On Tue, Aug 6, 2013 at 1:39 AM, Michael Felt <mamf...@gmail.com> wrote:
> I have not studied logging in httpd. The only logs I have ever looked at > are the error_logs and access_logs. These look like something different. > > For systems security I like to use syslog as a place to collect data. If > apr already supports, please excuse my ignorance and ignore this. If not, > please take my feedback to be: would be very nice to be able to (also) > direct this to syslog mechanism. For syslog support you can route all of the error log to syslog with something like ErrorLog syslog:user > > Michael > > > On Mon, Aug 5, 2013 at 9:32 AM, Jeff Trawick <traw...@gmail.com> wrote: > >> Any thoughts on the API below? >> >> For mod_ssl as an example, at least a couple of additions would be needed >> to replace ssl_io_data_dump(): >> >> 1. a processing flag that converted the printable form to EBCDIC in an >> EBCDIC environment >> 2. the ap_log_csdata() variation >> >> This doesn't currently implement the optimization to check the configured >> log level before calling the function. >> >> /** >> * Processing flags for ap_log_data() et al >> * >> * AP_LOG_DATA_DEFAULT - default formatting >> * AP_LOG_DATA_SHOW_OFFSET - prefix each line with hex offset from the >> start >> * of the buffer >> */ >> #define AP_LOG_DATA_DEFAULT 0 >> #define AP_LOG_DATA_SHOW_OFFSET 1 >> >> /** >> * ap_log_data() - log buffers which are not related to a particular >> request >> * or connection. >> * @param file The file in which this function is called >> * @param line The line number on which this function is called >> * @param module_index The module_index of the module logging this buffer >> * @param level The log level >> * @param s The server on which we are logging >> * @param label A label for the buffer, to be logged preceding the buffer >> * @param data The buffer to be logged >> * @param len The length of the buffer >> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET >> * @note Use APLOG_MARK to fill out file, line, and module_index >> * @note If a request_rec is available, use that with ap_log_rerror() >> * in preference to calling this function. Otherwise, if a conn_rec is >> * available, use that with ap_log_cerror() in preference to calling >> * this function. >> */ >> AP_DECLARE(void) ap_log_data(const char *file, int line, int module_index, >> int level, const server_rec *s, const char >> *label, >> const char *data, apr_size_t len, unsigned >> int flags); >> >> /** >> * ap_log_rdata() - log buffers which are related to a particular request. >> * @param file The file in which this function is called >> * @param line The line number on which this function is called >> * @param module_index The module_index of the module logging this buffer >> * @param level The log level >> * @param r The request which we are logging for >> * @param label A label for the buffer, to be logged preceding the buffer >> * @param data The buffer to be logged >> * @param len The length of the buffer >> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET >> * @note Use APLOG_MARK to fill out file, line, and module_index >> * @note If a request_rec is available, use that with ap_log_rerror() >> * in preference to calling this function. Otherwise, if a conn_rec is >> * available, use that with ap_log_cerror() in preference to calling >> * this function. >> */ >> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int >> module_index, >> int level, const request_rec *r, const char >> *label, >> const char *data, apr_size_t len, unsigned >> int flags); >> >> /** >> * ap_log_cdata() - log buffers which are related to a particular >> connection. >> * @param file The file in which this function is called >> * @param line The line number on which this function is called >> * @param module_index The module_index of the module logging this buffer >> * @param level The log level >> * @param c The connection which we are logging for >> * @param label A label for the buffer, to be logged preceding the buffer >> * @param data The buffer to be logged >> * @param len The length of the buffer >> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET >> * @note Use APLOG_MARK to fill out file, line, and module_index >> * @note If a request_rec is available, use that with ap_log_rerror() >> * in preference to calling this function. Otherwise, if a conn_rec is >> * available, use that with ap_log_cerror() in preference to calling >> * this function. >> */ >> AP_DECLARE(void) ap_log_cdata(const char *file, int line, int >> module_index, >> int level, const conn_rec *c, const char >> *label, >> const char *data, apr_size_t len, unsigned >> int flags); >> >> Sample output with AP_LOG_DATA_SHOW_OFFSET and non-default ErrorLogFormat: >> >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (8 bytes) >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ........ >> 0104000103a80000 >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (936 bytes) >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ..UNIQUE_IDUf76O >> 0918554e495155455f4944556637364f >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000010: 38AAQEAAEG9BA4AA >> 33384141514541414547394241344141 >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000020: AAB..HTTP_HOST12 >> 414142090f485454505f484f53543132 >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000030: 7.0.0.1:10101..H >> 372e302e302e313a31303130310f0548 >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000040: TTP_CONNECTIONcl >> 5454505f434f4e4e454354494f4e636c >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000050: ose.....PATH/hom >> 6f736504800000cf504154482f686f6d >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000060: e/trawick/bin:/h >> 652f7472617769636b2f62696e3a2f68 >> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000070: ome/trawick/myhg >> 6f6d652f7472617769636b2f6d796867 >> >> Right now the implementation has a lot of duplication because it sits in >> a module (no access to private log.c functions). Each variation looks like >> this, but presumably log_error_core() would help reduce the code. >> >> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int >> module_index, >> int level, const request_rec *r, const char >> *label, >> const char *data, apr_size_t len, unsigned >> int flags) >> { >> unsigned char buf[LOG_BYTES_BUFFER_SIZE]; >> apr_size_t off; >> char prefix[20]; >> >> if (!APLOG_R_MODULE_IS_LEVEL(r, module_index, level)) { >> return; >> } >> >> if (!(flags & AP_LOG_DATA_SHOW_OFFSET)) { >> prefix[0] = '\0'; >> } >> >> if (label) { >> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r, >> "%s (%" APR_SIZE_T_FMT " bytes)", >> label, len); >> } >> >> off = 0; >> while (off < len) { >> if (flags & AP_LOG_DATA_SHOW_OFFSET) { >> apr_snprintf(prefix, sizeof prefix, "%08x: ", (unsigned >> int)off); >> } >> fmt_data(buf, data, len, &off); >> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r, >> "%s%s", prefix, buf); >> } >> } >> >> -- >> Born in Roswell... married an alien... >> http://emptyhammock.com/ >> > > -- Born in Roswell... married an alien... http://emptyhammock.com/