a per request basis. But I was
> >> hoping to avoid it if I could do it in real time by calling on B64
decode
> >> on the cookie.
> >
> > I do not see the advantage in doing it in real time over
> > post-processing. The docs are pretty clear on this too.
> >
> > http://httpd.apache.org/docs/2.4/logs.html#piped says
> >
> >       As with conditional logging, piped logs are a very powerful tool,
> >       but they should not be used where a simpler solution like off-line
> >       post-processing is available.
> >
> > which is good advice.
> >
> >> Piped logs is an option I did not consider even though I am currently
using
> >> it for logs rotation. Can you suggest how I can achieve what you are
> >> proposing w/o loosing out on the log rotation functionality.
> >>
> >> I have the following in my httpd config:
> >>
> >> -------
> >> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log
86400"
> >> combined env=!dontlog
> >>
> >> #where dontlog are a couple of load balancers IP address I want to
keep out
> >> of the access logs.
> >>
> >> -----------
> >
> > If you go against the advice in the documentation and decide to do it
> > with piped logs just use something like
> >
> >       CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs
/opt/apache/logs/access_log 86400" combined env=!dontlog
> >
> > And remember the docs also say:
> >
> >       Piped log processes are spawned by the parent Apache httpd
process,
> >       and inherit the userid of that process. This means that piped log
> >       programs usually run as root. It is therefore very important to
keep
> >       the programs simple and secure.
>
> ... and handle the signals issued during Apache (graceful) restart to
> all children including such piped filters.
>
> Regards,
>
> Rainer
>
Or you can use
CustomLog "||/path/to/filterprog ...
so apache doesnt spawn new shell
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Mime
View raw message