Solution: multiple Apache log files, multiple args to env=, multiple conditions to CustomLog directive

Solution: multiple Apache log files, multiple args to env=, multiple conditions to CustomLog directive

Post by Antho » Fri, 05 Apr 2002 14:24:48



Here is a solution to a problem I had a little while ago.  I wanted to
have Apache keep 3 separate log files: 1 for requests from me, a 2nd
for nimda virus attacks, and a 3rd for everything else.

The key to the solution was to use "!" to unset environment variables
in certain cases.  Joshua Slive pointed this out for me.

I'm posting this here because I can't find a way to use Google to
reply to those old posts of mine.

Here's an example that will log requests from a specific IP address
(presumably the webmaster's) to one file, and log nimda virus attacks
to another file.  A third log file will hold all the remaining
requests.

#========================================================================#
SetEnvIf Remote_Addr "w\.x\.y\.z" localaccess=1
SetEnvIf localaccess 1 dontlog

# Here, !localaccess will keep nimda requests out of the localaccess
log.
SetEnvIf Request_URI "^/scripts" nimda=1 !localaccess
SetEnvIf Request_URI "^/c/winnt" nimda=1 !localaccess
SetEnvIf Request_URI "^/_mem_bin" nimda=1 !localaccess
SetEnvIf Request_URI "^/_vti_bin" nimda=1 !localaccess
SetEnvIf Request_URI "^/MSADC" nimda=1 !localaccess
SetEnvIf Request_URI "^/msadc" nimda=1 !localaccess
SetEnvIf Request_URI "^/d/winnt" nimda=1 !localaccess
SetEnvIf nimda 1 dontlog

CustomLog logs/localaccess.log combined env=localaccess
CustomLog logs/nimda.log combined env=nimda
CustomLog logs/everythingelse.log combined env=!dontlog
#========================================================================#

I've received a couple emails about this problem, so I figure this
will help someone out.

-Anthony
www.nodivisions.com

 
 
 

1. Apache, multiple log files, multiple args to " env= "

## I posted this to comp.infosystems.www.servers.misc a week
## ago and received no response, so I'm posting it here now.

Hello,

I want Apache to log different activity to different log files.  I'd
like 3 separate log files: the first to log myself when I access my
site (from the local network), the second to log virus activity (all
the worms trying IIS exploits), and the third to log everything else
(all valid accesses).

So here's what I'm doing:

#######################################################
LogFormat "%t %h %a %l %u \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined

SetEnvIf Remote_Addr "192\.168\.0\.2" localaccess
CustomLog logs/localaccess.log combined env=localaccess

SetEnvIf Request_URI /MSADC/ virusactivity
CustomLog logs/virusactivity.log combined env=virusactivity

CustomLog logs/access.log combined env=[!virusactivity,!localaccess]
#######################################################

The problem is, that last line doesn't work.  Nothing ever gets
written to the file "access.log".  What is the correct syntax for
giving multiple arguments to "env=" ?  Or do I need to do something
different entirely?  I've searched the net and the apache
documentation for days, and haven't found the solution.

Thanks,
 Anthony
 NoDivisions.com

2. Install RH6.0 on Gateway 133

3. Multiple conditions to CustomLog directive?

4. Lilo - bootloader problem

5. how do i concatenate multiple files then split them into multiple files

6. kscd crashes

7. multiple hosts and multiple ports in apache 1.1.1

8. Install NetBSD/VAX on VS2000 via PC?

9. Apache -> ? multiple domains / multiple access_logs ?

10. Apache -> ? multiple domains = multiple access_logs ?

11. multiple apache httpds with multiple VirtualHosts on port 80?

12. Fork multiple readers on one file, multiple writers on another?

13. scp of multiple files to multiple locations on remote host