nd 2004/02/21 15:36:42
Modified: htdocs/manual/mod directives.html.de directives.html.en
directives.html.fr directives.html.ja.jis
index-bytype.html.en index-bytype.html.fr
index-bytype.html.ja.jis index.html.en
index.html.fr index.html.ja.jis
Added: htdocs/manual/mod mod_log_forensic.html.en
mod_log_forensic.html.html
Log:
add documentation for mod_log_forensic (ported from 2.1)
Revision Changes Path
1.6 +1 -0 httpd-docs-1.3/htdocs/manual/mod/directives.html.de
Index: directives.html.de
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/directives.html.de,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -u -r1.5 -r1.6
--- directives.html.de 6 Jul 2003 18:27:35 -0000 1.5
+++ directives.html.de 21 Feb 2004 23:36:42 -0000 1.6
@@ -122,6 +122,7 @@
<LI><A HREF="core.html#files"><Files></A>
<LI><A HREF="core.html#filesmatch"><FilesMatch></A>
<LI><A HREF="mod_mime.html#forcetype">ForceType</A>
+<LI><A HREF="mod_log_forensic.html#forensiclog">ForensicLog</A>
<LI><A HREF="core.html#group">Group</A>
<LI><A HREF="mod_headers.html#header">Header</A>
<LI><A HREF="mod_autoindex.html#headername">HeaderName</A>
1.84 +2 -0 httpd-docs-1.3/htdocs/manual/mod/directives.html.en
Index: directives.html.en
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/directives.html.en,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -u -r1.83 -r1.84
--- directives.html.en 29 Jan 2004 17:01:53 -0000 1.83
+++ directives.html.en 21 Feb 2004 23:36:42 -0000 1.84
@@ -276,6 +276,8 @@
<li><a href="mod_mime.html#forcetype">ForceType</a></li>
+ <li><a href="mod_log_forensic.html#forensiclog">ForensicLog</a></li>
+
<li><a href="core.html#group">Group</a></li>
<li><a href="mod_headers.html#header">Header</a></li>
1.5 +2 -0 httpd-docs-1.3/htdocs/manual/mod/directives.html.fr
Index: directives.html.fr
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/directives.html.fr,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -u -r1.4 -r1.5
--- directives.html.fr 29 Apr 2003 08:55:27 -0000 1.4
+++ directives.html.fr 21 Feb 2004 23:36:42 -0000 1.5
@@ -260,6 +260,8 @@
<li><a href="mod_mime.html#forcetype">ForceType</a></li>
+ <li><a href="mod_log_forensic.html#forensiclog">ForensicLog</a></li>
+
<li><a href="core.html#group">Group</a></li>
<li><a href="mod_headers.html#header">Header</a></li>
1.8 +2 -0 httpd-docs-1.3/htdocs/manual/mod/directives.html.ja.jis
Index: directives.html.ja.jis
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/directives.html.ja.jis,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -u -r1.7 -r1.8
--- directives.html.ja.jis 21 Oct 2003 18:21:28 -0000 1.7
+++ directives.html.ja.jis 21 Feb 2004 23:36:42 -0000 1.8
@@ -272,6 +272,8 @@
<li><a href="mod_mime.html#forcetype">ForceType</a></li>
+ <li><a href="mod_log_forensic.html#forensiclog">ForensicLog</a></li>
+
<li><a href="core.html#group">Group</a></li>
<li><a href="mod_headers.html#header">Header</a></li>
1.13 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.en
Index: index-bytype.html.en
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.en,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -u -r1.12 -r1.13
--- index-bytype.html.en 8 Oct 2001 01:34:30 -0000 1.12
+++ index-bytype.html.en 21 Feb 2004 23:36:42 -0000 1.13
@@ -211,6 +211,10 @@
<dd>User-configurable logging replacement for
mod_log_common</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_agent.html">mod_log_agent</a></dt>
<dd>Logging of User Agents</dd>
1.3 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.fr
Index: index-bytype.html.fr
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.fr,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -u -r1.2 -r1.3
--- index-bytype.html.fr 8 Oct 2001 01:34:30 -0000 1.2
+++ index-bytype.html.fr 21 Feb 2004 23:36:42 -0000 1.3
@@ -232,6 +232,10 @@
<dd>Trace configurable des accès. Remplace
mod_log_common</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_agent.html">mod_log_agent</a></dt>
<dd>Trace des User Agents</dd>
1.3 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.ja.jis
Index: index-bytype.html.ja.jis
===================================================================
RCS file:
/home/cvs/httpd-docs-1.3/htdocs/manual/mod/index-bytype.html.ja.jis,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -u -r1.2 -r1.3
--- index-bytype.html.ja.jis 17 Jun 2003 08:55:14 -0000 1.2
+++ index-bytype.html.ja.jis 21 Feb 2004 23:36:42 -0000 1.3
@@ -195,6 +195,10 @@
<dd>mod_log_common �$B$NBe$o$j$H$J$k$b$N$G!"%f!<%6$,=q<[EMAIL
PROTECTED](B</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_agent.html">mod_log_agent</a></dt>
<dd>User Agent �$B$N%m%0$r5-O?$9$k�(B</dd>
1.43 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index.html.en
Index: index.html.en
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/index.html.en,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -u -r1.42 -r1.43
--- index.html.en 10 Nov 2001 02:25:11 -0000 1.42
+++ index.html.en 21 Feb 2004 23:36:42 -0000 1.43
@@ -163,6 +163,10 @@
<dd>User-configurable logging replacement for
mod_log_common</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_referer.html">mod_log_referer</a></dt>
<dd>Logging of document references</dd>
1.4 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index.html.fr
Index: index.html.fr
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/index.html.fr,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -u -r1.3 -r1.4
--- index.html.fr 8 Oct 2001 01:34:30 -0000 1.3
+++ index.html.fr 21 Feb 2004 23:36:42 -0000 1.4
@@ -182,6 +182,10 @@
<dd>Trace configurable des accès. Remplace
mod_log_common</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_referer.html">mod_log_referer</a></dt>
<dd>Trace des référants d'un document</dd>
1.4 +4 -0 httpd-docs-1.3/htdocs/manual/mod/index.html.ja.jis
Index: index.html.ja.jis
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/index.html.ja.jis,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -u -r1.3 -r1.4
--- index.html.ja.jis 17 Jun 2003 08:55:14 -0000 1.3
+++ index.html.ja.jis 21 Feb 2004 23:36:42 -0000 1.4
@@ -166,6 +166,10 @@
<dd>mod_log_common
�$B$NBe$o$j$H$J$k$b$N$G!"%f!<%6$,=q<[EMAIL PROTECTED](B</dd>
+ <dt><a href="mod_log_forensic.html">mod_log_forensic</a></dt>
+
+ <dd>Forensic logging of requests made to the server</dd>
+
<dt><a href="mod_log_referer.html">mod_log_referer</a></dt>
<dd>�$B%I%-%e%a%s%H$N;2>H85�(B (REFERER) �$B$N%m%0$r5-O?$9$k�(B</dd>
1.1 httpd-docs-1.3/htdocs/manual/mod/mod_log_forensic.html.en
Index: mod_log_forensic.html.en
===================================================================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<title>Apache module mod_log_forensic</title>
</head>
<!-- Background white, links blue (unvisited), navy (visited), red (active)
-->
<body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
vlink="#000080" alink="#FF0000">
<!--#include virtual="header.html" -->
<h1 align="CENTER">Module mod_log_forensic</h1>
<p>This module provides for forensic logging of the requests made to the
server</p>
<p><a href="module-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="module-dict.html#SourceFile"
rel="Help"><strong>Source File:</strong></a>
mod_log_forensic.c<br />
<a href="module-dict.html#ModuleIdentifier"
rel="Help"><strong>Module Identifier:</strong></a>
log_forensic_module<br />
<a href="module-dict.html#Compatibility"
rel="Help"><strong>Compatibility:</strong></a> Available in
Version 1.3.30 and later.</p>
<h2>Summary</h2>
<p>This module provides for forensic logging of client
requests. Logging is done before and after processing a request, so the
forensic log contains two log lines for each request.
The forensic logger works very strict, which means:</p>
<ul>
<li>The format is fixed. You cannot modify the logging format at
runtime.</li>
<li>If it cannot write its data, the particular child process
exits immediately and possibly dumps core (depends on your
<code><a href="core.html#coredumpdirectory">CoreDumpDirectory</a></code>
configuration).</li>
</ul>
<p>In order to evaluate the log output there's a script
<code>check_forensic</code>, which can be found in the support directory
of the distribution.</p>
<p>See also: <a href="../logs.html">Apache Log Files</a>.</p>
<h2>Directives</h2>
<ul>
<li><a href="#forensiclog">ForensicLog</a></li>
</ul>
<h2><a id="formats" name="formats">Forensic Log Format</a></h2>
<p>Each request is logged two times. The first time <em>before</em> it's
processed further (that is, after receiving the headers). The second log
entry is written <em>after</em> the request processing at the same time
where normal logging occurs.</p>
<p>In order to identify each request, a unique request ID is assigned.
This forensic id can be cross logged in the normal transfer log using the
<code>%{forensic-id}n</code> format string. If you're using
<code><a href="mod_unique_id.html">mod_unique_id</a></code> its generated
ID will be used.</p>
<p>The first line logs the forensic ID, the request line and all received
headers, separated by pipe characters (<code>|</code>). A sample line
looks like the following (all on one line):</p>
<p><code>
+yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif
HTTP/1.1|Host:localhost%3a8080|User-Agent:Mozilla/5.0 (X11;
U; Linux i686; en-US; rv%3a1.6) Gecko/20040216
Firefox/0.8|Accept:image/png, <var>etc...</var>
</code></p>
<p>The plus character at the beginning indicates that this is first log
line of this request. The second line just contains a minus character and
the id again:</p>
<p><code>
-yQtJf8CoAB4AAFNXBIEAAAAA
</code></p>
<p>The <code>check_forensic</code> script gets as its argument the name
of the logfile. It looks for those <code>+</code>/<code>-</code> ID pairs
and complains if a request was not completed.</p>
<h2>Security Considerations</h2>
<p>See the <a
href="../misc/security_tips.html#serverroot">security tips</a>
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</p>
<hr />
<h2><a id="forensiclog" name="forensiclog">ForensicLog</a>
directive</h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> ForensicLog
<var>filename</var>|<var>pipe</var><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config, virtual
host<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_log_forensic<br />
<a href="directive-dict.html#Compatibility"
rel="Help"><strong>Compatibility:</strong></a> Available
in Version 1.3.30 and above</p>
<p>The <code>ForensicLog</code> directive is used to
log requests to the server for a forensic analysis. Each log entry
gets assigned unique id which can be associated with the request
using the normal <code><a
href="mod_log_config.html#customlog">CustomLog</a></code>
directive. <code>mod_log_forensic</code> leaves a note called
<code>forensic-id</code> which can be added to the transfer log by
using the <code>%{forensic-id}n</code> format string.</p>
<p>The argument, which specifies the location to which
the logs will be written, can take one of the following two
types of values:</p>
<dl>
<dt><var>filename</var></dt>
<dd>A filename, relative to the <code><a
href="core.html#serverroot">ServerRoot</a></code>.</dd>
<dt><var>pipe</var></dt>
<dd>The pipe character "<code>|</code>", followed by the path
to a program to receive the log information on its standard
input. <strong>Security:</strong> if a program is used, then
it will be run as the user who started httpd. This will be
root if the server was started by root; be sure that the
program is secure.</dd>
</dl>
<!--#include virtual="footer.html" -->
</body>
</html>
1.1
httpd-docs-1.3/htdocs/manual/mod/mod_log_forensic.html.html
Index: mod_log_forensic.html.html
===================================================================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<!--#include virtual="mod_log_forensic.html.en" -->
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
