On Thursday 28 January 2010 07:52:05 Michael A. Capone wrote: > We currently use a 3rd party security company to do a nessus-type > security audit on our site for PCI compliance. Their scans naturally > generate a lot of noise in the error log, to the point that legitimate > site errors are lost in the forest. What I'm hoping to find / create is > some kind of mechanism that can pre-empt writing to the error log and > either 1) ideally, don't log if the client IP is xxx.xxx.xxx.xxx, or 2) > always log the client IP address with each error, which will enable us > to filter those out manually after the fact. Either solution is > acceptable. > > Apache provides a trivial solution for the access_log, in the form of: > > SetEnvIf Remote_Addr xxx.xxx.xxx.* nolog > > ... however, that solution does not extend to the error log. I'm hoping > there's a mod_perl "hook" that can allow me to change apache's error > logging behaviour to what I need it to be. > There is an error_log hook in apache:
error_log declared in ./include/http_log.h implemented in ./server/log.c type is VOID void error_log(const char *file, int line, int level, apr_status_t status, const server_rec *s, const request_rec *r, apr_pool_t *pool, const char *errstr) It is run at the end of log_error_core(). That means the error is already logged. But perhaps you can set ErrorLog to /dev/null and implement your own logging using that hook. That is where I would start. Torsten
