Am 07.02.2013 21:54, schrieb Stefan Fritsch: > On Thursday 07 February 2013, Reindl Harald wrote: >> ErrorLog "/var/log/apache_error.log" >> LogLevel info >> >> https://issues.apache.org/bugzilla/show_bug.cgi?id=35768 >> >> what is here "fixed in 2.4.1"? >> httpd-2.4.3 does not log 404 errors in ErrorLog >> >> imagine admins like me with some hundret vhosts and all >> of the systems and templates are developed inside the >> own company - fine with httpd-2.4 you have to grab in >> each access-log to see typos - that is impossible >> >> the "opening for a denial of service attack on the disk >> space of the server" is simply borked because the same >> would affect CustomLog and if you do not want 404 in >> the ErrorLog use a higher LogLevel >> >> additionally if your server allows a DOS to the disk >> space from single client-IPs you should consider >> learning to use rate-controls in front of the httpd > > The level was changed to info, because the gazillions of error log > entries caused by bots and missing favicon.ico files were not > considered to be very valuable.
"touch /vhost/favicon" and you are done hopefully with "info" we do not get gazillions other messages in prdocutin which is hard to say now on a small testbed > Switching the loglevel to info works for me: interesting - now it works here too, yes i had hard restarted httpd > If you can provide a simple example config that sets the loglevel for > core to info but does not log these messages, please file a (new) PR > in bugzilla. i will do if this happens again > As a workaround, you may want to look at mod_log_debug's LogMessage. > That can do logging conditional on the status and also catches cases > where some modules set the status to 404 without logging something to > the error log hmm sounds interesting on the other hand i try to load as less modules as possible to minimize ressource usage and possible vulerabilities, code which is not loaded does not make troubles over the long :-)
signature.asc
Description: OpenPGP digital signature
