Re: Logging Base64 decoded info in access_log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users <users@xxxxxxxxxxxxxxxx>
Subject: Re: Logging Base64 decoded info in access_log
From: Igor Cicimov <icicimov@xxxxxxxxx>
Date: Sun, 28 Jul 2013 08:20:24 +1000
In-reply-to: <51F404E5.8050404@kippdata.de>
Reply-to: users@xxxxxxxxxxxxxxxx

On 28/07/2013 3:36 AM, "Rainer Jung" <rainer.jung@xxxxxxxxxxx> wrote:
>
> On 27.07.2013 10:29, Pete Houston wrote:
> > On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote:
> >> Thanks Pete, yes, post processing the log file nightly is the option I was
> >> considering. I am doing it currently on a per request basis. But I was
> >> hoping to avoid it if I could do it in real time by calling on B64 decode
> >> on the cookie.
> >
> > I do not see the advantage in doing it in real time over
> > post-processing. The docs are pretty clear on this too.
> >
> > http://httpd.apache.org/docs/2.4/logs.html#piped says
> >
> > As with conditional logging, piped logs are a very powerful tool,
> > but they should not be used where a simpler solution like off-line
> > post-processing is available.
> >
> > which is good advice.
> >
> >> Piped logs is an option I did not consider even though I am currently using
> >> it for logs rotation. Can you suggest how I can achieve what you are
> >> proposing w/o loosing out on the log rotation functionality.
> >>
> >> I have the following in my httpd config:
> >>
> >> -------
> >> CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400"
> >> combined env=!dontlog
> >>
> >> #where dontlog are a couple of load balancers IP address I want to keep out
> >> of the access logs.
> >>
> >> -----------
> >
> > If you go against the advice in the documentation and decide to do it
> > with piped logs just use something like
> >
> > CustomLog "|/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400" combined env=!dontlog
> >
> > And remember the docs also say:
> >
> > Piped log processes are spawned by the parent Apache httpd process,
> > and inherit the userid of that process. This means that piped log
> > programs usually run as root. It is therefore very important to keep
> > the programs simple and secure.
>
> ... and handle the signals issued during Apache (graceful) restart to
> all children including such piped filters.
>
> Regards,
>
> Rainer
>
Or you can use
CustomLog "||/path/to/filterprog ...
so apache doesnt spawn new shell
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

References:
- Plumbing svn over https and mod_proxy_html
  - From: Philip Prindeville
- Re: Plumbing svn over https and mod_proxy_html
  - From: Glob Design Info
- Logging Base64 decoded info in access_log
  - From: Jignesh Badani
- Re: Logging Base64 decoded info in access_log
  - From: Pete Houston
- Re: Logging Base64 decoded info in access_log
  - From: Jignesh Badani
- Re: Logging Base64 decoded info in access_log
  - From: Pete Houston
- Re: Logging Base64 decoded info in access_log
  - From: Rainer Jung

Prev by Date: Re: Logging Base64 decoded info in access_log
Next by Date: Re: Re: apache service interruption
Previous by thread: Re: Logging Base64 decoded info in access_log
Next by thread: Re: Plumbing svn over https and mod_proxy_html
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]