perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Förtsch <torsten.foert...@gmx.net>
Subject Re: Filter out error log by IP address?
Date Thu, 28 Jan 2010 09:54:22 GMT
On Thursday 28 January 2010 07:52:05 Michael A. Capone wrote:
> We currently use a 3rd party security company to do a nessus-type 
> security audit on our site for PCI compliance.  Their scans naturally 
> generate a lot of noise in the error log, to the point that legitimate 
> site errors are lost in the forest.  What I'm hoping to find / create is 
> some kind of mechanism that can pre-empt writing to the error log and 
> either 1) ideally, don't log if the client IP is xxx.xxx.xxx.xxx, or 2) 
> always log the client IP address with each error, which will enable us 
> to filter those out manually after the fact.  Either solution is
>  acceptable.
> 
> Apache provides a trivial solution for the access_log, in the form of:
> 
>     SetEnvIf Remote_Addr xxx.xxx.xxx.* nolog
> 
> ... however, that solution does not extend to the error log.  I'm hoping 
> there's a mod_perl "hook" that can allow me to change apache's error 
> logging behaviour to what I need it to be.
> 
There is an error_log hook in apache:

error_log
  declared in ./include/http_log.h
  implemented in ./server/log.c   
  type is VOID                    
  void error_log(const char *file, int line, int level, apr_status_t status, 
const server_rec *s, const request_rec *r, apr_pool_t *pool, const char 
*errstr)

It is run at the end of log_error_core(). That means the error is already 
logged.

But perhaps you can set ErrorLog to /dev/null and implement your own logging 
using that hook.

That is where I would start.

Torsten

Mime
View raw message