logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Help needed with logging strategy
Author
Alex Bowden



Joined: 17 May 2011
Posts: 2

PostPosted: Tue 17 May '11 20:28    Post subject: Help needed with logging strategy Reply with quote

I have a hosted server which is under massive attack.

It gets a few hundred real requests a day, but in addition it generates about 1.5GBytes a day of error_log consisting almost completely of [denied] entries, and the volume is increasing.

There is also about 1.5GBytes a day of access_log, because all of those denied entries are still being listed as accesses.

What I need to see is the accesses that are not being denied, in case there is anything else in there that I should be preventing.

Ideally I would like to tell Apache not to log the denied entries, which would still give me the data I want, but save me a lot of disk space, but any other strategy that achieves the objective, would be welcome.

I suspect that there is probably a standard or trivial solution, because many (unfortunate) people must have this problem, but the mod_log_config documentation seems more aimed at defining a new programming language, that at solving apache usage problems. Confused
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Wed 18 May '11 15:51    Post subject: Reply with quote

There is mod_log_rotate (can be found on the download page) and for error log logrotate.
Back to top
Alex Bowden



Joined: 17 May 2011
Posts: 2

PostPosted: Wed 18 May '11 20:21    Post subject: How does mod_log_rotate help? Reply with quote

James Blond wrote:
There is mod_log_rotate (can be found on the download page) and for error log logrotate.


From the documentation looks to be a log rotation facility (just as the name would suggest). Clearly it can limit the space taken up by the logs that are kept.

But my stated problem is to keep ALL of the access_log entries relating to access that was allowed / serviced without filling up space with entries that relate to accesses that have been denied.

I really don't see that anything in mod_log_rotate helps me do this.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Thu 19 May '11 3:17    Post subject: Reply with quote

well .. you want to not log 403s, or 500s or whatever, what if the legitimate people get one, do you not want to know?

I assume you are being attacked by zillionns of different addresses or just one or a few. If only a few, block those at the firewall.

If you want to not log something, not sure if this can be done with the error log, but there is a way to not log from certain IPs, uses SetEnvIf. I'm sure it could just as easily be done with the REDIRECT_STATUS. You'd have to test this as it is not stated in the docs as being able to do it.

If it is mod_security that is forcing the 403s, modify the rules being the noise makers to just not log.

I hate how there is so much pollution in the error log beginning at Apache 2.2, but 403s are 403s which are errors. You can always grep that crap out after the fact.
Back to top


Reply to topic   Topic: Help needed with logging strategy View previous topic :: View next topic
Post new topic   Forum Index -> Apache