📄 mod_log_forensic.html
字号:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="keywords" content="Apache, 中文, 手册, 中文版, 中文手册, 中文版手册, 参考手册, 中文参考手册, 金步国" />
<meta name="description" content="Apache 2.2 中文版参考手册" />
<meta name="author" content="金步国" />
<link href="../style/css/manual-zip.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-zip-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<title>mod_log_forensic - Apache 2.2 中文版参考手册</title>
</head>
<body><div id="page-header">
<p class="menu"><a href="../mod/index.html">模块索引</a> | <a href="../mod/directives.html">指令索引</a> | <a href="../faq/index.html">常见问题</a> | <a href="../glossary.html">词汇表</a> | <a href="../sitemap.html">站点导航</a></p><p class="apache">Apache HTTP Server 版本2.2</p><img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="./index.html"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">文档</a> > <a href="../index.html">版本2.2</a> > <a href="./index.html">模块</a></div>
<div id="translation-info"> <a href="../translator_announcement.html#thanks">致谢</a> | <a href="../translator_announcement.html#announcement">译者声明</a> | 本篇译者:<<a href="../translator_announcement.html#join">虚位以待</a>> | 本篇译稿完成时间:?年?月?日 | <a href="../translator_announcement.html#last_new">获取最新版本</a></div>
<div id="page-content"><div id="preamble"><h1>Apache模块 mod_log_forensic</h1>
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#AAAAAA" class="module">
<tr><th><a href="module-dict.html#Description">说明</a></th><td>实现"对比日志",即在请求被处理之前和处理完成之后进行两次记录</td></tr>
<tr><th><a href="module-dict.html#Status">状态</a></th><td>扩展(E)</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">模块名</a></th><td>log_forensic_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">源文件</a></th><td>mod_log_forensic.c</td></tr>
<tr><th><a href="module-dict.html#Compatibility">兼容性</a></th><td><code class="module"><a href="../mod/mod_unique_id.html">mod_unique_id</a></code> is no longer required since
version 2.1</td></tr>
</table>
<h3>概述</h3>
<p>This module provides for forensic logging of client
requests. Logging is done before and after processing a request, so the
forensic log contains two log lines for each request.
The forensic logger is very strict, which means:</p>
<ul>
<li>The format is fixed. You cannot modify the logging format at
runtime.</li>
<li>If it cannot write its data, the child process
exits immediately and may dump core (depending on your
<code class="directive"><a href="../mod/mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></code>
configuration).</li>
</ul>
<p><code>check_forensic</code> script, which can be found in the
distribution's support directory, may be helpful in evaluating the
forensic log output.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="formats" id="formats">Forensic Log Format</a></h2>
<p>Each request is logged two times. The first time is <em>before</em> it's
processed further (that is, after receiving the headers). The second log
entry is written <em>after</em> the request processing at the same time
where normal logging occurs.</p>
<p>In order to identify each request, a unique request ID is assigned.
This forensic ID can be cross logged in the normal transfer log using the
<code>%{forensic-id}n</code> format string. If you're using
<code class="module"><a href="../mod/mod_unique_id.html">mod_unique_id</a></code>, its generated ID will be used.</p>
<p>The first line logs the forensic ID, the request line and all received
headers, separated by pipe characters (<code>|</code>). A sample line
looks like the following (all on one line):</p>
<div class="example"><p><code>
+yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif
HTTP/1.1|Host:localhost%3a8080|User-Agent:Mozilla/5.0 (X11;
U; Linux i686; en-US; rv%3a1.6) Gecko/20040216
Firefox/0.8|Accept:image/png, <var>etc...</var>
</code></p></div>
<p>The plus character at the beginning indicates that this is the first log
line of this request. The second line just contains a minus character and
the ID again:</p>
<div class="example"><p><code>
-yQtJf8CoAB4AAFNXBIEAAAAA
</code></p></div>
<p><code>check_forensic</code> script takes as its argument the name
of the logfile. It looks for those <code>+</code>/<code>-</code> ID pairs
and complains if a request was not completed.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="security" id="security">Security Considerations</a></h2>
<p>See the <a href="../misc/security_tips.html#serverroot">security tips</a>
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ForensicLog" id="ForensicLog">ForensicLog</a> <a name="forensiclog" id="forensiclog">指令</a></h2>
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#AAAAAA" class="directive">
<tr><th><a href="directive-dict.html#Description">说明</a></th><td>Sets filename of the forensic log</td></tr>
<tr><th><a href="directive-dict.html#Syntax">语法</a></th><td><code>ForensicLog <var>filename</var>|<var>pipe</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">作用域</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">状态</a></th><td>扩展(E)</td></tr>
<tr><th><a href="directive-dict.html#Module">模块</a></th><td>mod_log_forensic</td></tr>
</table>
<p><code class="directive">ForensicLog</code> directive is used to
log requests to the server for forensic analysis. Each log entry
is assigned a unique ID which can be associated with the request
using the normal <code class="directive"><a href="../mod/mod_log_config.html#customlog">CustomLog</a></code>
directive. <code class="module"><a href="../mod/mod_log_forensic.html">mod_log_forensic</a></code> creates a token called
<code>forensic-id</code>, which can be added to the transfer log
using the <code>%{forensic-id}n</code> format string.</p>
<p>The argument, which specifies the location to which
the logs will be written, can take one of the following two
types of values:</p>
<dl>
<dt><var>filename</var></dt>
<dd>A filename, relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</dd>
<dt><var>pipe</var></dt>
<dd>The pipe character "<code>|</code>", followed by the path
to a program to receive the log information on its standard
input. The program name can be specified relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code> directive.
<div class="warning"><h3>安全</h3>
<p>If a program is used, then it will be run as the user who
started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
started by root; be sure that the program is secure or switches to a
less privileged user.</p>
</div>
<div class="note"><h3>注意</h3>
<p>When entering a file path on non-Unix platforms, care should be taken
to make sure that only forward slashed are used even though the platform
may allow the use of back slashes. In general it is a good idea to always
use forward slashes throughout the configuration files.</p>
</div></dd>
</dl>
</div>
</div>
<div id="footer">
<p class="apache">本文允许自由使用、分发、转载,但必须保留译者署名;详见:<a href="../translator_announcement.html#announcement">译者声明</a>。</p>
<p class="menu"><a href="../mod/index.html">模块索引</a> | <a href="../mod/directives.html">指令索引</a> | <a href="../faq/index.html">常见问题</a> | <a href="../glossary.html">词汇表</a> | <a href="../sitemap.html">站点导航</a></p></div>
</body></html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -