Apache – Log Request Port Number in Apache 2.4

apache-2.4log-filesloggingport

I've got two virtual hosts to serve the same site configured in Apache/2.4.18 (Ubuntu), one for http port 80, and the other for https port 443.

Currently I have them generating two separate log files: access.http.log and access.ssl.log but it's quite annoying to have to flip back and forth between the two during audits. I originally had both hosts log to the same file access.log but I couldn't distinguish between the two when troubleshooting traffic requests.

I would like to log them to just one file again, but I can't find in the documentation how to log the port number of the request so I can tell the virtual hosts apart inline. Is this possible?

One sloppy way I noticed is that the protocol is logged in the http referrer (https://localhost/referringpage.php) but this isn't adequate enough since redirects and links could come from anywhere – I just want to log the port of the current request.

Best Answer

You will need to define a custom log pattern (http://httpd.apache.org/docs/current/mod/mod_log_config.html) which can include the value of an environment variable using the %{VARNAME}e notation. Using the variables that mod_ssl makes available (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html) you could include at a minimum something like %{HTTPS}e which will show which requests were over SSL/TLS or not.

Personally I tend add a few of those variables so I can audit which ciphers, protocol version, etc. are used by clients to influence tuning decisions.

Once you have that, putting it into an ELK stack as suggested in the comments allows you to create some informative dashboards.

Related Solutions

“Catch-All” access log with Apache Virtual Hosts

See http://httpd.apache.org/docs/2.2/logs.html#virtualhost

If CustomLog or ErrorLog directives are placed inside a section, all requests or errors for that virtual host will be logged only to the specified file. Any virtual host which does not have logging directives will still have its requests sent to the main server logs.

In other words, if you place Logging directives within a VirtualHost section, it will override the Logging directives within the main server configuration. If you want to log to a single logfile, then remove the log configuration from your VirtualHost sections.

For simplicity, I prefer to log all Access data to a single logfile. Later, you can process the logs and split the logfiles into logfiles for the Virtual Hosts. Also, writing to a single logfile is a more efficient use of computer resources then writing to 30 logfiles at once. Just make sure your LogFormat includes the '%v', which will log the name of the Virtual Host.

Is it possible to have ALL accesses and errors duplicated to a shared logfile?

You can log all errors and access to a shared logfile, but the logfile is ugly. First, send the Apache log data to syslog, and then use syslog to send to a local file or a remote log server.

# Send access logs to syslog
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "|/usr/bin/logger -t httpd -i -p local7.notice" combined
# Send error logs to syslog
ErrorLog syslog:local7

And then in /etc/syslog.conf

# Send all HTTP log data to this file
local7.*        /var/log/http-all.log

Mod_wsgi app in two different ports

Check the cookie names of your apps called by wsgi (prod and stag), they must not conflict. Example: I have 2 apps with flask and wsgi, using the same program with different parameters. I have to assign different values to config["SESSION_COOKIE_NAME"] to avoid conflicts.

Best Answer

Related Solutions

“Catch-All” access log with Apache Virtual Hosts

Mod_wsgi app in two different ports

Related Topic