RE: Filter IP on logs

Josu Lazkano <josu.lazkano@xxxxxxxxxxxxxxxxxx> · Thu, 30 Jun 2011 13:36:06 +0200

-----Mensaje original-----
De: Tom Evans [mailto:tevans.uk@xxxxxxxxxxxxxx] 
Enviado el: miércoles, 29 de junio de 2011 11:29
Para: users@xxxxxxxxxxxxxxxx
Asunto: Re:  Filter IP on logs

On Wed, Jun 29, 2011 at 10:09 AM, Josu Lazkano
<josu.lazkano@xxxxxxxxxxxxxxxxxx> wrote:
> Hello list, this is my first mail on the list.
>
>
>
> I am configuring Apache server with some vhost, I configured the logs on
> each vhost this way:
>
>
>
> ErrorLog /var/www/domain1/log/error.log
>
> LogLevel warn
>
> CustomLog /var/www/domain1/log/access.log combined
>
>
>
> I am monitoring all vhost with Monit and Mom and I have lots of lines on the
> access.log:
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Mon_IP"
>
> Mon_IP - - [29/Jun/2011:10:54:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:56:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:58:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:00:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:02:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:04:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> …
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Monit_IP"
>
> Monit_IP - - [29/Jun/2011:11:01:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> …
>
>
>
> How can I delete both IPs from my logs?
>
>
>
> Is it possible to do this?
>
>
>
> Thanks for all your help and best regards.

CustomLog takes an optional third argument, which controls whether a
request is logged or not from an environment variable. mod_rewrite can
set an environment variable on a per request basis. See the example in
the docs of CustomLog:

http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#customlog

Cheers

Tom

Thanks for your help Tom, I configure this way:

        ErrorLog /var/www/domain1/log/error.log
        LogLevel warn
        SetEnvIf Remote_Addr "x\.x\.x\.x" dontlog
        SetEnvIf Remote_Addr "y\.y\.y\.y" dontlog
        CustomLog /var/www/domain1/log/access.log common env=!dontlog

Now I have a "clean" log, thank you very much.

Best regards.