LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-30-2011, 07:25 AM   #1
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Rep: Reputation: 37
Apache Access LogFormat related question


Hi Friends,

I have a requirement related to the apache access log file format:

When a user access my local site, http authentication will be displayed:

Code:
  username: saagar
  password: 123
I wish to have the LogFormat in the configuration file in such a way that the username and password (saagar/123 in this case) will be logged in the /var/log/apache2/mysite_access_log file. I used the %u parameter as follows:
Code:
 LogFormat "%h %u \"%r\" %>s %b" common
CustomLog /var/log/apache2/mydreamhome_access.log common
and it works, similarly I wish the password too to be displayed in the access_log file.

Please help
Thanks

Last edited by saagar; 07-06-2011 at 12:09 AM.
 
Old 06-30-2011, 12:22 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,641

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
Hi,

Why do you want to log the password? Do you understand the security risks by having the username/password in your logs?

Regards
 
Old 06-30-2011, 06:10 PM   #3
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Hi bathory,

Our testing team wants this for their Apache Jmeter tool, so that they use these Apache log files to test performance of the application.

Thanks
 
Old 07-01-2011, 12:09 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,641

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
Hi,

Why don't you use the combined Logformat, so apache logs more things like referer and browser user-agent
Anyway, you can log the "Authorization" header. In this case you'll get a "Basic usernameassword" in the logs, where Basic is the authentication method and the u/p pair is encoded in base64

Regards
 
Old 07-04-2011, 02:11 AM   #5
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Bathory,

Sorry for the late reply. I could not understand what you meant by logging the "Authorization" header. Can you please a little bit more clear.

Thanks a lot.

Last edited by saagar; 07-06-2011 at 12:09 AM.
 
Old 07-04-2011, 03:46 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,641

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
Hi,

There is an "Authorization" header containing credentials, returned when a user authenticates himself using apache authentication.
So, from apache documentation about LogFormat:
Quote:
%{Foobar}i The contents of Foobar: header line(s) in the request sent to the server. Changes made by other modules (e.g. mod_headers) affect this.
Regards
 
Old 07-05-2011, 08:10 AM   #7
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Hi bathory,

I used the following way as you guided plus the cookie-related entry (as suggested by a different site) but I get a "-" correspoding to it.

Code:
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Cookie}i\" \"%{Referer}i\" \"%{User-Agent}i\"" combined
       CustomLog /var/log/apache2/mydreamhome_access.log combined

Following is the corresponding access log:

Code:
192.168.1.30 - saagar [05/Jul/2011:18:26:36 +0530] "GET / HTTP/1.1" 200 127 "-" "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17"
Thanks a lot.
 
Old 07-05-2011, 08:50 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,641

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
Hi,
Quote:
I used the following way as you guided plus the cookie-related entry (as suggested by a different site) but I get a "-" correspoding to it.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Cookie}i\" \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog /var/log/apache2/mydreamhome_access.log combined
I cannot see where the Authorization header is. You need to add "%{Authorization}i\" in the LogFormat above
 
1 members found this post helpful.
Old 07-06-2011, 12:07 AM   #9
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Hi bathory,

That was awesome. My mistake i didnt understand what you mentioned. thanks a lot, it works.
 
Old 07-06-2011, 03:15 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,641

Rep: Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539Reputation: 1539
Hi,

Glad to see it worked, but once again I want to warn you. Base64 encoded stuff can be very easily decoded. It's not hashed like a usual password, that is hard to crack.
So having a username/password in the logfile could be a potential risk for your server.

Regards
 
Old 07-07-2011, 01:52 PM   #11
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Bathory,

Thanks for your concern, but thats okay, since I am not going to use that in the live environment, just for testing purpose.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Apache access question Ippy98 Linux - Software 2 11-14-2009 09:45 PM
Calamaris would not generate reports if I change logformat. linuxlover.chaitanya Linux - Software 4 02-09-2009 07:00 AM
apache access question cylarz Linux - Security 4 04-25-2006 11:03 AM
apache access log question verbal Linux - Software 3 07-28-2004 11:15 PM
A newbie looking for more apache-related help emeraldforce Linux - Software 2 07-11-2002 08:59 AM


All times are GMT -5. The time now is 01:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration