Re: [RFC] http_log functions to log buffers

Jeff Trawick Tue, 06 Aug 2013 05:38:37 -0700

On Tue, Aug 6, 2013 at 1:39 AM, Michael Felt <mamf...@gmail.com> wrote:


> I have not studied logging in httpd. The only logs I have ever looked at
> are the error_logs and access_logs. These look like something different.
>
> For systems security I like to use syslog as a place to collect data. If
> apr already supports, please excuse my ignorance and ignore this. If not,
> please take my feedback to be: would be very nice to be able to (also)
> direct this to syslog mechanism.


For syslog support you can route all of the error log to syslog with
something like

ErrorLog syslog:user


>
> Michael
>
>
> On Mon, Aug 5, 2013 at 9:32 AM, Jeff Trawick <traw...@gmail.com> wrote:
>
>> Any thoughts on the API below?
>>
>> For mod_ssl as an example, at least a couple of additions would be needed
>> to replace ssl_io_data_dump():
>>
>> 1. a processing flag that converted the printable form to EBCDIC in an
>> EBCDIC environment
>> 2. the ap_log_csdata() variation
>>
>> This doesn't currently implement the optimization to check the configured
>> log level before calling the function.
>>
>> /**
>>  * Processing flags for ap_log_data() et al
>>  *
>>  * AP_LOG_DATA_DEFAULT - default formatting
>>  * AP_LOG_DATA_SHOW_OFFSET - prefix each line with hex offset from the
>> start
>>  * of the buffer
>>  */
>> #define AP_LOG_DATA_DEFAULT       0
>> #define AP_LOG_DATA_SHOW_OFFSET   1
>>
>> /**
>>  * ap_log_data() - log buffers which are not related to a particular
>> request
>>  * or connection.
>>  * @param file The file in which this function is called
>>  * @param line The line number on which this function is called
>>  * @param module_index The module_index of the module logging this buffer
>>  * @param level The log level
>>  * @param s The server on which we are logging
>>  * @param label A label for the buffer, to be logged preceding the buffer
>>  * @param data The buffer to be logged
>>  * @param len The length of the buffer
>>  * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>>  * @note Use APLOG_MARK to fill out file, line, and module_index
>>  * @note If a request_rec is available, use that with ap_log_rerror()
>>  * in preference to calling this function.  Otherwise, if a conn_rec is
>>  * available, use that with ap_log_cerror() in preference to calling
>>  * this function.
>>  */
>> AP_DECLARE(void) ap_log_data(const char *file, int line, int module_index,
>>                              int level, const server_rec *s, const char
>> *label,
>>                              const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> /**
>>  * ap_log_rdata() - log buffers which are related to a particular request.
>>  * @param file The file in which this function is called
>>  * @param line The line number on which this function is called
>>  * @param module_index The module_index of the module logging this buffer
>>  * @param level The log level
>>  * @param r The request which we are logging for
>>  * @param label A label for the buffer, to be logged preceding the buffer
>>  * @param data The buffer to be logged
>>  * @param len The length of the buffer
>>  * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>>  * @note Use APLOG_MARK to fill out file, line, and module_index
>>  * @note If a request_rec is available, use that with ap_log_rerror()
>>  * in preference to calling this function.  Otherwise, if a conn_rec is
>>  * available, use that with ap_log_cerror() in preference to calling
>>  * this function.
>>  */
>> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int
>> module_index,
>>                               int level, const request_rec *r, const char
>> *label,
>>                               const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> /**
>>  * ap_log_cdata() - log buffers which are related to a particular
>> connection.
>>  * @param file The file in which this function is called
>>  * @param line The line number on which this function is called
>>  * @param module_index The module_index of the module logging this buffer
>>  * @param level The log level
>>  * @param c The connection which we are logging for
>>  * @param label A label for the buffer, to be logged preceding the buffer
>>  * @param data The buffer to be logged
>>  * @param len The length of the buffer
>>  * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>>  * @note Use APLOG_MARK to fill out file, line, and module_index
>>  * @note If a request_rec is available, use that with ap_log_rerror()
>>  * in preference to calling this function.  Otherwise, if a conn_rec is
>>  * available, use that with ap_log_cerror() in preference to calling
>>  * this function.
>>  */
>> AP_DECLARE(void) ap_log_cdata(const char *file, int line, int
>> module_index,
>>                               int level, const conn_rec *c, const char
>> *label,
>>                               const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> Sample output with AP_LOG_DATA_SHOW_OFFSET and non-default ErrorLogFormat:
>>
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (8 bytes)
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ........
>> 0104000103a80000
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (936 bytes)
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ..UNIQUE_IDUf76O
>> 0918554e495155455f4944556637364f
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000010: 38AAQEAAEG9BA4AA
>> 33384141514541414547394241344141
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000020: AAB..HTTP_HOST12
>> 414142090f485454505f484f53543132
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000030: 7.0.0.1:10101..H
>> 372e302e302e313a31303130310f0548
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000040: TTP_CONNECTIONcl
>> 5454505f434f4e4e454354494f4e636c
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000050: ose.....PATH/hom
>> 6f736504800000cf504154482f686f6d
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000060: e/trawick/bin:/h
>> 652f7472617769636b2f62696e3a2f68
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000070: ome/trawick/myhg
>> 6f6d652f7472617769636b2f6d796867
>>
>> Right now the implementation has a lot of duplication because it sits in
>> a module (no access to private log.c functions).  Each variation looks like
>> this, but presumably log_error_core() would help reduce the code.
>>
>> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int
>> module_index,
>>                               int level, const request_rec *r, const char
>> *label,
>>                               const char *data, apr_size_t len, unsigned
>> int flags)
>> {
>>     unsigned char buf[LOG_BYTES_BUFFER_SIZE];
>>     apr_size_t off;
>>     char prefix[20];
>>
>>     if (!APLOG_R_MODULE_IS_LEVEL(r, module_index, level)) {
>>         return;
>>     }
>>
>>     if (!(flags & AP_LOG_DATA_SHOW_OFFSET)) {
>>         prefix[0] = '\0';
>>     }
>>
>>     if (label) {
>>         ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
>>                        "%s (%" APR_SIZE_T_FMT " bytes)",
>>                        label, len);
>>     }
>>
>>     off = 0;
>>     while (off < len) {
>>         if (flags & AP_LOG_DATA_SHOW_OFFSET) {
>>             apr_snprintf(prefix, sizeof prefix, "%08x: ", (unsigned
>> int)off);
>>         }
>>         fmt_data(buf, data, len, &off);
>>         ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
>>                        "%s%s", prefix, buf);
>>     }
>> }
>>
>> --
>> Born in Roswell... married an alien...
>> http://emptyhammock.com/
>>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: [RFC] http_log functions to log buffers

Reply via email to