For those of you who want a little more information on what this
actually does, check out:
http://www.modsecurity.org/blog/archives/000023.html
Cheers,
Andrew
On Tue, 22 Feb 2005 12:07:59 -0500, webmaster
<email@hidden> wrote:
> Here is a little known module that has been available for a while but
> seldom used or talked about and it's already installed on 10.3 and
> possibly 10.2.x (I haven't confirmed 10.2.8).
>
> mod_log_forensic.so
>
> This module provides forensic logging of the requests made to the server
>
> Status: Extension
> Source File: mod_log_forensic.c
> Module Identifier: log_forensic_module
> Compatibility: Available in Version 1.3.30 and later.
>
> Summary
>
> This module provides for forensic logging of client requests. Logging
> is done before and after processing a request, so the forensic log
> contains two log lines for each request. The forensic logger is very
> strict, which means:
>
> * The format is fixed. You cannot modify the logging format at runtime.
> * If it cannot write its data, the child process exits immediately and
> may dump core (depends on your CoreDumpDirectory configuration).
>
> The check_forensic script, which can be found in the distribution's
> support directory (or at
> http://cvs.apache.org/viewcvs.cgi/*checkout*/apache-1.3/src/support/
> check_forensic), may be helpful in evaluating the forensic log output.
>
> ______________________________________________________
>
> MAKING IT WORK
>
> in /etc/httpd/httpd.conf
>
> find:
> LoadModule config_log_module libexec/httpd/mod_log_config.so
>
> immediately following add:
> #LoadModule log_forensic_module libexec/httpd/mod_log_forensic.so
>
> find:
> AddModule mod_log_config.c
>
> immediately following add:
> #AddModule mod_log_forensic.c
>
> NOTE:
> MAKE SURE THAT 'mod_unique_id" PRECEDES 'mod_log_config' IN THE
> 'LoadModule' and 'AddModule' ENTRIES and is enabled.
>
> find:
> LogFormat "%{User-agent}i" agent
>
> immediately following add:
> <IfModule mod_log_forensic.c>
> LogFormat "[%{forensic-id}n] %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" forensic-combined
> LogFormat "[%{forensic-id}n] %h %l %u %t \"%r\" %>s %b" forensic-common
> LogFormat "[%{forensic-id}n] %{Referer}i -> %U" forensic-referer
> LogFormat "[%{forensic-id}n] %{User-agent}i" forensic-agent
> </IfModule>
>
> ______________________________________________________
>
> For any site you wish to enable forensic logging, add the following to
> the site conf file:
> (replace {sitename} with the hostname for site identification)
>
> <IfModule mod_log_forensic.c>
> ForensicLog "/var/log/httpd/{sitename]_forensic_log"
> </IfModule>
>
> If you enable the module in SA, you will have additional log options in
> the pull-down menu that will take advantage of the extra options if you
> with to add them to the regular log as a means of tracking the
> offensive callers.
>
> No additional handlers are required to roll the log, this will be taken
> care of by the regular log roll routine looking after the files in this
> folder.
>
> -- Dale
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/macos-x-server/email@hidden
>
> This email sent to email@hidden
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
