Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: conditional logging |
|
| Author |
|
Sparky1
Joined: 01 Mar 2007
Posts: 4
Location: Canada
|
 Posted: Thu 01 Mar '07 18:54 Post subject: conditional logging |
 |
|
Hi!
First time caller, long time listener 
This could be a complete n00bie question, but my 'extensive research' turned up nothing.
I'd like to set up conditional logging based on the "status code"
This may seem a little odd, but this is what's happening--
I'm running Apache 2.0.59 and mod security
I'm using mod security mostly to stop spammers, and have compiled (as well as downloaded from others) extensive spammer lists.
Even though mod security denies access to these spammers to spam my website, their requests still show up in my log files. Since my website is getting spammed 1 to 2 times a second, my access.log file is huge on a daily basis--I rotate it once a day, but I'm getting sometimes a 10 meg file for 1 day. I'd like to reduce that to 'legitimate' accesses.
My solution thus far is to use conditional logging for Remote_Host and Referer, but that doesn't by far eliminate them all from the log file.
I figured if I could use a SetEnvIf for the status code and not log '301' or a '410' (or whatever I tell mod security to set the response to), then the spammers stopped by mod security would not be logged in my access.log file.
I tried 'SetEnvIf Status_Code 301 omitlog-req' but that didn't work (didn't think it'd be that easy )
Anyway, any help would be appreciated.
Sparky |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 07 Mar '07 23:50 Post subject: |
|
|
Can you post the line you made in httpd.conf.
e.g.
| Code: |
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
SetEnvIf Remote_Addr "192\.168\.178\.20" dontlog
SetEnvIf Remote_Addr "212\.105\.204\.244" dontlog
CustomLog /server2/logs/access.log common env=!dontlog
|
|
|
| Back to top |
|
Sparky1
Joined: 01 Mar 2007
Posts: 4
Location: Canada
|
| Posted: Thu 08 Mar '07 5:49 Post subject: |
|
|
Here's my logging info for Apache--
| Code: | LogLevel warn
SetEnvIfNoCase Request_URI \.gif omitlog-req
SetEnvIfNoCase Request_URI \.jpg omitlog-req
SetEnvIfNoCase Request_URI \.ico omitlog-req
SetEnvIfNoCase Request_URI \.bmp omitlog-req
SetEnvIfNoCase Request_URI \.png omitlog-req
SetEnvIfNoCase Request_URI \.mid omitlog-req
SetEnvIfNoCase Request_URI "^/bars" omitlog-req
SetEnvIfNoCase Request_URI header.php omitlog-req
SetEnvIfNoCase Request_URI "^/cgi-bin/tb-inc\.*" omitlog-req
# log spammers
SetEnvIfNoCase Referer allabouttramadol\.blogspot\.com omitlog-req
SetEnvIfNoCase Referer tramadolonlinediscountpharmacy\.blogspot\.com omitlog-req
SetEnvIfNoCase Referer anna-av\.blogspot\.com omitlog-req
SetEnvIfNoCase Referer tramadol omitlog-req
SetEnvIfNoCase Remote_Host "81.95.148.50" omitlog-req
SetEnvIfNoCase Remote_Host "66.46.10.130" omitlog-req
SetEnvIfNoCase Remote_Host "googlebot" omitlog-req
SetEnvIfNoCase Remote_Host "inktomisearch" omitlog-req
SetEnvIfNoCase Remote_Host "search.live.com" omitlog-req
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %h %l %u %t \"%r\" %>s %b" common
ErrorLog c:/www/logs/error.log
CustomLog c:/www/logs/access.log combined env=!omitlog-req
CustomLog c:/www/logs/allaccess.log combined
|
If anyone can let me know how to add set a conditional logging entry for status code, it would be appreciated.
Thanks! |
|
| Back to top |
|
|
|
|
|
|
