Hi all, I (and many others) use the following for getting virus attacks into attack_log instead of access_log:
# configuration to direct logging of virus attacks to separate log # make sure you comment out your old CustomLog directive! # for more information refer to /manual/mod/mod_setenvif.html SetEnvIfNoCase Request_URI "default\.ida?|root\.|cmd\.exe" is_attack CustomLog logs/access_log common env=!is_attack CustomLog logs/attack_log common env=is_attack this works fine when I test from browser, but when the virus tries to access default.ida it is still logged in the access_log. The only difference you can see in the log is that the virus access is with HTTP/1.0 while my access from browser is with HTTP/1.1; now my question: is it possible that this the reason why the above config doesnt work as I expect?? Guenter.
