You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by be...@apache.org on 2004/01/01 16:39:31 UTC
cvs commit: httpd-2.0/support check_forensic
ben 2004/01/01 07:39:31
Modified: . CHANGES
modules/loggers config.m4
Added: modules/loggers mod_log_forensic.c
support check_forensic
Log:
Add forensic logging.
Revision Changes Path
1.1351 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1350
retrieving revision 1.1351
diff -u -r1.1350 -r1.1351
--- CHANGES 27 Dec 2003 13:47:37 -0000 1.1350
+++ CHANGES 1 Jan 2004 15:39:30 -0000 1.1351
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
*) Fix segfault in mod_mem_cache cache_insert() due to cache size
becoming negative. PR: 21285, 21287
[Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
1.7 +1 -0 httpd-2.0/modules/loggers/config.m4
Index: config.m4
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/loggers/config.m4,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- config.m4 6 Mar 2003 21:57:45 -0000 1.6
+++ config.m4 1 Jan 2004 15:39:30 -0000 1.7
@@ -5,6 +5,7 @@
APACHE_MODPATH_INIT(loggers)
APACHE_MODULE(log_config, logging configuration, , , yes)
+APACHE_MODULE(log_forensic, forensic logging)
APACHE_MODULE(logio, input and output logging, , , most)
1.1 httpd-2.0/modules/loggers/mod_log_forensic.c
Index: mod_log_forensic.c
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003, 2004 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/*
* See also support/check_forensic.
* Relate the forensic log to the transfer log by including
* %{forensic-id}n in the custom log format, for example:
* CustomLog logs/custom "%h %l %u %t \"%r\" %>s %b %{forensic-id}n"
*
* Credit is due to Tina Bird <tb...@precision-guesswork.com>, whose
* idea this module was.
*
* Ben Laurie 29/12/2003
*/
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include <assert.h>
#include "apr_strings.h"
#include "apr_atomic.h"
#include <unistd.h>
#include "http_protocol.h"
module AP_MODULE_DECLARE_DATA log_forensic_module;
typedef struct fcfg {
const char *logname;
apr_file_t *fd;
} fcfg;
static int next_id;
static void *make_forensic_log_scfg(apr_pool_t *p, server_rec *s)
{
fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
cfg->logname = NULL;
cfg->fd = NULL;
return cfg;
}
static void *merge_forensic_log_scfg(apr_pool_t *p, void *parent, void *new)
{
fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
fcfg *pc = parent;
fcfg *nc = new;
cfg->logname = apr_pstrdup(p, nc->logname ? nc->logname : pc->logname);
cfg->fd = NULL;
return cfg;
}
static void open_log(server_rec *s, apr_pool_t *p)
{
fcfg *cfg = ap_get_module_config(s->module_config, &log_forensic_module);
if (!cfg->logname || cfg->fd)
return;
if (*cfg->logname == '|') {
piped_log *pl;
pl = ap_open_piped_log(p, cfg->logname+1);
if (pl == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"couldn't spawn forensic log pipe %s", cfg->logname);
exit(1);
}
cfg->fd = ap_piped_log_write_fd(pl);
}
else {
char *fname = ap_server_root_relative(p, cfg->logname);
apr_status_t rv;
if ((rv = apr_file_open(&cfg->fd, fname,
APR_WRITE | APR_APPEND | APR_CREATE,
APR_OS_DEFAULT, p) != APR_SUCCESS)
< 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"could not open forensic log file %s.", fname);
exit(1);
}
}
}
static int log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt,
server_rec *s)
{
for ( ; s ; s = s->next)
open_log(s, p);
return OK;
}
/* e is the first _invalid_ location in q
N.B. returns the terminating NUL.
*/
static char *log_escape(char *q, const char *e, const char *p)
{
for ( ; *p ; ++p) {
assert(q < e);
if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%') {
assert(q+2 < e);
*q++ = '%';
sprintf(q, "%02x", *(unsigned char *)p);
q += 2;
}
else
*q++ = *p;
}
assert(q < e);
*q = '\0';
return q;
}
typedef struct hlog {
char *log;
char *pos;
char *end;
apr_pool_t *p;
int count;
} hlog;
static int count_string(const char *p)
{
int n;
for (n = 0 ; *p ; ++p, ++n)
if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
n += 2;
return n;
}
static int count_headers(void *h_, const char *key, const char *value)
{
hlog *h = h_;
h->count += count_string(key)+count_string(value)+2;
return 1;
}
static int log_headers(void *h_, const char *key, const char *value)
{
hlog *h = h_;
/* note that we don't have to check h->pos here, coz its been done
for us by log_escape */
*h->pos++ = '|';
h->pos = log_escape(h->pos, h->end, key);
*h->pos++ = ':';
h->pos = log_escape(h->pos, h->end, value);
return 1;
}
static int log_before(request_rec *r)
{
fcfg *cfg = ap_get_module_config(r->server->module_config,
&log_forensic_module);
const char *id;
hlog h;
int n;
apr_status_t rv;
if (!(id = apr_table_get(r->subprocess_env, "UNIQUE_ID"))) {
/* we make the assumption that we can't go through all the PIDs in
under 1 second */
id = apr_psprintf(r->pool, "%x:%lx:%x", getpid(), time(NULL),
apr_atomic_inc32(&next_id));
}
ap_set_module_config(r->request_config, &log_forensic_module, (char *)id);
h.p = r->pool;
h.count = 0;
apr_table_do(count_headers, &h, r->headers_in, NULL);
h.count += 1+strlen(id)+1+count_string(r->the_request)+1+1;
h.log = apr_palloc(r->pool, h.count);
h.pos = h.log;
h.end = h.log+h.count;
*h.pos++ = '+';
strcpy(h.pos, id);
h.pos += strlen(h.pos);
*h.pos++ = '|';
h.pos = log_escape(h.pos, h.end, r->the_request);
apr_table_do(log_headers, &h, r->headers_in, NULL);
assert(h.pos < h.end);
*h.pos++ = '\n';
n = h.count-1;
rv = apr_file_write(cfg->fd, h.log, &n);
assert(rv == APR_SUCCESS && n == h.count-1);
apr_table_setn(r->notes, "forensic-id", id);
return OK;
}
static int log_after(request_rec *r)
{
fcfg *cfg = ap_get_module_config(r->server->module_config,
&log_forensic_module);
const char *id = ap_get_module_config(r->request_config,
&log_forensic_module);
char *s;
int l,n;
apr_status_t rv;
s = apr_pstrcat(r->pool, "-", id, "\n", NULL);
l = n = strlen(s);
rv = apr_file_write(cfg->fd, s, &n);
assert(rv == APR_SUCCESS && n == l);
return OK;
}
static const char *set_forensic_log(cmd_parms *cmd, void *dummy, const char *fn)
{
fcfg *cfg = ap_get_module_config(cmd->server->module_config,
&log_forensic_module);
cfg->logname = fn;
return NULL;
}
static const command_rec forensic_log_cmds[] =
{
AP_INIT_TAKE1("ForensicLog", set_forensic_log, NULL, RSRC_CONF,
"the filename of the forensic log (default is logs/forensic_log" ),
{ NULL }
};
static void register_hooks(apr_pool_t *p)
{
static const char * const pre[] = { "mod_unique_id.c", NULL };
ap_hook_open_logs(log_init,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_post_read_request(log_before,pre,NULL,APR_HOOK_REALLY_FIRST);
ap_hook_log_transaction(log_after,NULL,NULL,APR_HOOK_REALLY_LAST);
}
module AP_MODULE_DECLARE_DATA log_forensic_module =
{
STANDARD20_MODULE_STUFF,
NULL, /* create per-dir config */
NULL, /* merge per-dir config */
make_forensic_log_scfg, /* server config */
merge_forensic_log_scfg, /* merge server config */
forensic_log_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};
1.1 httpd-2.0/support/check_forensic
Index: check_forensic
===================================================================
#!/bin/sh
# check_forensic <forensic log file>
# check the forensic log for requests that did not complete
# output the request log for each one
F=$1
cut -f 1 -d '|' $F > /tmp/fc-all.$$
grep + < /tmp/fc-all.$$ | cut -c2- | sort > /tmp/fc-in.$$
grep -- - < /tmp/fc-all.$$ | cut -c2- | sort > /tmp/fc-out.$$
join -v 1 /tmp/fc-in.$$ /tmp/fc-out.$$ | xargs -I xx egrep "^\\+xx" $F
rm /tmp/fc-all.$$ /tmp/fc-in.$$ /tmp/fc-out.$$
Re: cvs commit: httpd-2.0/support check_forensic
Posted by Ben Laurie <be...@algroup.co.uk>.
André Malo wrote:
> * ben@apache.org wrote:
>
>
>> /* e is the first _invalid_ location in q
>> N.B. returns the terminating NUL.
>> */
>> static char *log_escape(char *q, const char *e, const char *p)
>> {
>> for ( ; *p ; ++p) {
>> assert(q < e);
>> if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
>> {
>> assert(q+2 < e);
>> *q++ = '%';
>> sprintf(q, "%02x", *(unsigned char *)p);
>> q += 2;
>> }
>> else
>> *q++ = *p;
>> }
>> assert(q < e);
>> *q = '\0';
>>
>> return q;
>> }
>
>
> This function is not EBCDIC safe. I'd suggest to use one of the escaping
> functions in server/util.c.
None of them do what I need. In particular, | and : must be escaped, and
no other weird munging should occur (though I could live with things
being escaped that don't need to be, reluctantly). AFAICS this rules out
all the functions in util.c. I guess I could add a new one, though.
> Additionally please use ap_assert, which logs before dumping. (applies to
> other occurences as well).
Sure thing.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Re: cvs commit: httpd-2.0/support check_forensic
Posted by André Malo <nd...@perlig.de>.
* ben@apache.org wrote:
> /* e is the first _invalid_ location in q
> N.B. returns the terminating NUL.
> */
> static char *log_escape(char *q, const char *e, const char *p)
> {
> for ( ; *p ; ++p) {
> assert(q < e);
> if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
> {
> assert(q+2 < e);
> *q++ = '%';
> sprintf(q, "%02x", *(unsigned char *)p);
> q += 2;
> }
> else
> *q++ = *p;
> }
> assert(q < e);
> *q = '\0';
>
> return q;
> }
This function is not EBCDIC safe. I'd suggest to use one of the escaping
functions in server/util.c.
Additionally please use ap_assert, which logs before dumping. (applies to
other occurences as well).
nd