You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by km...@rockwellcollins.com on 2012/09/11 23:45:22 UTC

Limiting Subversion noise in apache logs

I've always been slightly annoyed with Apache 401 "unauthorized" log 
entries
when accessing a Subversion repository.  I realize these are part of the
standard authentication "handshake" via the http protocol.
(Always ask anonymously first...)

I also realize that mod_dav_svn can now provide a custom log file, but I 
like
my apache logs.  On a busy server, these can get to be tens of gigabytes 
per
day.  I'm not aware of a way to limit log entries based upon return status
codes...

As a test, I think I have been able to abuse the rewrite_module to get rid
of these apache 401 log entries and I was wondering if any 
Apache/Subversion
gurus could poke holes in why this either doesn't work or shouldn't be 
used:


<IfModule rewrite_module>
  # Do not log authentication required responses
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} OPTIONS
  RewriteCond %{LA-U:REMOTE_USER} =""
  RewriteCond %{REQUEST_URI} !-U
  RewriteRule .* - [Last, ENV=dontlog:1]
</IfModule>

<IfModule log_config_module>
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  CustomLog "logs/access.log" common env=!dontlog
</IfModule>


I'm aware the sub-request for the last RewriteCond line is expensive.  I'm
hopeful the other RewriteCond lines would short circuit most of the server
accesses.  Does Subversion create any connections with something
other than an initial OPTIONS request?  I only trivially tested neon. I 
added
that condition as a hopeful performance improvement.

And yes, as I stated above, I realize Subversion can create it's own
custom log, but using that removes the fun in this experiment...

Kevin R.

Re: Limiting Subversion noise in apache logs

Posted by km...@rockwellcollins.com.

> I have not tried it, but couldn't you do this easier by using the 
> Apache piped logs feature?  Just send the log entries via a pipe to 
> a script that filters out any entries you do not want in the log.  I
> am not positive, but your script might even be able to write the 
> entries you filter into a different file.
> 
> Example:  http://www.sudleyplace.com/pipederrorlogs.html

This is an option, but I'm already piping logs to cronolog for log 
rotation.
I was also trying to come up with a multi-platform approach, since I
wanted to support both Windows and Unix.  I've found the Windows
piped logs to get a little temperamental if you try and get too fancy...

Kevin R.


> On Tue, Sep 11, 2012 at 5:45 PM, <km...@rockwellcollins.com> wrote:
> I've always been slightly annoyed with Apache 401 "unauthorized" log 
entries 
> when accessing a Subversion repository.  I realize these are part of the 

> standard authentication "handshake" via the http protocol. 
> (Always ask anonymously first...) 
> 
> I also realize that mod_dav_svn can now provide a custom log file, but I 
like
> my apache logs.  On a busy server, these can get to be tens of gigabytes 
per 
> day.  I'm not aware of a way to limit log entries based upon return 
status 
> codes... 
> 
> As a test, I think I have been able to abuse the rewrite_module to get 
rid 
> of these apache 401 log entries and I was wondering if any 
Apache/Subversion 
> gurus could poke holes in why this either doesn't work or shouldn't be 
used: 
> 
> 
> <IfModule rewrite_module> 
>   # Do not log authentication required responses 
>   RewriteEngine On 
>   RewriteCond %{REQUEST_METHOD} OPTIONS 
>   RewriteCond %{LA-U:REMOTE_USER} ="" 
>   RewriteCond %{REQUEST_URI} !-U 
>   RewriteRule .* - [Last, ENV=dontlog:1] 
> </IfModule> 
> 
> <IfModule log_config_module> 
>   LogFormat "%h %l %u %t \"%r\" %>s %b" common 
>   CustomLog "logs/access.log" common env=!dontlog 
> </IfModule> 
> 
> 
> I'm aware the sub-request for the last RewriteCond line is expensive. 
 I'm 
> hopeful the other RewriteCond lines would short circuit most of the 
server 
> accesses.  Does Subversion create any connections with something 
> other than an initial OPTIONS request?  I only trivially tested neon. I 
added
> that condition as a hopeful performance improvement. 
> 
> And yes, as I stated above, I realize Subversion can create it's own 
> custom log, but using that removes the fun in this experiment... 
> 
> Kevin R.
> 

> 
> -- 
> Thanks
> 
> Mark Phippard
> http://markphip.blogspot.com/

Re: Limiting Subversion noise in apache logs

Posted by Mark Phippard <ma...@gmail.com>.

I have not tried it, but couldn't you do this easier by using the Apache
piped logs feature?  Just send the log entries via a pipe to a script that
filters out any entries you do not want in the log.  I am not positive, but
your script might even be able to write the entries you filter into a
different file.

Example:  http://www.sudleyplace.com/pipederrorlogs.html



On Tue, Sep 11, 2012 at 5:45 PM, <km...@rockwellcollins.com> wrote:

> I've always been slightly annoyed with Apache 401 "unauthorized" log
> entries
> when accessing a Subversion repository.  I realize these are part of the
> standard authentication "handshake" via the http protocol.
> (Always ask anonymously first...)
>
> I also realize that mod_dav_svn can now provide a custom log file, but I
> like
> my apache logs.  On a busy server, these can get to be tens of gigabytes
> per
> day.  I'm not aware of a way to limit log entries based upon return status
> codes...
>
> As a test, I think I have been able to abuse the rewrite_module to get rid
> of these apache 401 log entries and I was wondering if any
> Apache/Subversion
> gurus could poke holes in why this either doesn't work or shouldn't be
> used:
>
>
> <IfModule rewrite_module>
>   # Do not log authentication required responses
>   RewriteEngine On
>   RewriteCond %{REQUEST_METHOD} OPTIONS
>   RewriteCond %{LA-U:REMOTE_USER} =""
>   RewriteCond %{REQUEST_URI} !-U
>   RewriteRule .* - [Last, ENV=dontlog:1]
> </IfModule>
>
> <IfModule log_config_module>
>   LogFormat "%h %l %u %t \"%r\" %>s %b" common
>   CustomLog "logs/access.log" common env=!dontlog
> </IfModule>
>
>
> I'm aware the sub-request for the last RewriteCond line is expensive.  I'm
> hopeful the other RewriteCond lines would short circuit most of the server
> accesses.  Does Subversion create any connections with something
> other than an initial OPTIONS request?  I only trivially tested neon. I
> added
> that condition as a hopeful performance improvement.
>
> And yes, as I stated above, I realize Subversion can create it's own
> custom log, but using that removes the fun in this experiment...
>
> Kevin R.
>



-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/