Re: xinetd /etc/host.deny ALL:PARANOID
On 11/01/02, Nathan E Norman wrote: On Fri, Jan 11, 2002 at 11:52:15AM +0100, Christian Kurz wrote: On 10/01/02, Nathan E Norman wrote: On Fri, Jan 11, 2002 at 01:29:08AM +0100, martin f krafft wrote: first, the IP is taken and reverse-resolved to a domain name. then the domain name is resolved to an IP. if that IP doesn't match, it'll DENY. now if 1.2.3.4 were to point to mail.madduck.net, but mail.madduck.net points to 1.2.3.5, then that's obviously a problem, or indication of an error status, or a hint at a hack/spoof attack... until you realize what BIND and others do with simply RR load-balancing: zone IN 3.2.1.in-addr.ARPA: 4 IN PTR mail.madduck.net 5 IN PTR mail.madduck.net zone IN madduck.net mail.madduck.net IN A 1.2.3.4 IN A 1.2.3.5 now repeated queries for the A record of mail.madduck.net will return both IPs alternatingly. now think about why this would cause a problem. Congratulations ... you just set up your DNS incorrectly. Every PTR entry should resolve to a _unique_ name, and that name should resolve to a _unique_ IP. That doesn't mean you can't have additional A records doing load balancing. Pardon? Would you please cite that paragraph of the RfCs that states that every PTR entry should resolve to a _unique_ name? The last time I read in the RfC and in another book about DNS both didn't mention that. And according to my knowledge it's possible to have such a zone entry as Martin described it above. If I'm not mistaken even some examples in the RfCs 1034 and 1035 show this. So would you please show some evidence? Everything that is possible is not necessarily a good idea. So far I agree with you. However, I must admit I was talking from memory; I'm travelling at the moment and don't have time to read the RFCs, but I am sure you won't find the statement there. I am sure I read it somewhere, perhaps Cricket Liu's book, I don't remember. it made a strong impression on me as a Best Practice. If you are offended by such a categorization ... It has nothing to do with categorization. But you talked about an incorrectly set up DNS and that's wrong. The DNS example that Martin used by not have been a good choice or good pratice, but it was correct according to the RfCs. So I'm not offended by categorization, which also should be avoided, but I was annoyed about your statement you just set up your DNS incorrectly. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853 msg04832/pgp0.pgp Description: PGP signature
Re: Fwd: scp, no ssh
On 11 Jan 2002, at 0:06, martin f krafft wrote: --+xNpyl7Qekk2NvDX Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable also sprach Marcel Hicking [EMAIL PROTECTED] [2002.01.10.1646 +0100]: /bin/true will log you out right away, and therefore you cannot start scp. I've doublechecked this yesterday, and even tried to put exit into the .bashrc *This* did work fine, no ssh anymore, but scp works. But! unforunatelly the user can scp an new .bashrc or use ssh and rm to remove it. chattr +i .bashrc. but whether you want to do it that way... well, you tell us... Not really ;-) Just offering some thoughts... -- __ .´ `. : :' ! Enjoy `. `´ Debian/GNU Linux `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
On Sam, 12 Jan 2002, Kevin Littlejohn wrote: Seems to me so, too. I wonder if this problem is so far of that there are no 'standard' ways of doing it. Every MTA has it's way, every IMAP/POP3 MDA has it's own way - where mta1 only works with mda2 and mta3 only with mda1. Worst of all the IMAP server who promote their own protocol and see LDAP as its disabled stepbrother. But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Got a little of topic, sorry. Look to using pam for pop3 passwords, and configure pam to use ldap. That's the most likely way to make it work. KJL On Sat, 2002-01-12 at 10:47, Florian Bantner wrote: Seems I'm really to stupid to find my piece of information by myself, but: First things first. I'm switching to doing mail-handling with LDAP in order to get rid of the 'dead' users in my passwd. Configuring EXIM with LDAP should just work fine. Enter the users in LDAP under some domain-branches, let exim look there for it's delivery and put mail under /var/mail/domain/user. Here we go. Problem is now: How to get the mail delivered to the users via pop3. None of the pop3-daemons I managed to find supports LDAP by heart even if it seems so simple: Lookup user/pass in LDAP, find mail-directory and deliver. Am I looking at the wrong place? btw. using potato. Regards, Florian Bantner -- -- Florian Bantner AXON-E Interaktive Medien Tel. +49-941-599 854 4 Fax. +49-941-599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key 1191 0C87 D9DB 3217 ABBA 5223 6D74 AB19 5C9D FC49 -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is fixing it, I'll keep the *nix's broken method, thank you. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
On Sun, 2002-01-13 at 00:18, Florian Bantner wrote: On Sam, 12 Jan 2002, Kevin Littlejohn wrote: Seems to me so, too. I wonder if this problem is so far of that there are no 'standard' ways of doing it. Every MTA has it's way, every IMAP/POP3 MDA has it's own way - where mta1 only works with mda2 and mta3 only with mda1. Worst of all the IMAP server who promote their own protocol and see LDAP as its disabled stepbrother. But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Got a little of topic, sorry. Look to using pam for pop3 passwords, and configure pam to use ldap. That's the most likely way to make it work. KJL I don't actually see it as that non-standard. I've got a woody-based system I look after using LDAP for pretty much everything, via standard debian packages, and it's pretty simple once you get over the first hurdle of understanding how to lay out the info in an LDAP database - PAM handles most everything, certain modules have their own specific LDAP auth handlers that provide a touch more flexibility than PAM (eg. apache). The only nasty gotchya I ran into was MySQL - if nscd isn't running, and mysql's user is served out of LDAP instead of in the /etc/passwd file, mysql chokes badly on trying to retrieve username from uid (or something near there, I didn't look too much further than realising that nscd wasn't running and mysql was attempting to make queries of that type). I'm using, for reference, courier-imap, delivering into that from postfix (I like maildir, but dislike qmail). Courier uses it's own ldap auth module, postfix uses it's own LDAP module. ssh uses PAM, apache uses it's own module (for added flexibility), Zope uses it's own LDAP auth (because it does wierd and wonderful things with user info), I don't do POP or ftp thankfully but I'd imagine PAM support for both of those would be fine. passwd and su also lean on PAM, nscd/nsswitch understands to use LDAP for getpwnam type lookups. Each package that provides it's own module for LDAP seems to want specific extra info out of the LDAP database - or support specific extras. Each will, as far as I can tell, also use PAM if you really want to keep things centralised - the extended modules are pretty much optional, but worthwhile. I doubt you'll ever get a single centralised way of managing things, tho - and truth be told, even in Windows you don't get that - different packages will handle their own config info in different ways, if they're written by different people. Some packages abuse the registry, some keep all their config to themselves, and so on and so forth. Certainly, the various games I have under Windows don't all have a standard way of configuring them, for what little configuration they might have. Hell, programs even differ in where to find the configuration info (control panel vs. file/configuration vs. view/properties vs. whatever else a given author may have thought was intuitive) :) Now I'm way off topic ;) KJL -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
On Sam, 12 Jan 2002, Peter Billson wrote: But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is fixing it, I'll keep the *nix's broken method, thank you. Sorry when I offended you. But I think you intentionally missunderstood me. I'm definitively not trying and/or looking forward to using the windows-registry under linux. Hell, I don't whant a crippled system, too, and I was very happy when I got rid of it. But lets face it: Before Windows introduced the Reg it had (feel its unix-like or not) configuration information scattered around the system. It wasn't even (really) possible to store per-user information where you could find it again. How did you get system-configuration from one system to another? How did you make a backup of all your configs? For Windows-Terms the Registry was a big step. Nevertheless, the Regestry was a way against the windows problems. (and not the worst one). Using it for unix-problems is like putting a car trailer in order to extend the capacity of a freighter. What I'm looking for is a way to tidy up the freighter a little. For example: I'm dealing with many apaches on different hosts and different configurations. Why shouldn't it be possible to store all of the apaches configuration (and not only the auth-info) in one centralized configuration? Add the interface-/dns-configuration and I could easily move one web-presenz from one host to another. It is true: Even now this is possible using some fancy shell-scrips and generating configs etc. from ldap-information. But: Everyone who would want to do so, would invent it by its own. What a silly concept, hundreds of people inventing one and the same system to store config-information in (not exactly, but nearly) the same way in the directory. And configuring apache is only one thing. Imaging nearly every service you have running on more than one server. Add distributed user-configuration for client-management. Add backup- and fail-over capabilities. Use it to remote-control distant-hosts. What I want is to have here some standart-way of doing it. Perhaps a rfc or a 'ldap standartization project' equivalent to the linux file-system standardization. What you get is an easy way of system (which is indeed different from service) configuration, and that in nearly no time. Again: I don't what to copy windows-errors. I want to improve. Regards, Florian -- -- Florian Bantner AXON-E Interaktive Medien Tel. +49-941-599 854 4 Fax. +49-941-599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key 1191 0C87 D9DB 3217 ABBA 5223 6D74 AB19 5C9D FC49 -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
user-agent log problem
hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs .. why ? example: debian - - [12/Jan/2002:14:03:02 +0100] GET /doc/HTML/web/w3/index.html HTTP/1.1 200 5208 and in my httpd.conf ... ... LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent # The location of the access logfile (Common Logfile Format). # If this does not start with /, ServerRoot is prepended to it. CustomLog /var/log/apache/access.log combined ... ... _ Sebastian Ezequiel Ovide -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: user-agent log problem
Hmmm, seems right. A couple thoughts: 1) Do you have any other CustomLog directives that are not commented out 2) Are you running NameVirtualHosts where you'd have to define a CustomLog for each? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs .. why ? example: debian - - [12/Jan/2002:14:03:02 +0100] GET /doc/HTML/web/w3/index.html HTTP/1.1 200 5208 and in my httpd.conf ... ... LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent # The location of the access logfile (Common Logfile Format). # If this does not start with /, ServerRoot is prepended to it. CustomLog /var/log/apache/access.log combined -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
On 11/01/02, Nathan E Norman wrote: On Fri, Jan 11, 2002 at 11:52:15AM +0100, Christian Kurz wrote: On 10/01/02, Nathan E Norman wrote: On Fri, Jan 11, 2002 at 01:29:08AM +0100, martin f krafft wrote: first, the IP is taken and reverse-resolved to a domain name. then the domain name is resolved to an IP. if that IP doesn't match, it'll DENY. now if 1.2.3.4 were to point to mail.madduck.net, but mail.madduck.net points to 1.2.3.5, then that's obviously a problem, or indication of an error status, or a hint at a hack/spoof attack... until you realize what BIND and others do with simply RR load-balancing: zone IN 3.2.1.in-addr.ARPA: 4 IN PTR mail.madduck.net 5 IN PTR mail.madduck.net zone IN madduck.net mail.madduck.net IN A 1.2.3.4 IN A 1.2.3.5 now repeated queries for the A record of mail.madduck.net will return both IPs alternatingly. now think about why this would cause a problem. Congratulations ... you just set up your DNS incorrectly. Every PTR entry should resolve to a _unique_ name, and that name should resolve to a _unique_ IP. That doesn't mean you can't have additional A records doing load balancing. Pardon? Would you please cite that paragraph of the RfCs that states that every PTR entry should resolve to a _unique_ name? The last time I read in the RfC and in another book about DNS both didn't mention that. And according to my knowledge it's possible to have such a zone entry as Martin described it above. If I'm not mistaken even some examples in the RfCs 1034 and 1035 show this. So would you please show some evidence? Everything that is possible is not necessarily a good idea. So far I agree with you. However, I must admit I was talking from memory; I'm travelling at the moment and don't have time to read the RFCs, but I am sure you won't find the statement there. I am sure I read it somewhere, perhaps Cricket Liu's book, I don't remember. it made a strong impression on me as a Best Practice. If you are offended by such a categorization ... It has nothing to do with categorization. But you talked about an incorrectly set up DNS and that's wrong. The DNS example that Martin used by not have been a good choice or good pratice, but it was correct according to the RfCs. So I'm not offended by categorization, which also should be avoided, but I was annoyed about your statement you just set up your DNS incorrectly. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853 pgpFBkbYF0bMV.pgp Description: PGP signature
Re: Fwd: scp, no ssh
On 11 Jan 2002, at 0:06, martin f krafft wrote: --+xNpyl7Qekk2NvDX Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable also sprach Marcel Hicking [EMAIL PROTECTED] [2002.01.10.1646 +0100]: /bin/true will log you out right away, and therefore you cannot start scp. I've doublechecked this yesterday, and even tried to put exit into the .bashrc *This* did work fine, no ssh anymore, but scp works. But! unforunatelly the user can scp an new .bashrc or use ssh and rm to remove it. chattr +i .bashrc. but whether you want to do it that way... well, you tell us... Not really ;-) Just offering some thoughts... -- __ .´ `. : :' ! Enjoy `. `´ Debian/GNU Linux `-
Re: EXIM, LDAP and some pop3 stuff?
On Sam, 12 Jan 2002, Kevin Littlejohn wrote: Seems to me so, too. I wonder if this problem is so far of that there are no 'standard' ways of doing it. Every MTA has it's way, every IMAP/POP3 MDA has it's own way - where mta1 only works with mda2 and mta3 only with mda1. Worst of all the IMAP server who promote their own protocol and see LDAP as its disabled stepbrother. But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Got a little of topic, sorry. Look to using pam for pop3 passwords, and configure pam to use ldap. That's the most likely way to make it work. KJL On Sat, 2002-01-12 at 10:47, Florian Bantner wrote: Seems I'm really to stupid to find my piece of information by myself, but: First things first. I'm switching to doing mail-handling with LDAP in order to get rid of the 'dead' users in my passwd. Configuring EXIM with LDAP should just work fine. Enter the users in LDAP under some domain-branches, let exim look there for it's delivery and put mail under /var/mail/domain/user. Here we go. Problem is now: How to get the mail delivered to the users via pop3. None of the pop3-daemons I managed to find supports LDAP by heart even if it seems so simple: Lookup user/pass in LDAP, find mail-directory and deliver. Am I looking at the wrong place? btw. using potato. Regards, Florian Bantner -- -- Florian Bantner AXON-E Interaktive Medien Tel. +49-941-599 854 4 Fax. +49-941-599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key 1191 0C87 D9DB 3217 ABBA 5223 6D74 AB19 5C9D FC49 --
Re: EXIM, LDAP and some pop3 stuff?
But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is fixing it, I'll keep the *nix's broken method, thank you. Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting
Re: EXIM, LDAP and some pop3 stuff?
On Sun, 2002-01-13 at 00:18, Florian Bantner wrote: On Sam, 12 Jan 2002, Kevin Littlejohn wrote: Seems to me so, too. I wonder if this problem is so far of that there are no 'standard' ways of doing it. Every MTA has it's way, every IMAP/POP3 MDA has it's own way - where mta1 only works with mda2 and mta3 only with mda1. Worst of all the IMAP server who promote their own protocol and see LDAP as its disabled stepbrother. But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Got a little of topic, sorry. Look to using pam for pop3 passwords, and configure pam to use ldap. That's the most likely way to make it work. KJL I don't actually see it as that non-standard. I've got a woody-based system I look after using LDAP for pretty much everything, via standard debian packages, and it's pretty simple once you get over the first hurdle of understanding how to lay out the info in an LDAP database - PAM handles most everything, certain modules have their own specific LDAP auth handlers that provide a touch more flexibility than PAM (eg. apache). The only nasty gotchya I ran into was MySQL - if nscd isn't running, and mysql's user is served out of LDAP instead of in the /etc/passwd file, mysql chokes badly on trying to retrieve username from uid (or something near there, I didn't look too much further than realising that nscd wasn't running and mysql was attempting to make queries of that type). I'm using, for reference, courier-imap, delivering into that from postfix (I like maildir, but dislike qmail). Courier uses it's own ldap auth module, postfix uses it's own LDAP module. ssh uses PAM, apache uses it's own module (for added flexibility), Zope uses it's own LDAP auth (because it does wierd and wonderful things with user info), I don't do POP or ftp thankfully but I'd imagine PAM support for both of those would be fine. passwd and su also lean on PAM, nscd/nsswitch understands to use LDAP for getpwnam type lookups. Each package that provides it's own module for LDAP seems to want specific extra info out of the LDAP database - or support specific extras. Each will, as far as I can tell, also use PAM if you really want to keep things centralised - the extended modules are pretty much optional, but worthwhile. I doubt you'll ever get a single centralised way of managing things, tho - and truth be told, even in Windows you don't get that - different packages will handle their own config info in different ways, if they're written by different people. Some packages abuse the registry, some keep all their config to themselves, and so on and so forth. Certainly, the various games I have under Windows don't all have a standard way of configuring them, for what little configuration they might have. Hell, programs even differ in where to find the configuration info (control panel vs. file/configuration vs. view/properties vs. whatever else a given author may have thought was intuitive) :) Now I'm way off topic ;) KJL -- Internet techieObsidian Consulting Group Phone: +613 9653 9364Fax: +613 9354 2681 http://www.obsidian.com.au/ [EMAIL PROTECTED]
Re: EXIM, LDAP and some pop3 stuff?
On Sam, 12 Jan 2002, Peter Billson wrote: But I think this is an inherent UNIX / LDAP problem. LDAP seems a very powerful tool doing for UNIX everything the 'Regestry' has done for windows - and more. Whats missing here is some standardized way of how to do it. Now there is something to strive for. One monolithic, incomprehensible mess that will cause your entire system to stop functioning if one byte is out of order. If using a Windows-like registry is fixing it, I'll keep the *nix's broken method, thank you. Sorry when I offended you. But I think you intentionally missunderstood me. I'm definitively not trying and/or looking forward to using the windows-registry under linux. Hell, I don't whant a crippled system, too, and I was very happy when I got rid of it. But lets face it: Before Windows introduced the Reg it had (feel its unix-like or not) configuration information scattered around the system. It wasn't even (really) possible to store per-user information where you could find it again. How did you get system-configuration from one system to another? How did you make a backup of all your configs? For Windows-Terms the Registry was a big step. Nevertheless, the Regestry was a way against the windows problems. (and not the worst one). Using it for unix-problems is like putting a car trailer in order to extend the capacity of a freighter. What I'm looking for is a way to tidy up the freighter a little. For example: I'm dealing with many apaches on different hosts and different configurations. Why shouldn't it be possible to store all of the apaches configuration (and not only the auth-info) in one centralized configuration? Add the interface-/dns-configuration and I could easily move one web-presenz from one host to another. It is true: Even now this is possible using some fancy shell-scrips and generating configs etc. from ldap-information. But: Everyone who would want to do so, would invent it by its own. What a silly concept, hundreds of people inventing one and the same system to store config-information in (not exactly, but nearly) the same way in the directory. And configuring apache is only one thing. Imaging nearly every service you have running on more than one server. Add distributed user-configuration for client-management. Add backup- and fail-over capabilities. Use it to remote-control distant-hosts. What I want is to have here some standart-way of doing it. Perhaps a rfc or a 'ldap standartization project' equivalent to the linux file-system standardization. What you get is an easy way of system (which is indeed different from service) configuration, and that in nearly no time. Again: I don't what to copy windows-errors. I want to improve. Regards, Florian -- -- Florian Bantner AXON-E Interaktive Medien Tel. +49-941-599 854 4 Fax. +49-941-599 854 1 Mail [EMAIL PROTECTED] Key http://www.axon-e.de/gpg/f.bantner.key 1191 0C87 D9DB 3217 ABBA 5223 6D74 AB19 5C9D FC49 --
user-agent log problem
hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs .. why ? example: debian - - [12/Jan/2002:14:03:02 +0100] GET /doc/HTML/web/w3/index.html HTTP/1.1 200 5208 and in my httpd.conf ... ... LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent # The location of the access logfile (Common Logfile Format). # If this does not start with /, ServerRoot is prepended to it. CustomLog /var/log/apache/access.log combined ... ... _ Sebastian Ezequiel Ovide
Re: user-agent log problem
Hmmm, seems right. A couple thoughts: 1) Do you have any other CustomLog directives that are not commented out 2) Are you running NameVirtualHosts where you'd have to define a CustomLog for each? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting [EMAIL PROTECTED] wrote: hi, in my logs files don't aper the user-agent (Mozilla, lynx ecc...) logs .. why ? example: debian - - [12/Jan/2002:14:03:02 +0100] GET /doc/HTML/web/w3/index.html HTTP/1.1 200 5208 and in my httpd.conf ... ... LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent # The location of the access logfile (Common Logfile Format). # If this does not start with /, ServerRoot is prepended to it. CustomLog /var/log/apache/access.log combined