LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-05-2017, 06:28 AM   #1
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Rep: Reputation: Disabled
Apache Log


Hello,

Can you define two identical LogFormat and then use them in the same vhost in two different CustomLogs?
Thank you

Yack
 
Old 07-05-2017, 06:49 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
Would be simple enough to test it. Have you tested it? What was the result?

Maybe something like this if you haven't tried yet,..

Code:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log_1" common
CustomLog "logs/access_log_2" common
Related Docs: http://httpd.apache.org/docs/current...html#customlog

Last edited by szboardstretcher; 07-05-2017 at 06:52 AM.
 
Old 07-05-2017, 07:32 AM   #3
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
Certainly, I did some tests:

In httpd.conf:
...
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" test
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined

In virtual host config:
<VirtualHost *:80>

CustomLog /var/log/httpd/www.efaci.it.access_log combined
CustomLog "|/usr/bin/logger -t httpd -p local7.info" test




but it does not work

Only first CustomLog work (combined)

Logs are sent to the configured destination but do not come with the correct format.

If you change the configuration in this way:

<VirtualHost *:80>

CustomLog /var/log/httpd/www.efaci.it.access_log combined
CustomLog "|/usr/bin/logger -t httpd -p local7.info" combined


all work fine, but I need two different LogFormat

Thanks

Yack

Last edited by yackluminoso; 07-05-2017 at 08:36 AM. Reason: more info
 
Old 07-05-2017, 09:03 AM   #4
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
You are only showing one log format with two different aliases.

Code:
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
What are the two different LogFormats you are trying to use?
 
Old 07-05-2017, 09:20 AM   #5
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
The two logformat are identical, they change the name only, but have two different purposes.
The first sends the logs into one file the second one in a siem.
Their content may, in time, differ.
I would like to use them both in the vhost configuration.
Logs are sent to the file in correct format but the log send to siem not have the correct format (LogFormat 'test')
 
Old 07-05-2017, 09:22 AM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
What about specifying them without alias reference?

Code:
Virtualhost 80....

CustomLog "/var/log/httpd/www.efaci.it.access_log" "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
CustomLog "|/usr/bin/logger -t httpd -p local7.info" "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""

...

Last edited by szboardstretcher; 07-05-2017 at 09:24 AM.
 
Old 07-05-2017, 09:40 AM   #7
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
error!!!

CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" or "expr=" clause
 
Old 07-05-2017, 10:46 AM   #8
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
Lets start all over and break apart this format string that is giving the error:

Would it be better written like this with escapes?

Code:
"%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
YES! Httpd loads up correctly now. If I add my local IP to /etc/hosts as example.com --- and if I write out a silly /etc/httpd/conf.d/vhosts.conf file for testing like this:

Code:
<VirtualHost *:80>
    ServerName example.com
    ServerAlias example.com
    DocumentRoot /var/www/html
    ErrorLog /var/www/html/error.log
    CustomLog /var/www/html/requests.log1 test1
    CustomLog /var/www/html/requests.log2 test2
    CustomLog /var/www/html/requests.log3 test1
    CustomLog /var/www/html/requests.log4 test2
</VirtualHost>
And add the formats to the conf/httpd.conf file, along with the test 'MYTEST' so we know its coming from these lines, in the "IfModule log_config_module" section like so:
Code:
<IfModule log_config_module>
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" MYTEST1" test1
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" MYTEST2" test2
Restart and look at our files that were created and their format:
Code:
[root@linux01 httpd]# cat /var/www/html/requests.log*
- - - [05/Jul/2017:15:45:00 +0000] "GET / HTTP/1.1" 200 12 "-" "curl/7.29.0" MYTEST1
- - - [05/Jul/2017:15:45:00 +0000] "GET / HTTP/1.1" 200 12 "-" "curl/7.29.0" MYTEST2
- - - [05/Jul/2017:15:45:00 +0000] "GET / HTTP/1.1" 200 12 "-" "curl/7.29.0" MYTEST1
- - - [05/Jul/2017:15:45:00 +0000] "GET / HTTP/1.1" 200 12 "-" "curl/7.29.0" MYTEST2
You can see that the aliases did their magic. The logformat string has to be formatted correctly and it has to be in the right place in the configuration file.

Last edited by szboardstretcher; 07-05-2017 at 10:49 AM.
 
Old 07-05-2017, 11:01 AM   #9
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
Thank you, I will try this evening.

Yack
 
Old 07-06-2017, 02:48 AM   #10
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Original Poster
Rep: Reputation: Disabled
It works but why does not it give me the remote ip that makes the web request?

<190>httpd: - - - [06/Jul/2017:09:41:39 +0200] "GET /costruction.gif HTTP/1.1" 304 - "http://www.xxxx.it/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0" TEST

the option %{X-Forwarded-For}i not work!

Thanks

Yack
 
Old 07-06-2017, 10:58 AM   #11
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,786

Rep: Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276Reputation: 1276
Quote:
Originally Posted by yackluminoso View Post
It works but why does not it give me the remote ip that makes the web request?

<190>httpd: - - - [06/Jul/2017:09:41:39 +0200] "GET /costruction.gif HTTP/1.1" 304 - "http://www.xxxx.it/" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0" TEST

the option %{X-Forwarded-For}i not work!

Thanks

Yack
How is the variable X-Forwarded-For populated?

The format you've proposed doesn't include recording of the remote IP. Add %h to the format to see the remote IP.
My 'combined' format is defined as
Code:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"" combined
which yields
Code:
73.186.197.82 - - [06/Jul/2017:07:09:43 -0700] "GET / HTTP/1.1" 200 39638 "-"
the hyphens indicate that the requested data is not available, so in my case, the remote log name and the remote user are not there.

Maybe also review the documentation Take note of the section on Piped Logs. And this for details on log formatting

Last edited by scasey; 07-06-2017 at 11:14 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] [apache httpd] No log wrote to mod_jk.log thomas2004ch Linux - Server 1 09-04-2014 06:39 AM
Does apache need to own var/log/httpd/logfiles.log Karas Linux - Newbie 2 11-26-2009 12:25 PM
Strange log entries in apache log under debian... hacking tentative ? strelok Linux - Security 4 11-11-2009 06:55 AM
In Apache server, How to change log file location and log format for access log fil? since1993 Linux - Server 1 08-19-2009 04:14 PM
Strange results in /var/log/apache/access.log subt13 Linux - Security 2 08-03-2004 01:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration