Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Apache: Log: how to log only certain errors?

> So this only works for status codes ... what about if I only want to log 
> requests between 1am and 3am and only those that returned more than 10k?

On our servers I use SetEnvIf for log splitting. For example for worms attacks:
(cmd.exe, root.exe, default.ida):

SetEnvIf   Request_URI   "cmd\.exe"   ATTACK
SetEnvIf   Request_URI   "root\.exe"   ATTACK

CustomLog   attack_log  common env=ATTACK
CustomLog   access_log  common env=!ATTACK

Maybe you can use this with regexp for time or size.

Attachment: pgp00016.pgp
Description: PGP signature

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links