Re: [mod-security-users] Logging in Apache's mod_log_config
Brought to you by:
victorhora,
zimmerletw
From: Christian F. <chr...@ti...> - 2013-05-07 18:24:36
|
Hello Rainer, On Tue, May 07, 2013 at 06:23:20PM +0200, Rainer Jung wrote: > Your example uses a separate log file and the unique id to be able to > correlate. Maybe one could also note that it is alternatively possible > to add the data to the LogFormat used by the normal access log. Yes, I try to be inspirational with examples. Thought it was self-evident the standard LogFormat could be expanded. > Personally I prefer to add the data directly to the normal access log > and keep everything on one consolidated line but the operational > requirements and personal preferences vary. I do one line per request as well. But lately, I started to make good experiences with preconfiguring custom logfiles, that can be activated when needed. That way the standard access log is the same across all services all the time. The special logs get activated during debugging sessions. Here is the performance logformat, which I developed today for a tutorial: LogFormat "%t %{UNIQUE_ID}e %D PerfModSecInbound: %{TX.perf_modsecinbound}M PerfAppl: %{TX.perf_application}M PerfModSecOutbound: %{TX.perf_modsecoutbound}M TS-Phase1: %{TX.ModSecTimestamp1start}M-%{TX.ModSecTimestamp1end}M TS-Phase2: %{TX.ModSecTimestamp2start}M-%{TX.ModSecTimestamp2end}M TS-Phase3: %{TX.ModSecTimestamp3start}M-%{TX.ModSecTimestamp3end}M TS-Phase4: %{TX.ModSecTimestamp4start}M-%{TX.ModSecTimestamp4end}M TS-Phase5: %{TX.ModSecTimestamp5start}M-%{TX.ModSecTimestamp5end}M Perf-Phase1: %{PERF_PHASE1}M Perf-Phase2: %{PERF_PHASE2}M Perf-Phase3: %{PERF_PHASE3}M Perf-Phase4: %{PERF_PHASE4}M Perf-Phase5: %{PERF_PHASE5}M Perf-RulesCombined: broken-in-code Perf-ReadingStorage: %{PERF_SREAD}M Perf-WritingStorage: %{PERF_SWRITE}M Perf-GarbageCollection: %{PERF_GC}M Perf-ModSecLogging: %{PERF_LOGGING}M Perf-ModSecCombined: %{PERF_COMBINED}M" perflog CustomLog logs/modsec-perf.log perflog env=write_perflog Most of these are ModSec variables. The rest is calculated / measured during the various phases. Regs, Christian -- History repeats itself, first as tragedy, second as XML. --- Comment found on slashdot |