hostatic.ro

Posted on: April 17th, 2011 Conditional logging in Apache 2

Sometimes Apache 2′s logs can get really polluted by entries which you don’t care about and might skew your statistics. For example you wouldn’t want your own IP address in the logs because you don’t want that counted in the statistic. Although most web analyzers have filters to exclude such things, you can do this directly in Apache by not logging these. To do this you first need to set and environment variable that matches what you don’t want to log – this can use regular expressions and the matching is done on HTTP header fields like Remote_Addr or Request_URI.

Let’s say you want to exclude all internal IPs in your company from your website’s logs. You need to add this to your httpd.conf or .conf, depending on how you have your web server set up:

SetEnvIf Remote_Addr “10\.*\.*\.*” nologging

This just created a new variable in Apache’s environment called “nologging”. Now we will add this to the log directive in the same config file:

CustomLog log/access.log combined env =! nologging

Now Apache will log everything except what is matched with the rule above. If you want to add more things to the list of non-logging, we can just continue adding rules to that variable. Let’s we decided not to add the favicon.ico requests to the log:

SetEnvIf Request_URI “^/favicon\.ico$” nologging

That’s it, no more pesky favicon requests in the logs! As you can see, the rules are pretty powerful and there are many uses for this!

Also, don’t forget that you need the “log_config” and the “setenvif” module loaded in Apache! As usual you can check this using httpd -M or apache2 -M on the command line.

For more details: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html

Posted on: April 11th, 2011 Getting the umask of a running process

Sometimes you may need to find out the umask a process will use to write to the filesystem – in a Linux environment – but you can not afford to shut down the process – let’s say it is in production at the moment.

Doing this isn’t as trivial as you would expect, as the /proc filesystem doesn’t offer any information about this. The easiest way I have found is to attach gdb to the running process and calling umask to get the information. We will use the SSH daemon as example:

- first find the PID (process ID) of the daemon:

ps -ef | grep sshd
root 1083 1 0 21:24 ? 00:00:00 /usr/sbin/sshd -D

- install gdb using your favorite package manager (or compile it) if you don’t have it and attach gdb to the running process:

gdp –pid=1083

- you will be presented with the debugger’s shell in which you can call system functions. we need to call the umask function to get what we need:

(gdb) call umask(0)
$1 = 18

- This sets the umask of the running process to 0 but also returns at the prompt the previous value of the umask. The returned value – 18 in our case – is the umask represented in the decimal system. Because in userspace we use the octal system to represent umasks you need to convert it to octal. So fire up your favorite calculator and convert it from decimal to octal. 18 translates to 22 in octal, meaning our running process has a umask of 022. That means that the process will write files with 644 as permissions on the filesystem.
- Now that you found out what the umask was, set it back:

(gdb) call umask(18)
$2 = 0

- type “quit” to detach gdb from the process