FAQ
I have a situation where presentation of an X.509 certificate by a user
in two-way SSL is considered authoritative for identification purposes,
however I need to use the directory for attribute and authorization
information.

The LDAP server expects me to bind via my server certificate with
two-way SSL. This is preferred in this environment over using a BindDN
and password.

By using +FakeBasicAuth*1, I was able to get the 1st step [search]
working; however, mod_authnz_ldap automatically switches over to
attempting a bind as the user in the compare step. In this case, it
does so with the "pseudo-password" provided by FakeBasicAuth.
[Obviously this fails.]

The rest of the implementation is exactly what I neeed--it's only switch
from anonymous/server bind to user bind that I need to change*2. I'd
like to see a directive to mod_authnz_ldap that instructed it to use the
same binding for the compare phase as it did for search. [I've also
been looking at using ldaprc to see if TLS_ directives there can
override application settings].

Has anyone else cracked this nut already, either with a "fork" of
mod_authnz_ldap or their own module written on top of mod_ldap?

--Pete
----
Configuration details:

- Solaris (both x86 & sparc servers)
- Apache 2.2.9
- OpenLDAP 2.3.41

----
*1In this case we would need to make sure that an actual Basic Auth
dialog was never presented; otherwise we could have users entering
another user's DN by hand to masquerade as them.

*2"Collapsing" the LDAP caches is another possible related optimization
in this situation. If we are binding with the same credentials, we
don't have to worry about polluting a cache with unauthorized data from
another user's context.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

  • Joe Hammerman at Jan 27, 2010 at 7:01 pm
    Hello Apache users list.

    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    Here is a sample of the directives we are using in our VirtualHost container:

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.

    Does anyone have any input? Is what we are attempting possible?

    Thanks!

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Dan Poirier at Jan 27, 2010 at 8:04 pm

    Joe Hammerman writes:

    Hello Apache users list.

    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    Here is a sample of the directives we are using in our VirtualHost container:

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.

    Does anyone have any input? Is what we are attempting possible?
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joe Hammerman at Jan 27, 2010 at 9:35 pm
    Hi Dan,
    If we replaced Sed with Cat, I'm a little confused as to what we would be catting; there's a stream coming in, right?

    To your second question - yes, logging is fully functional with sudo

    To your final question - no, even with a sed command that performs no actions, no logging information is generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Wednesday, January 27, 2010 12:03 PM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue

    Joe Hammerman <jhammerman@videoegg.com> writes:
    Hello Apache users list.

    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    Here is a sample of the directives we are using in our VirtualHost container:

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.

    Does anyone have any input? Is what we are attempting possible?
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joe Hammerman at Jan 28, 2010 at 1:34 am
    So perhaps someone on the users list has an alternative method for addressing the issue we are encountering.

    Our setup is that we have Amazon EC2 instances serving our web content. If we logged the request host IP, we would have a log filled with the IP's of the Amazon load balancers. Therefore, we use the XFF HTTP header in our logs.

    The issue we are encountering is that if a client makes a request from behind a proxy, the proxy's IP is logged as well. We want to strip out all of the proxy IP's and only record the client IP.

    This is what we were hoping to utilize Sed for in our Custom log set up.

    Any and all input is appreciated!

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Dan Poirier at Jan 28, 2010 at 3:10 pm

    Joe Hammerman writes:

    If we replaced Sed with Cat, I'm a little confused as to what we would be catting; there's a stream coming in, right?

    To your second question - yes, logging is fully functional with sudo

    To your final question - no, even with a sed command that performs no actions, no logging information is generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Wednesday, January 27, 2010 12:03 PM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue
    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?
    Okay, then you're saying this gives you logging:

    CustomLog "| /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    but this doesn't:

    CustomLog "| /bin/sed | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    How about this:

    CustomLog "| /bin/cat | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    "cat" with no arguments just copies stdin to stdout, so we can tell if sed is the problem, or the piping.

    Also, I would think if putting the piped command directly in the log config is the problem, then replacing it with a wrapper script ought to work. I assume your script looked like:

    #!/bin/sh
    /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log

    (maybe with one level of backslashes removed), was marked executable, and the full path was configured:

    CustomLog "| /path/to/wrapper/script" combined env=survey_log

    You might try a simpler script:

    #!/bin/sh
    /bin/cat >>/path/to/logfile

    again just to rule out something funny in the sed/sudo/cronolog part as opposed to Apache.


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joe Hammerman at Jan 28, 2010 at 7:48 pm
    Hi Dan,

    When the sed command is replaced with /bin/cat, logs are generated. Using a sed command that does nothing results in no log output; e.g.

    CustomLog "| /bin/sed s/// |/usr/bin/cronolog..."

    Or

    CustomLog "| /bin/sed 's///' | /usr/bin/cronolog..."

    Or

    CustomLog "| /bin/sed -e 's///' | /usr/bin/cronolog..."

    :/

    I have tried using a wrapper script. Here it is in its original form:

    #!/bin/bash

    cat - | while read LINE
    do
    echo ${LINE} |
    /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/access_log
    done

    and then, per your suggestion:

    #!/bin/bash

    #cat - | while read LINE
    #do
    #echo ${LINE} |
    /bin/sed s/[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\},\\
    //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/
    logs/beacon/%Y%m%d/%H/access_log
    #done


    httpd.conf was configured as you said.

    In either case, no logs are generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Thursday, January 28, 2010 7:10 AM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue

    Joe Hammerman <jhammerman@videoegg.com> writes:
    If we replaced Sed with Cat, I'm a little confused as to what we would be catting; there's a stream coming in, right?

    To your second question - yes, logging is fully functional with sudo

    To your final question - no, even with a sed command that performs no actions, no logging information is generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Wednesday, January 27, 2010 12:03 PM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue
    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?
    Okay, then you're saying this gives you logging:

    CustomLog "| /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    but this doesn't:

    CustomLog "| /bin/sed | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    How about this:

    CustomLog "| /bin/cat | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    "cat" with no arguments just copies stdin to stdout, so we can tell if sed is the problem, or the piping.

    Also, I would think if putting the piped command directly in the log config is the problem, then replacing it with a wrapper script ought to work. I assume your script looked like:

    #!/bin/sh
    /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log

    (maybe with one level of backslashes removed), was marked executable, and the full path was configured:

    CustomLog "| /path/to/wrapper/script" combined env=survey_log

    You might try a simpler script:

    #!/bin/sh
    /bin/cat >>/path/to/logfile

    again just to rule out something funny in the sed/sudo/cronolog part as opposed to Apache.


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Justin Pasher at Jan 28, 2010 at 8:18 pm

    Joe Hammerman wrote:
    Hi Dan,

    When the sed command is replaced with /bin/cat, logs are generated. Using a sed command that does nothing results in no log output; e.g.

    CustomLog "| /bin/sed s/// |/usr/bin/cronolog..."
    CustomLog "| /bin/sed 's///' | /usr/bin/cronolog..."
    CustomLog "| /bin/sed -e 's///' | /usr/bin/cronolog..."
    I haven't really been following this thread in detail, but here are some
    thing I noticed.

    All three of the sed commands above are invalid, so it doesn't surprise
    me there is no output.

    $ echo "test" | sed s///
    sed: -e expression #1, char 0: no previous regular expression
    $ echo "test" | sed 's///'
    sed: -e expression #1, char 0: no previous regular expression
    $ echo "test" | sed -e 's///'
    sed: -e expression #1, char 0: no previous regular expression

    Since replacing it with cat works, it means the sed command in your
    original code is not working as expected. Try logging directly to a
    file, then run your sed commands or wrapper script on that file (e.g.
    cat this.log > sed -e 's/blah/blah/'). Once you have verified that is
    working properly, then come back to putting it into the apache config.

    There is also a chance that the escape sequences for a shell are
    different than those for the apache directive. You can verify that by
    starting out with a much simpler sed script, then expanding from there.

    --
    Justin Pasher

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joe Hammerman at Jan 28, 2010 at 8:46 pm
    Justin - the wrapper script (in its original form) that I provided in my previous email has been tested in this manner against sample data.

    You are correct about my sed syntax - I have replaced those commands with s/antelope// in the formats provided below, and verified that there is no output.

    Editing the scripts referenced below so that they also replace antelope with nothing also results in no output.

    Any other thoughts?

    -----Original Message-----
    From: Justin Pasher
    Sent: Thursday, January 28, 2010 12:18 PM
    To: users@httpd.apache.org
    Subject: Re: [users@httpd] Re: mod_log_config issue

    Joe Hammerman wrote:
    Hi Dan,

    When the sed command is replaced with /bin/cat, logs are generated. Using a sed command that does nothing results in no log output; e.g.

    CustomLog "| /bin/sed s/// |/usr/bin/cronolog..."
    CustomLog "| /bin/sed 's///' | /usr/bin/cronolog..."
    CustomLog "| /bin/sed -e 's///' | /usr/bin/cronolog..."
    I haven't really been following this thread in detail, but here are some
    thing I noticed.

    All three of the sed commands above are invalid, so it doesn't surprise
    me there is no output.

    $ echo "test" | sed s///
    sed: -e expression #1, char 0: no previous regular expression
    $ echo "test" | sed 's///'
    sed: -e expression #1, char 0: no previous regular expression
    $ echo "test" | sed -e 's///'
    sed: -e expression #1, char 0: no previous regular expression

    Since replacing it with cat works, it means the sed command in your
    original code is not working as expected. Try logging directly to a
    file, then run your sed commands or wrapper script on that file (e.g.
    cat this.log > sed -e 's/blah/blah/'). Once you have verified that is
    working properly, then come back to putting it into the apache config.

    There is also a chance that the escape sequences for a shell are
    different than those for the apache directive. You can verify that by
    starting out with a much simpler sed script, then expanding from there.

    --
    Justin Pasher

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joe Hammerman at Jan 29, 2010 at 7:45 pm
    Hey all. First of all thanks for the assistance.

    I haven't resolved the issue, however I thought I would add some more detail regarding my investigations, if anyone ever digs through these archives.

    It seems that sed doesn't actually flush the stream it is editing until it hits a '\n'. So I bet sed is editing the stream in place, and storing all of its edits in memory.

    LogFormat supports the '\n' character - but I still can't get sed to actually write out to disk.

    -----Original Message-----
    From: Joe Hammerman
    Sent: Thursday, January 28, 2010 11:47 AM
    To: users@httpd.apache.org
    Subject: RE: [users@httpd] Re: mod_log_config issue

    Hi Dan,

    When the sed command is replaced with /bin/cat, logs are generated. Using a sed command that does nothing results in no log output; e.g.

    CustomLog "| /bin/sed s/// |/usr/bin/cronolog..."

    Or

    CustomLog "| /bin/sed 's///' | /usr/bin/cronolog..."

    Or

    CustomLog "| /bin/sed -e 's///' | /usr/bin/cronolog..."

    :/

    I have tried using a wrapper script. Here it is in its original form:

    #!/bin/bash

    cat - | while read LINE
    do
    echo ${LINE} |
    /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/access_log
    done

    and then, per your suggestion:

    #!/bin/bash

    #cat - | while read LINE
    #do
    #echo ${LINE} |
    /bin/sed s/[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\},\\
    //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/
    logs/beacon/%Y%m%d/%H/access_log
    #done


    httpd.conf was configured as you said.

    In either case, no logs are generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Thursday, January 28, 2010 7:10 AM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue

    Joe Hammerman <jhammerman@videoegg.com> writes:
    If we replaced Sed with Cat, I'm a little confused as to what we would be catting; there's a stream coming in, right?

    To your second question - yes, logging is fully functional with sudo

    To your final question - no, even with a sed command that performs no actions, no logging information is generated.

    -----Original Message-----
    From: news On Behalf Of Dan Poirier
    Sent: Wednesday, January 27, 2010 12:03 PM
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue
    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?
    Okay, then you're saying this gives you logging:

    CustomLog "| /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    but this doesn't:

    CustomLog "| /bin/sed | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    How about this:

    CustomLog "| /bin/cat | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    "cat" with no arguments just copies stdin to stdout, so we can tell if sed is the problem, or the piping.

    Also, I would think if putting the piped command directly in the log config is the problem, then replacing it with a wrapper script ought to work. I assume your script looked like:

    #!/bin/sh
    /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log

    (maybe with one level of backslashes removed), was marked executable, and the full path was configured:

    CustomLog "| /path/to/wrapper/script" combined env=survey_log

    You might try a simpler script:

    #!/bin/sh
    /bin/cat >>/path/to/logfile

    again just to rule out something funny in the sed/sudo/cronolog part as opposed to Apache.


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Peter J Milanese at Jan 27, 2010 at 8:10 pm
    Isn't cronolog highly dependent on the w3c log convention?



    ----- Original Message -----
    From: Dan Poirier [poirier@pobox.com]
    Sent: 01/27/2010 03:02 PM EST
    To: users@httpd.apache.org
    Subject: [users@httpd] Re: mod_log_config issue



    Joe Hammerman <jhammerman@videoegg.com> writes:
    Hello Apache users list.

    We have an issue with mod_log_config; specifically we are trying to pipe log output through Sed before it goes to Cronolog. The result is that we get no output whatsoever.

    Here is a sample of the directives we are using in our VirtualHost container:

    CustomLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/survey_log" combined env=survey_log

    ErrorLog "| /bin/sed s/[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\}\\\.[0-9]\\\{1,3\\\},\\\ //g | /usr/bin/sudo -u VEsvc /usr/sbin/cronolog --period=1hours /mnt/export/www/logs/beacon/%Y%m%d/%H/error_log"

    We have also experimented with writing a wrapper script that performs all three of the above functions - the result is the same.

    Does anyone have any input? Is what we are attempting possible?
    What's the simplest case that doesn't work? What if you take out the
    whole 'sed' command and just use /bin/cat? Does invoking cronolog with
    sudo work when not receiving input piped from another command? Does it
    work with a simpler sed script?


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesapache
postedJan 27, '10 at 5:35p
activeJan 29, '10 at 7:45p
posts11
users5
websitehttpd.apache.org
irc#httpd

People

Translate

site design / logo © 2022 Grokbase