Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Help needed with logging strategy |
|
| Author |
|
Alex Bowden
Joined: 17 May 2011
Posts: 2
|
 Posted: Tue 17 May '11 20:28 Post subject: Help needed with logging strategy |
 |
|
I have a hosted server which is under massive attack.
It gets a few hundred real requests a day, but in addition it generates about 1.5GBytes a day of error_log consisting almost completely of [denied] entries, and the volume is increasing.
There is also about 1.5GBytes a day of access_log, because all of those denied entries are still being listed as accesses.
What I need to see is the accesses that are not being denied, in case there is anything else in there that I should be preventing.
Ideally I would like to tell Apache not to log the denied entries, which would still give me the data I want, but save me a lot of disk space, but any other strategy that achieves the objective, would be welcome.
I suspect that there is probably a standard or trivial solution, because many (unfortunate) people must have this problem, but the mod_log_config documentation seems more aimed at defining a new programming language, that at solving apache usage problems.  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
| Posted: Wed 18 May '11 15:51 Post subject: |
|
|
| There is mod_log_rotate (can be found on the download page) and for error log logrotate. |
|
| Back to top |
|
Alex Bowden
Joined: 17 May 2011
Posts: 2
|
| Posted: Wed 18 May '11 20:21 Post subject: How does mod_log_rotate help? |
|
|
| James Blond wrote: | | There is mod_log_rotate (can be found on the download page) and for error log logrotate. |
From the documentation looks to be a log rotation facility (just as the name would suggest). Clearly it can limit the space taken up by the logs that are kept.
But my stated problem is to keep ALL of the access_log entries relating to access that was allowed / serviced without filling up space with entries that relate to accesses that have been denied.
I really don't see that anything in mod_log_rotate helps me do this. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Thu 19 May '11 3:17 Post subject: |
|
|
well .. you want to not log 403s, or 500s or whatever, what if the legitimate people get one, do you not want to know?
I assume you are being attacked by zillionns of different addresses or just one or a few. If only a few, block those at the firewall.
If you want to not log something, not sure if this can be done with the error log, but there is a way to not log from certain IPs, uses SetEnvIf. I'm sure it could just as easily be done with the REDIRECT_STATUS. You'd have to test this as it is not stated in the docs as being able to do it.
If it is mod_security that is forcing the 403s, modify the rules being the noise makers to just not log.
I hate how there is so much pollution in the error log beginning at Apache 2.2, but 403s are 403s which are errors. You can always grep that crap out after the fact. |
|
| Back to top |
|
|
|
|
|
|
