Please ask Analog people how is the log entry supposed to be in the correct
format, when it is not a HTTP request at all?
Yes it is.
It came in on port 80, or whatever port the web server was listening to, and
the listening port was listening for HTTP traffic. The request that came in,
regardless of what it was supposed to be, WAS an HTTP request at that point as
far as the web server was concerned. Clearly it was malformed or otherwise in
error, so the server assigned it the HTTP status code of 400. That status code
is part of the HTTP protocol.
If the request had come in on a different port, then it would not have been
seen by the web server and would not have been recorded in the log file.
The format of data recorded to the web server's log file is usually handled by
the web server's settings.
Certainly ANY connection to a port on a server is coming from a specific
machine with an address, whether that be a real-world IP address, a localhost
designator which can be written as 127.0.0.1, a private network IP address, or
whatever. And that information and other elements should be recorded in the
log.
Some something is clearly not working correctly.
-Spode
At 11:12 AM +0200 2/27/09, Nanu Kalmanovitz wrote:
Thanks!
I sent your answer to Suse-Novell people, following is the reply:
Please ask Analog people how is the log entry supposed to be in the correct
format, when it is not a HTTP request at all?
400 means bad request, as in, garbled request, or simple npn-conforming
request.
the status code on those requests was 400.
I believe that Apache takes all the information, including the IP address,
from the HTTP request body,since this is not a valid HTTP request, it doesn't
carry any data.
They are right in assuming that this looks like an ipv6 request, but that is
not the problem here.
There is a way to turn off logging this status code.
http://httpd.apache.org/docs/2.2/logs.html#conditional
For the bad lines.
192.168.254.254 - - [26/Feb/2009:11:13:45 +0200] GET /req.png HTTP/1.0 304
- http://www.kalmanovitz.co.il/Analog_Report.html; Mozilla/5.0 (X11; U;
Linux i686; en-US; rv:1.8.1.18) Gecko/20081031 SUSE/2.0.0.18-0.2.1
Firefox/2.0.0.18
::1 - - [26/Feb/2009:11:13:57 +0200] GET / 400 991
::1 - - [26/Feb/2009:11:13:58 +0200] GET / 400 991
::1 - - [26/Feb/2009:11:13:59 +0200] GET / 400 991
::1 - - [26/Feb/2009:11:14:00 +0200] GET / 400 991
38.99.13.125 - - [26/Feb/2009:11:14:45 +0200] GET
/k_comm/Israel/English/Maps/Rezervations/EinHemed33/obj/pages/P7270096_jpg.htm
HTTP/1.0 200 2299 - Mozilla/5.0 (Twiceler-0.9
http://www.cuil.com/twiceler/robot.html)
SetEnvIf Remote_Addr ::1 dontlog should take care of that.
Please put this into default_server.conf or, if you plan to use Virtualhosts,
into the proper config file for that host.
What is your opinion?
In the last answer you said:
TIA
Nanu
+
| TO UNSUBSCRIBE from this list:
|http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+
--
Edward F Spodick, Information Technology Manager
Hong Kong University of Science Technology Library
lbspo...@ust.hk tel:852-2358-6743 fax:852-2358-1043
+
| TO UNSUBSCRIBE from this list:
|http://lists.meer.net/mailman/listinfo/analog-help
|
| Analog Documentation: http://analog.cx/docs/Readme.html
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+
