Re: [mod-security-users] Logging in Apache's mod_log_config
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Logging in Apache's mod_log_config
|
From: Christian F. <chr...@ti...> - 2013-05-07 18:24:36
|
Hello Rainer,
On Tue, May 07, 2013 at 06:23:20PM +0200, Rainer Jung wrote:
> Your example uses a separate log file and the unique id to be able to
> correlate. Maybe one could also note that it is alternatively possible
> to add the data to the LogFormat used by the normal access log.
Yes, I try to be inspirational with examples. Thought it was
self-evident the standard LogFormat could be expanded.
> Personally I prefer to add the data directly to the normal access log
> and keep everything on one consolidated line but the operational
> requirements and personal preferences vary.
I do one line per request as well. But lately, I started to make
good experiences with preconfiguring custom logfiles, that can be
activated when needed.
That way the standard access log is the same across all services
all the time. The special logs get activated during debugging
sessions.
Here is the performance logformat, which I developed today for
a tutorial:
LogFormat "%t %{UNIQUE_ID}e %D PerfModSecInbound: %{TX.perf_modsecinbound}M PerfAppl: %{TX.perf_application}M PerfModSecOutbound: %{TX.perf_modsecoutbound}M TS-Phase1: %{TX.ModSecTimestamp1start}M-%{TX.ModSecTimestamp1end}M TS-Phase2: %{TX.ModSecTimestamp2start}M-%{TX.ModSecTimestamp2end}M TS-Phase3: %{TX.ModSecTimestamp3start}M-%{TX.ModSecTimestamp3end}M TS-Phase4: %{TX.ModSecTimestamp4start}M-%{TX.ModSecTimestamp4end}M TS-Phase5: %{TX.ModSecTimestamp5start}M-%{TX.ModSecTimestamp5end}M Perf-Phase1: %{PERF_PHASE1}M Perf-Phase2: %{PERF_PHASE2}M Perf-Phase3: %{PERF_PHASE3}M Perf-Phase4: %{PERF_PHASE4}M Perf-Phase5: %{PERF_PHASE5}M Perf-RulesCombined: broken-in-code Perf-ReadingStorage: %{PERF_SREAD}M Perf-WritingStorage: %{PERF_SWRITE}M Perf-GarbageCollection: %{PERF_GC}M Perf-ModSecLogging: %{PERF_LOGGING}M Perf-ModSecCombined: %{PERF_COMBINED}M" perflog
CustomLog logs/modsec-perf.log perflog env=write_perflog
Most of these are ModSec variables. The rest is calculated / measured
during the various phases.
Regs,
Christian
--
History repeats itself, first as tragedy, second as XML.
--- Comment found on slashdot
|