Hi there, Mod_log_forensic is saving my day while debugging a crashing apache. But matching the right request with the crash and its corefile is difficult.
Ideally the log would show me only the active requests at the moment the server died. But in my case things are a bit more difficult. The delta between incoming requests and those finished is bigger. So I matched the entries of the finished requests with the access log entries to get a more or less accurate timestamp for all those requests that never finished, so I could match them with the crash. But that is very complicated of course. So, is there anything speaking against a timestamp for the forensic log? The format right now looks as follows +yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif HTTP/1.1|Host:localhost%3a8080| etc. A format with a microtimestamp could look as follows: +956166333.123456|yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/ ... or +yQtJf8CoAB4AAFNXBIEAAAAA|956166333.123456|GET /manual/de/ ... or +yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/ ... |956166333.123456| Best regards, Christian Folini -- Christian Folini - <christian.fol...@netnea.com>