Jeff Trawick wrote:+1 (concept)
Ben Laurie wrote:
One of the problems that crops up depressingly often is that someone gets owned, and they can't find out why. This is generally because the offending request didn't get logged, because the server died before it logged it.
far more often than getting owned are the run-of-the-mill crashes, where this would save a bit of time too
Sure thing.
I propose that we should include this as a standard module.
+1 (concept)
Excellent, do I hear more?
I think we should also enable it by default.
then simply building new Apache with previous configure invocation will result in this fresh piece of code inside the server writing logs... this doesn't sound very safe to me ;)
OK, I live in hope :-)
I think you should have to specify a log file name for it to do anything
Agreed.
and:
2.1: fine with me if module is built/loaded by default
1.3, 2.0: I suggest enabling with --enable-modules={most|all} but not by default
If it does nothing unless a file is specified, why not enable by default?
Like Jeff, I am more interested in this for debugging process crashes that are not necessarily related to attacks. Might be useful to enable this function by default in a mode where it records information in an in-process buffer that can easily be sniffed out of a core file (tag the buffer with an eye catcher).
Bill
