|
From: Tomas H. S. <thi...@te...> - 2005-10-19 07:48:09
|
Hello,
Many thanks for you help, Ivan
I try the new configuration contributed in your answer but it has not =
worked. :-(
My system is:=20
Red Hat Advanced Server 3.0 Upgrade 5
Apache 2.0.54 (compiled)
This is the log:
[19/Oct/2005:09:33:52 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 =
- 194 1134 - - - - 17737
[19/Oct/2005:09:33:52 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 =
- 188 1128 - - - - 17585
[19/Oct/2005:09:33:52 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 =
- 192 1111 - - - - 18087
[19/Oct/2005:09:33:52 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 =
- 190 1130 - - - - 17420
[19/Oct/2005:09:33:53 +0200] "GET /cgi-bin/modsec-test.pl?wget%20wget =
HTTP/1.0" 200 - 149 1073 - - - - 18019
[19/Oct/2005:09:33:53 +0200] "POST /cgi-bin/modsec-test.pl HTTP/1.1" 200 =
- 450 1190 - - - - 19549
[19/Oct/2005:09:33:53 +0200] "POST /cgi-bin/modsec-test.pl HTTP/1.1" 200 =
- 449 1172 - - - - 18826
Tom=E1s Hidalgo Salvador
thi...@te...
Dpto. Sistemas Unix
Tlf.: 2333
DSF Almariya
-----Mensaje original-----
De: Ivan Ristic [mailto:iv...@we...]=20
Enviado el: martes, 18 de octubre de 2005 12:23
Para: Tomas Hidalgo Salvador
CC: mod...@li...
Asunto: [SPAM] - Re: [mod-security-users] apache 2.0, =
mod_security_v1.9RC and log performance - Email found in subject
Tomas Hidalgo Salvador wrote:
>
> LogFormat "%t \"%r\" %>s - %I %O - %{mod_security-time1}n=20
> %{mod_security-time2}n %{mod_security-time3}n %D" tiempo
> CustomLog /logs/timer_log tiempo
>=20
> ...
>=20
> In the file of log they do not appear the data of mod_security-time1,=20
> mod_security-time2 and mod_security-time3.
>=20
> Why it does not work? It lacks some configuration?
It appears that I made a change in RC1 that broke that functionality.
I'll see how I can fix it before the final 1.9. In the meantime you
can use this workaround (just tested it, works for me):
LogFormat "%t \"%r\" %>s - %I %O - %<{mod_security-time1}n \
%<{mod_security-time2}n %<{mod_security-time3}n %D" tiempo
Note the "<" character before the names of notes.
--=20
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
|
From: Tomas H. S. <thi...@te...> - 2005-10-20 07:22:25
|
Hello Ivan, =20 Log performance work fine!! =20 Ufff...I'sorry. I had forgotten to add the line "include = conf/mod_security.conf" in httpd.conf !!!! =20 Now, the log file is: =20 [20/Oct/2005:09:13:15 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 = - 194 1113 - 2155 10985 - 27282 [20/Oct/2005:09:13:15 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 = - 188 1128 - 2140 10965 - 27354 [20/Oct/2005:09:13:15 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 = - 192 1132 - 2221 11023 - 26966 [20/Oct/2005:09:13:16 +0200] "GET /cgi-bin/modsec-test.pl HTTP/1.0" 200 = - 190 1109 - 2156 11026 - 27418 [20/Oct/2005:09:15:48 +0200] "GET /docs/images/ref.gif HTTP/1.1" 304 - = 505 166 - 1067 9833 - 10882 [20/Oct/2005:09:15:50 +0200] "GET /docs/api_c/api_core.html HTTP/1.1" = 304 - 586 167 - 738 9381 - 9899 [20/Oct/2005:09:15:53 +0200] "GET /docs/api_c/db_join.html HTTP/1.1" 200 = - 499 6825 - 732 9357 - 10143 [20/Oct/2005:09:15:53 +0200] "GET /docs/images/api.gif HTTP/1.1" 304 - = 500 165 - 675 9088 - 9544 [20/Oct/2005:09:15:56 +0200] "GET /docs/api_c/dbm.html HTTP/1.1" 200 - = 493 9788 - 702 9216 - 9872 [20/Oct/2005:09:16:00 +0200] "GET /docs/api_c/txn_list.html HTTP/1.1" = 200 - 498 3289 - 722 9321 - 9963 =20 Many thanks for you help. =20 =20 Tom=E1s Hidalgo Salvador thi...@te... Dpto. Sistemas Unix Tlf.: 2333 DSF Almariya =20 -----Mensaje original----- De: Ivan Ristic [mailto:iv...@we...]=20 Enviado el: mi=E9rcoles, 19 de octubre de 2005 15:11 Para: Tomas Hidalgo Salvador CC: mod...@li... Asunto: Re: [mod-security-users] apache 2.0, mod_security_v1.9RC and log = performance =20 =20 Can you verify that mod_security is active in that part of the site? =20 In your previous email I noticed you have SecFilterEngine set to DynamicOnly, and that the log entries were all static resources. If ModSecurity does not process a request it won't be able to generate the timing information. Try setting SecFilterEngine to "On". =20 Also, turn on the debug logging (at least level 4) and see if you have messages like "Time #1: 1591 usec" for every request. =20 If all this fails we'll just have to debug it. Send a private message to me if it doesn't work still. =20 --=20 Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
|
From: Ivan R. <iv...@we...> - 2005-10-19 13:09:15
|
Tomas Hidalgo Salvador wrote: > Hello, > > Many thanks for you help, Ivan > > I try the new configuration contributed in your answer but it has not worked. :-( > > My system is: > Red Hat Advanced Server 3.0 Upgrade 5 > Apache 2.0.54 (compiled) Can you verify that mod_security is active in that part of the site? In your previous email I noticed you have SecFilterEngine set to DynamicOnly, and that the log entries were all static resources. If ModSecurity does not process a request it won't be able to generate the timing information. Try setting SecFilterEngine to "On". Also, turn on the debug logging (at least level 4) and see if you have messages like "Time #1: 1591 usec" for every request. If all this fails we'll just have to debug it. Send a private message to me if it doesn't work still. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
