 |
|
John VanDyk has been innovating with information technology for more than 20 years. Read more... |
John's Sensu Book
(Note: for Sensu Classic; does not cover the current version of Sensu which has been rewritten in Go.)
John's Drupal Books
Nonparsing Apache Log Messages Solved
Submitted by John on Thu, 2011-03-31 08:12
I set up a new Red Hat Enterprise Linux 5 webserver but the nightly emails from logwatch were complaining about logs not being parsed correctly:
--------------------- httpd Begin ------------------------
This is a listing of log lines that were not parsed correctly.
Perhaps the variable $LogFormat in file conf/services/http.conf
is not correct?
(Only the first ten are printed; there were a total of 188)
"1.2.3.4 - - [30/Mar/2011:01:49:18 -0500] "GET /foo/bar/modules/node/node.css HTTP/1.1" 200 678 "https://www.example.edu/foo/bar/baz"
...
I looked in /etc/logwatch/conf/services but there was no httpd.conf in there. In fact, there was nothing there, so the speculation by logwatch as to what the problem was was appreciated but not helpful.
Looking more carefully at the log entries, it became apparent that they were all from referrers that were requests over SSL. When I pored over the logging configuration for the virtual hosts on this box, I discovered that the CustomLog directive for the host listening on 443 was very slightly different than the default host; yet they were writing to the same log file.
Making the two CustomLog directives identical fixed the problem. (I also changed the configuration so that https requests were written to a separate file.)
Topic:
- Log in to post comments