You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2013/08/05 03:32:06 UTC
[RFC] http_log functions to log buffers
Any thoughts on the API below?
For mod_ssl as an example, at least a couple of additions would be needed
to replace ssl_io_data_dump():
1. a processing flag that converted the printable form to EBCDIC in an
EBCDIC environment
2. the ap_log_csdata() variation
This doesn't currently implement the optimization to check the configured
log level before calling the function.
/**
* Processing flags for ap_log_data() et al
*
* AP_LOG_DATA_DEFAULT - default formatting
* AP_LOG_DATA_SHOW_OFFSET - prefix each line with hex offset from the start
* of the buffer
*/
#define AP_LOG_DATA_DEFAULT 0
#define AP_LOG_DATA_SHOW_OFFSET 1
/**
* ap_log_data() - log buffers which are not related to a particular request
* or connection.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param module_index The module_index of the module logging this buffer
* @param level The log level
* @param s The server on which we are logging
* @param label A label for the buffer, to be logged preceding the buffer
* @param data The buffer to be logged
* @param len The length of the buffer
* @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
* @note Use APLOG_MARK to fill out file, line, and module_index
* @note If a request_rec is available, use that with ap_log_rerror()
* in preference to calling this function. Otherwise, if a conn_rec is
* available, use that with ap_log_cerror() in preference to calling
* this function.
*/
AP_DECLARE(void) ap_log_data(const char *file, int line, int module_index,
int level, const server_rec *s, const char
*label,
const char *data, apr_size_t len, unsigned int
flags);
/**
* ap_log_rdata() - log buffers which are related to a particular request.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param module_index The module_index of the module logging this buffer
* @param level The log level
* @param r The request which we are logging for
* @param label A label for the buffer, to be logged preceding the buffer
* @param data The buffer to be logged
* @param len The length of the buffer
* @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
* @note Use APLOG_MARK to fill out file, line, and module_index
* @note If a request_rec is available, use that with ap_log_rerror()
* in preference to calling this function. Otherwise, if a conn_rec is
* available, use that with ap_log_cerror() in preference to calling
* this function.
*/
AP_DECLARE(void) ap_log_rdata(const char *file, int line, int module_index,
int level, const request_rec *r, const char
*label,
const char *data, apr_size_t len, unsigned
int flags);
/**
* ap_log_cdata() - log buffers which are related to a particular
connection.
* @param file The file in which this function is called
* @param line The line number on which this function is called
* @param module_index The module_index of the module logging this buffer
* @param level The log level
* @param c The connection which we are logging for
* @param label A label for the buffer, to be logged preceding the buffer
* @param data The buffer to be logged
* @param len The length of the buffer
* @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
* @note Use APLOG_MARK to fill out file, line, and module_index
* @note If a request_rec is available, use that with ap_log_rerror()
* in preference to calling this function. Otherwise, if a conn_rec is
* available, use that with ap_log_cerror() in preference to calling
* this function.
*/
AP_DECLARE(void) ap_log_cdata(const char *file, int line, int module_index,
int level, const conn_rec *c, const char
*label,
const char *data, apr_size_t len, unsigned
int flags);
Sample output with AP_LOG_DATA_SHOW_OFFSET and non-default ErrorLogFormat:
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (8 bytes)
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ........
0104000103a80000
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (936 bytes)
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ..UNIQUE_IDUf76O
0918554e495155455f4944556637364f
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000010: 38AAQEAAEG9BA4AA
33384141514541414547394241344141
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000020: AAB..HTTP_HOST12
414142090f485454505f484f53543132
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000030: 7.0.0.1:10101..H
372e302e302e313a31303130310f0548
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000040: TTP_CONNECTIONcl
5454505f434f4e4e454354494f4e636c
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000050: ose.....PATH/hom
6f736504800000cf504154482f686f6d
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000060: e/trawick/bin:/h
652f7472617769636b2f62696e3a2f68
[authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000070: ome/trawick/myhg
6f6d652f7472617769636b2f6d796867
Right now the implementation has a lot of duplication because it sits in a
module (no access to private log.c functions). Each variation looks like
this, but presumably log_error_core() would help reduce the code.
AP_DECLARE(void) ap_log_rdata(const char *file, int line, int module_index,
int level, const request_rec *r, const char
*label,
const char *data, apr_size_t len, unsigned
int flags)
{
unsigned char buf[LOG_BYTES_BUFFER_SIZE];
apr_size_t off;
char prefix[20];
if (!APLOG_R_MODULE_IS_LEVEL(r, module_index, level)) {
return;
}
if (!(flags & AP_LOG_DATA_SHOW_OFFSET)) {
prefix[0] = '\0';
}
if (label) {
ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
"%s (%" APR_SIZE_T_FMT " bytes)",
label, len);
}
off = 0;
while (off < len) {
if (flags & AP_LOG_DATA_SHOW_OFFSET) {
apr_snprintf(prefix, sizeof prefix, "%08x: ", (unsigned
int)off);
}
fmt_data(buf, data, len, &off);
ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
"%s%s", prefix, buf);
}
}
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Re: [RFC] http_log functions to log buffers
Posted by Jeff Trawick <tr...@gmail.com>.
On Tue, Aug 6, 2013 at 1:39 AM, Michael Felt <ma...@gmail.com> wrote:
> I have not studied logging in httpd. The only logs I have ever looked at
> are the error_logs and access_logs. These look like something different.
>
> For systems security I like to use syslog as a place to collect data. If
> apr already supports, please excuse my ignorance and ignore this. If not,
> please take my feedback to be: would be very nice to be able to (also)
> direct this to syslog mechanism.
For syslog support you can route all of the error log to syslog with
something like
ErrorLog syslog:user
>
> Michael
>
>
> On Mon, Aug 5, 2013 at 9:32 AM, Jeff Trawick <tr...@gmail.com> wrote:
>
>> Any thoughts on the API below?
>>
>> For mod_ssl as an example, at least a couple of additions would be needed
>> to replace ssl_io_data_dump():
>>
>> 1. a processing flag that converted the printable form to EBCDIC in an
>> EBCDIC environment
>> 2. the ap_log_csdata() variation
>>
>> This doesn't currently implement the optimization to check the configured
>> log level before calling the function.
>>
>> /**
>> * Processing flags for ap_log_data() et al
>> *
>> * AP_LOG_DATA_DEFAULT - default formatting
>> * AP_LOG_DATA_SHOW_OFFSET - prefix each line with hex offset from the
>> start
>> * of the buffer
>> */
>> #define AP_LOG_DATA_DEFAULT 0
>> #define AP_LOG_DATA_SHOW_OFFSET 1
>>
>> /**
>> * ap_log_data() - log buffers which are not related to a particular
>> request
>> * or connection.
>> * @param file The file in which this function is called
>> * @param line The line number on which this function is called
>> * @param module_index The module_index of the module logging this buffer
>> * @param level The log level
>> * @param s The server on which we are logging
>> * @param label A label for the buffer, to be logged preceding the buffer
>> * @param data The buffer to be logged
>> * @param len The length of the buffer
>> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>> * @note Use APLOG_MARK to fill out file, line, and module_index
>> * @note If a request_rec is available, use that with ap_log_rerror()
>> * in preference to calling this function. Otherwise, if a conn_rec is
>> * available, use that with ap_log_cerror() in preference to calling
>> * this function.
>> */
>> AP_DECLARE(void) ap_log_data(const char *file, int line, int module_index,
>> int level, const server_rec *s, const char
>> *label,
>> const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> /**
>> * ap_log_rdata() - log buffers which are related to a particular request.
>> * @param file The file in which this function is called
>> * @param line The line number on which this function is called
>> * @param module_index The module_index of the module logging this buffer
>> * @param level The log level
>> * @param r The request which we are logging for
>> * @param label A label for the buffer, to be logged preceding the buffer
>> * @param data The buffer to be logged
>> * @param len The length of the buffer
>> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>> * @note Use APLOG_MARK to fill out file, line, and module_index
>> * @note If a request_rec is available, use that with ap_log_rerror()
>> * in preference to calling this function. Otherwise, if a conn_rec is
>> * available, use that with ap_log_cerror() in preference to calling
>> * this function.
>> */
>> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int
>> module_index,
>> int level, const request_rec *r, const char
>> *label,
>> const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> /**
>> * ap_log_cdata() - log buffers which are related to a particular
>> connection.
>> * @param file The file in which this function is called
>> * @param line The line number on which this function is called
>> * @param module_index The module_index of the module logging this buffer
>> * @param level The log level
>> * @param c The connection which we are logging for
>> * @param label A label for the buffer, to be logged preceding the buffer
>> * @param data The buffer to be logged
>> * @param len The length of the buffer
>> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
>> * @note Use APLOG_MARK to fill out file, line, and module_index
>> * @note If a request_rec is available, use that with ap_log_rerror()
>> * in preference to calling this function. Otherwise, if a conn_rec is
>> * available, use that with ap_log_cerror() in preference to calling
>> * this function.
>> */
>> AP_DECLARE(void) ap_log_cdata(const char *file, int line, int
>> module_index,
>> int level, const conn_rec *c, const char
>> *label,
>> const char *data, apr_size_t len, unsigned
>> int flags);
>>
>> Sample output with AP_LOG_DATA_SHOW_OFFSET and non-default ErrorLogFormat:
>>
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (8 bytes)
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ........
>> 0104000103a80000
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (936 bytes)
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ..UNIQUE_IDUf76O
>> 0918554e495155455f4944556637364f
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000010: 38AAQEAAEG9BA4AA
>> 33384141514541414547394241344141
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000020: AAB..HTTP_HOST12
>> 414142090f485454505f484f53543132
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000030: 7.0.0.1:10101..H
>> 372e302e302e313a31303130310f0548
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000040: TTP_CONNECTIONcl
>> 5454505f434f4e4e454354494f4e636c
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000050: ose.....PATH/hom
>> 6f736504800000cf504154482f686f6d
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000060: e/trawick/bin:/h
>> 652f7472617769636b2f62696e3a2f68
>> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000070: ome/trawick/myhg
>> 6f6d652f7472617769636b2f6d796867
>>
>> Right now the implementation has a lot of duplication because it sits in
>> a module (no access to private log.c functions). Each variation looks like
>> this, but presumably log_error_core() would help reduce the code.
>>
>> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int
>> module_index,
>> int level, const request_rec *r, const char
>> *label,
>> const char *data, apr_size_t len, unsigned
>> int flags)
>> {
>> unsigned char buf[LOG_BYTES_BUFFER_SIZE];
>> apr_size_t off;
>> char prefix[20];
>>
>> if (!APLOG_R_MODULE_IS_LEVEL(r, module_index, level)) {
>> return;
>> }
>>
>> if (!(flags & AP_LOG_DATA_SHOW_OFFSET)) {
>> prefix[0] = '\0';
>> }
>>
>> if (label) {
>> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
>> "%s (%" APR_SIZE_T_FMT " bytes)",
>> label, len);
>> }
>>
>> off = 0;
>> while (off < len) {
>> if (flags & AP_LOG_DATA_SHOW_OFFSET) {
>> apr_snprintf(prefix, sizeof prefix, "%08x: ", (unsigned
>> int)off);
>> }
>> fmt_data(buf, data, len, &off);
>> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
>> "%s%s", prefix, buf);
>> }
>> }
>>
>> --
>> Born in Roswell... married an alien...
>> http://emptyhammock.com/
>>
>
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Re: [RFC] http_log functions to log buffers
Posted by Michael Felt <ma...@gmail.com>.
I have not studied logging in httpd. The only logs I have ever looked at
are the error_logs and access_logs. These look like something different.
For systems security I like to use syslog as a place to collect data. If
apr already supports, please excuse my ignorance and ignore this. If not,
please take my feedback to be: would be very nice to be able to (also)
direct this to syslog mechanism.
Michael
On Mon, Aug 5, 2013 at 9:32 AM, Jeff Trawick <tr...@gmail.com> wrote:
> Any thoughts on the API below?
>
> For mod_ssl as an example, at least a couple of additions would be needed
> to replace ssl_io_data_dump():
>
> 1. a processing flag that converted the printable form to EBCDIC in an
> EBCDIC environment
> 2. the ap_log_csdata() variation
>
> This doesn't currently implement the optimization to check the configured
> log level before calling the function.
>
> /**
> * Processing flags for ap_log_data() et al
> *
> * AP_LOG_DATA_DEFAULT - default formatting
> * AP_LOG_DATA_SHOW_OFFSET - prefix each line with hex offset from the
> start
> * of the buffer
> */
> #define AP_LOG_DATA_DEFAULT 0
> #define AP_LOG_DATA_SHOW_OFFSET 1
>
> /**
> * ap_log_data() - log buffers which are not related to a particular
> request
> * or connection.
> * @param file The file in which this function is called
> * @param line The line number on which this function is called
> * @param module_index The module_index of the module logging this buffer
> * @param level The log level
> * @param s The server on which we are logging
> * @param label A label for the buffer, to be logged preceding the buffer
> * @param data The buffer to be logged
> * @param len The length of the buffer
> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
> * @note Use APLOG_MARK to fill out file, line, and module_index
> * @note If a request_rec is available, use that with ap_log_rerror()
> * in preference to calling this function. Otherwise, if a conn_rec is
> * available, use that with ap_log_cerror() in preference to calling
> * this function.
> */
> AP_DECLARE(void) ap_log_data(const char *file, int line, int module_index,
> int level, const server_rec *s, const char
> *label,
> const char *data, apr_size_t len, unsigned
> int flags);
>
> /**
> * ap_log_rdata() - log buffers which are related to a particular request.
> * @param file The file in which this function is called
> * @param line The line number on which this function is called
> * @param module_index The module_index of the module logging this buffer
> * @param level The log level
> * @param r The request which we are logging for
> * @param label A label for the buffer, to be logged preceding the buffer
> * @param data The buffer to be logged
> * @param len The length of the buffer
> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
> * @note Use APLOG_MARK to fill out file, line, and module_index
> * @note If a request_rec is available, use that with ap_log_rerror()
> * in preference to calling this function. Otherwise, if a conn_rec is
> * available, use that with ap_log_cerror() in preference to calling
> * this function.
> */
> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int module_index,
> int level, const request_rec *r, const char
> *label,
> const char *data, apr_size_t len, unsigned
> int flags);
>
> /**
> * ap_log_cdata() - log buffers which are related to a particular
> connection.
> * @param file The file in which this function is called
> * @param line The line number on which this function is called
> * @param module_index The module_index of the module logging this buffer
> * @param level The log level
> * @param c The connection which we are logging for
> * @param label A label for the buffer, to be logged preceding the buffer
> * @param data The buffer to be logged
> * @param len The length of the buffer
> * @param flags Special processing flags like AP_LOG_DATA_SHOW_OFFSET
> * @note Use APLOG_MARK to fill out file, line, and module_index
> * @note If a request_rec is available, use that with ap_log_rerror()
> * in preference to calling this function. Otherwise, if a conn_rec is
> * available, use that with ap_log_cerror() in preference to calling
> * this function.
> */
> AP_DECLARE(void) ap_log_cdata(const char *file, int line, int module_index,
> int level, const conn_rec *c, const char
> *label,
> const char *data, apr_size_t len, unsigned
> int flags);
>
> Sample output with AP_LOG_DATA_SHOW_OFFSET and non-default ErrorLogFormat:
>
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (8 bytes)
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ........
> 0104000103a80000
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): FastCGI data sent (936 bytes)
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000000: ..UNIQUE_IDUf76O
> 0918554e495155455f4944556637364f
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000010: 38AAQEAAEG9BA4AA
> 33384141514541414547394241344141
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000020: AAB..HTTP_HOST12
> 414142090f485454505f484f53543132
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000030: 7.0.0.1:10101..H
> 372e302e302e313a31303130310f0548
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000040: TTP_CONNECTIONcl
> 5454505f434f4e4e454354494f4e636c
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000050: ose.....PATH/hom
> 6f736504800000cf504154482f686f6d
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000060: e/trawick/bin:/h
> 652f7472617769636b2f62696e3a2f68
> [authnz_fcgi:trace1] mod_authnz_fcgi.c(127): 00000070: ome/trawick/myhg
> 6f6d652f7472617769636b2f6d796867
>
> Right now the implementation has a lot of duplication because it sits in a
> module (no access to private log.c functions). Each variation looks like
> this, but presumably log_error_core() would help reduce the code.
>
> AP_DECLARE(void) ap_log_rdata(const char *file, int line, int module_index,
> int level, const request_rec *r, const char
> *label,
> const char *data, apr_size_t len, unsigned
> int flags)
> {
> unsigned char buf[LOG_BYTES_BUFFER_SIZE];
> apr_size_t off;
> char prefix[20];
>
> if (!APLOG_R_MODULE_IS_LEVEL(r, module_index, level)) {
> return;
> }
>
> if (!(flags & AP_LOG_DATA_SHOW_OFFSET)) {
> prefix[0] = '\0';
> }
>
> if (label) {
> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
> "%s (%" APR_SIZE_T_FMT " bytes)",
> label, len);
> }
>
> off = 0;
> while (off < len) {
> if (flags & AP_LOG_DATA_SHOW_OFFSET) {
> apr_snprintf(prefix, sizeof prefix, "%08x: ", (unsigned
> int)off);
> }
> fmt_data(buf, data, len, &off);
> ap_log_rerror_(file, line, module_index, level, APR_SUCCESS, r,
> "%s%s", prefix, buf);
> }
> }
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>