You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Josu Lazkano <jo...@barcelonamedia.org> on 2011/06/29 11:09:05 UTC
[users@httpd] Filter IP on logs
Hello list, this is my first mail on the list.
I am configuring Apache server with some vhost, I configured the logs on each vhost this way:
ErrorLog /var/www/domain1/log/error.log
LogLevel warn
CustomLog /var/www/domain1/log/access.log combined
I am monitoring all vhost with Monit and Mom and I have lots of lines on the access.log:
$ cat /var/www/domain1/log/access.log | grep "Mon_IP"
Mon_IP - - [29/Jun/2011:10:54:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Mon_IP - - [29/Jun/2011:10:56:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Mon_IP - - [29/Jun/2011:10:58:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Mon_IP - - [29/Jun/2011:11:00:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Mon_IP - - [29/Jun/2011:11:02:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Mon_IP - - [29/Jun/2011:11:04:08 +0200] "GET / HTTP/1.1" 200 8772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
...
$ cat /var/www/domain1/log/access.log | grep "Monit_IP"
Monit_IP - - [29/Jun/2011:11:01:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200 269 "-" "monit/5.2.1"
...
How can I delete both IPs from my logs?
Is it possible to do this?
Thanks for all your help and best regards.
RE: [users@httpd] Filter IP on logs
Posted by Josu Lazkano <jo...@barcelonamedia.org>.
-----Mensaje original-----
De: Tom Evans [mailto:tevans.uk@googlemail.com]
Enviado el: miércoles, 29 de junio de 2011 11:29
Para: users@httpd.apache.org
Asunto: Re: [users@httpd] Filter IP on logs
On Wed, Jun 29, 2011 at 10:09 AM, Josu Lazkano
<jo...@barcelonamedia.org> wrote:
> Hello list, this is my first mail on the list.
>
>
>
> I am configuring Apache server with some vhost, I configured the logs on
> each vhost this way:
>
>
>
> ErrorLog /var/www/domain1/log/error.log
>
> LogLevel warn
>
> CustomLog /var/www/domain1/log/access.log combined
>
>
>
> I am monitoring all vhost with Monit and Mom and I have lots of lines on the
> access.log:
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Mon_IP"
>
> Mon_IP - - [29/Jun/2011:10:54:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:56:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:58:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:00:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:02:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:04:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> …
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Monit_IP"
>
> Monit_IP - - [29/Jun/2011:11:01:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> …
>
>
>
> How can I delete both IPs from my logs?
>
>
>
> Is it possible to do this?
>
>
>
> Thanks for all your help and best regards.
CustomLog takes an optional third argument, which controls whether a
request is logged or not from an environment variable. mod_rewrite can
set an environment variable on a per request basis. See the example in
the docs of CustomLog:
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#customlog
Cheers
Tom
Thanks for your help Tom, I configure this way:
ErrorLog /var/www/domain1/log/error.log
LogLevel warn
SetEnvIf Remote_Addr "x\.x\.x\.x" dontlog
SetEnvIf Remote_Addr "y\.y\.y\.y" dontlog
CustomLog /var/www/domain1/log/access.log common env=!dontlog
Now I have a "clean" log, thank you very much.
Best regards.
Re: [users@httpd] Filter IP on logs
Posted by Tom Evans <te...@googlemail.com>.
On Wed, Jun 29, 2011 at 10:09 AM, Josu Lazkano
<jo...@barcelonamedia.org> wrote:
> Hello list, this is my first mail on the list.
>
>
>
> I am configuring Apache server with some vhost, I configured the logs on
> each vhost this way:
>
>
>
> ErrorLog /var/www/domain1/log/error.log
>
> LogLevel warn
>
> CustomLog /var/www/domain1/log/access.log combined
>
>
>
> I am monitoring all vhost with Monit and Mom and I have lots of lines on the
> access.log:
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Mon_IP"
>
> Mon_IP - - [29/Jun/2011:10:54:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:56:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:10:58:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:00:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:02:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> Mon_IP - - [29/Jun/2011:11:04:08 +0200] "GET / HTTP/1.1" 200 8772 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> …
>
>
>
> $ cat /var/www/domain1/log/access.log | grep "Monit_IP"
>
> Monit_IP - - [29/Jun/2011:11:01:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:02:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:03:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> Monit_IP - - [29/Jun/2011:11:04:07 +0200] "GET /monit/token HTTP/1.1" 200
> 269 "-" "monit/5.2.1"
>
> …
>
>
>
> How can I delete both IPs from my logs?
>
>
>
> Is it possible to do this?
>
>
>
> Thanks for all your help and best regards.
CustomLog takes an optional third argument, which controls whether a
request is logged or not from an environment variable. mod_rewrite can
set an environment variable on a per request basis. See the example in
the docs of CustomLog:
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#customlog
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org