Re: Apache 2.4.6 - ErrorLog (Apache Users)

Re: Apache 2.4.6 - ErrorLog

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx, William A Rowe Jr <wrowe@xxxxxxxxxxxxx>

Subject: Re: Apache 2.4.6 - ErrorLog

From: Jim Albert <jim@xxxxxxxxxxxxx>

Date: Fri, 13 Sep 2019 17:34:50 -0400

In-reply-to: <CACsi250ya8zx4jPPwLaPDZUsU9=GzYE0uKQzVZ3+P41nEAokBg@mail.gmail.com>

Organization: Netrition - The Internet's Premier Nutrition Superstore!

Reply-to: users@xxxxxxxxxxxxxxxx

User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 9/13/2019 5:07 PM, William A Rowe Jr wrote:

On Fri, Sep 13, 2019 at 3:46 PM Jim Albert <jim@xxxxxxxxxxxxx> wrote:

In use of CentOS7 servers and the included apache, I'm moving to
Apache/2.4.6

It appears something related to ErrorLog has changed.
I'm using what I have always used:
ErrorLog "logs/error_log"

and I do see messages going to logs/error_log such as start/stop and
certain types of errors such as access denied, but something simple like
a file not found error is not getting logged outside of certain scripts
not being found associated with SriptAlias definitions.

But just a request to MailScanner has detected a possible fraud attempt from "'my_web_server'" claiming to be https://'my_web_server'/no_such_file.html does not
get logged as not found as it used to in earlier apache. Nothing related
to this file not being found gets printed to logs/error_log.

I've checked docs on ErrorLog along with httpd.conf and .htaccess files,
but nothing is jumping out at me as relevant to this behavior.

Note LogLevel setting:
LogLevel warn

Right, if the file isn't found the client asked for a non-existent resource.

Nothing to be "warned" of.

Try LogLevel info (or event debug) if you want to see higher resolution

details about errors caused by the client, as opposed to errors in your

configuration that the operator needs to act on.

Thanks!

I had tried that, but had overlooked that I have a LogLevel setting in ssl.conf as well which was overriding the http.conf LogLevel setting.

Apparently, Apache folks change what they consider a warning over time.

What I want to be informed about as in a missing image file used to be considered a warning, but now it is not.

In order to be notified of missing files (File not found) messages, I have to set LogLevel to at minimum info. Unfortunately, that's way too verbose, making the logs mostly useless in terms of a human reviewing them casually. Would need some parsing. I prefer a less verbose log with helpful statements I can periodically review myself.

Aside... I don't agree with Apache's decision on what is considered a warning.

But again... thanks for pushing me to look further at LogLevel.

Jim