[Logwatch] http.conf error

Ann Hopkins seashell at handypaws.com
Mon May 2 11:59:17 MST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Okay I figured my own problem out it was a separate configuration for the
ssl.conf than the normal httpd.conf file in apache.  Adi Spivak you might see if
this is your problem.

"Referrer and User-Agent" combined are Customlog formats (from httpd.conf):

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined <<<<------
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

You specify "CustomLog" instead of "TransferLog" and use the name.

CustomLog "|/usr/local/apache/bin/rotatelogs
/usr/local/apache/logs/accesslog.%Y-%m-%d-%H_%M_%S 5M" combined

My problem was I forgot to do this is my separate "ssl.conf" file.  I was still
using the "TransferLog" for the logs.

You could just change your logwatch config to remove those references if you
don't want the additional information.

Ann Hopkins wrote:
> I just want to note that I have also been getting the same kind of response to a
> different set of items which I never got noticed before 6.0.2.
> 
> The truth is you are right; none of these have the referrer and agent listed.  I
> don't know why but my ssl logs (I checked several) don't have the information.
> I use certificates, but I don't have enough logs to know if it ever listed them
> and it is the same with every application in the ssl directory.  There are no
> problems with anything in the non-ssl directory.
> 
> My config:
> apache-2.0.54, php-4.3.11, and mod_security-1.8.7
> 
>  2.21 MB transfered in 658 responses  (1xx 0, 2xx 642, 3xx 16, 4xx 0, 5xx 0)
>     438 Images (1.47 MB),
>     216 Content pages (0.74 MB),
>       4 Other (0.01 MB)
> 
>  A total of 1 ROBOTS were logged
>     SurveyBot/2.3 (Whois Source) 2 Time(s)
> 
>  This is a listing of log lines that were not parsed correctly.
>  Perhaps the variables $HTTP_FIELDS and $HTTP_FORMAT in file
>  conf/services/http.conf are not correct?
> 
>  (Only the first ten are printed; there were a total of 96)
>     192.168.254.2 - - [01/May/2005:16:38:50 -0700] "GET /odb/ HTTP/1.1" 302 26
>     192.168.254.2 - - [01/May/2005:16:38:52 -0700] "GET /odb/login.php HTTP/1.1"
> 200 691
>     192.168.254.2 - - [01/May/2005:16:38:52 -0700] "GET /odb/theme/x/style.css
> HTTP/1.1" 200 4659
>     192.168.254.2 - - [01/May/2005:16:38:53 -0700] "GET /odb/images/capper.gif
> HTTP/1.1" 404 1084
>     192.168.254.2 - - [01/May/2005:16:38:53 -0700] "GET
> /odb/theme/x/images/capper.gif HTTP/1.1" 200 11066
>     192.168.254.2 - - [01/May/2005:16:38:53 -0700] "GET /odb/images/email.gif
> HTTP/1.1" 200 523
>     192.168.254.2 - - [01/May/2005:16:38:53 -0700] "GET /odb/images/capper.gif
> HTTP/1.1" 404 1084
>     192.168.254.2 - - [01/May/2005:16:38:53 -0700] "GET /odb/images/capper.gif
> HTTP/1.1" 404 1084
>     192.168.254.2 - - [01/May/2005:16:38:58 -0700] "POST /odb/login.php
> HTTP/1.1" 200 2611
>     192.168.254.2 - - [01/May/2005:16:38:58 -0700] "GET
> /odb/theme/x/menu_images/menu-main-top.gif HTTP/1.1" 200 1386
> 
> 
> Hugo van der Kooij wrote:
> 
>>>On Mon, 2 May 2005, Adi Spivak wrote:
>>>
>>>
>>>
>>>>this is the httpd log part in the logwatch report:
>>>>
>>>>0.00 MB transfered in 0 responses  (1xx 0, 2xx 0, 3xx 0, 4xx 0, 5xx 0)
>>>>
>>>>This is a listing of log lines that were not parsed correctly.
>>>>Perhaps the variables $HTTP_FIELDS and $HTTP_FORMAT in file
>>>>conf/services/http.conf are not correct?
>>>>
>>>>(Only the first ten are printed; there were a total of 2064)
>>>>   207.46.98.53 - - [01/May/2005:00:00:30 +0300] "GET /~web/forums/index.php?c=2 HTTP/1.0" 404 283
>>>>   24.179.95.188 - - [01/May/2005:00:04:53 +0300] "GET /~fsfjosh/images/swu/john1.jpg HTTP/1.1" 200 32490
>>>>   80.178.120.123 - - [01/May/2005:00:10:25 +0300] "GET /~mike/f/12.jpg HTTP/1.1" 200 284941
>>>>   80.178.120.123 - - [01/May/2005:00:11:20 +0300] "GET /~mike/forum/index.php HTTP/1.1" 200 5059
>>>>
>>>>this is the conf (i did not change anything in the apache or in the conf)
>>>>
>>>>$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent"
>>>>$HTTP_FORMAT = "space     space space    brace    quote   space        space       quote   quote"
>>>
>>>
>>>
>>>And WHERE did you leave your Referrer and Agent information? You did not
>>>record those in the logs so the parser will not match on any line.
>>>
>>>Either fix the log format in apache or change the matching pattern in
>>>logwatch.
>>>
>>>Hugo.
>>>
> 

_______________________________________________
Logwatch mailing list
Logwatch at logwatch.org
http://www2.list.logwatch.org:81/lists/listinfo/logwatch

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCdniFhs7JGk93PT0RAsEzAJ0XVdLGOvQ2Ql1VW6FAxXXME4xWDgCgvA5J
+gKqiK0T//QjW4DlpN2Dm6A=
=qqoN
-----END PGP SIGNATURE-----



More information about the Logwatch mailing list