Re: Bug#269499: apache-ssl: SSL log directives don't work?
tag 269499 moreinfo stop On Wed, 1 Sep 2004, Rafael D'Halleweyn wrote: Package: apache-ssl Version: 1.3.31-5 Severity: important The SSL log directives don't work for me, I only get a '+' in the logs. Looking at the source in src/modules/standard/mod_log_config.c, I see that the '%{clientcert}c' log directive is actually handled by log_connection_status since it appears in the log_item_keys array before log_ssl_info (and find_log_func matches on the first entry). So, as far as I understand, the '+' in the logs is the 'status of the connection'. Since '%c' is the same as '%X', the '%c' directive should probably be removed. please attach you config files. Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Processed: Re: Bug#269499: apache-ssl: SSL log directives don't work?
Processing commands for [EMAIL PROTECTED]: tag 269499 moreinfo Bug#269499: apache-ssl: SSL log directives don't work? There were no tags set. Tags added: moreinfo stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Re: Bug#269499: apache-ssl: SSL log directives don't work?
On Thu, 2004-09-02 at 06:41 +0200, Fabio Massimo Di Nitto wrote: please attach you config files. See attached. conf.d only contains the configlet for gallery. I am looking at the contents of the ssl.log file, which contains: [31/Aug/2004:17:52:43 -0400] + + + ssl.log is defined as: CustomLog /var/log/apache-ssl/ssl.log %t %{version}c %{cipher}c % {clientcert}c BTW. I removed { 'c', log_connection_status, 0 } from the log_item_keys array in mod_log_config.c and I am now getting the logs that I expect. Thanks, Raf. ## ## httpd.conf -- Apache HTTP server configuration file ## ServerType standalone ServerRoot /etc/apache-ssl LockFile /var/lock/apache-ssl.lock PidFile /var/run/apache-ssl.pid ScoreBoardFile /var/run/apache-ssl.scoreboard Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 100 Listen 563 Port 563 #BindAddress * Include /etc/apache-ssl/modules.conf User www-data Group www-data ServerAdmin [EMAIL PROTECTED] ServerName . #SSLNoV2 SSLRandomFile file /dev/urandom 1024 SSLRandomFilePerConnection file /dev/urandom 1024 SSLEnable SSLCacheServerPath /usr/lib/apache-ssl/gcache SSLCacheServerPort /var/run/gcache_port SSLSessionCacheTimeout 15 SSLCACertificatePath /etc/apache-ssl/ssl SSLCACertificateFile /etc/apache-ssl/ssl/cacert.pem SSLCertificateFile /etc/apache-ssl/ssl/cert.pem SSLCertificateKeyFile /etc/apache-ssl/ssl/key.pem SSLVerifyClient 2 SSLVerifyDepth 2 #SSLFakeBasicAuth #SSLUseCRL #SSLCRLCheckAll SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA DocumentRoot /home/www Directory / #Options SymLinksIfOwnerMatch AllowOverride All /Directory Directory /home/www/ #Options Indexes Includes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all /Directory IfModule mod_dir.c DirectoryIndex index.html index.htm index.shtml index.php /IfModule AccessFileName .htaccess Files ~ ^\.ht Order allow,deny Deny from all /Files UseCanonicalName Off TypesConfig /etc/mime.types DefaultType text/plain HostnameLookups Off ErrorLog /var/log/apache-ssl/error.log LogLevel warn LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ \%{forensic-id}n\ %T %v full LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ \%{forensic-id}n\ %P %T debug LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ \%{forensic-id}n\ \%{clientcert}c\ combined LogFormat %h %l \%u\ %t \%r\ %s %b \%{forensic-id}n forensic LogFormat %h %l \%u\ %t \%r\ %s %b common LogFormat %{Referer}i - %U referer LogFormat %{User-agent}i agent CustomLog /var/log/apache-ssl/access.log combined ServerSignature Off ServerTokens Prod IfModule mod_mime.c AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddType application/x-tar .tgz AddType image/bmp .bmp AddType text/x-hdml .hdml /IfModule IfModule mod_bandwidth.c # BandWidthDataDir /var/lib/apache/mod-bandwidth/ BandWidthModule On BandWidth 172.18.43.4 0 BandWidth all 40960 LargeFileLimit 25 20480 LargeFileLimit 250 10240 /IfModule AddDefaultCharset on CustomLog /var/log/apache-ssl/ssl.log %t %{version}c %{cipher}c %{clientcert}c Include /etc/apache-ssl/conf.d # Autogenerated file - do not edit! # This file is maintained by the apache-ssl package. # To update it, run the command: #/usr/sbin/apache-modconf apache-ssl ClearModuleList AddModule mod_so.c AddModule mod_macro.c LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so LoadModule agent_log_module /usr/lib/apache/1.3/mod_log_agent.so LoadModule referer_log_module /usr/lib/apache/1.3/mod_log_referer.so LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so LoadModule access_module /usr/lib/apache/1.3/mod_access.so LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so LoadModule bandwidth_module /usr/lib/apache/1.3/mod_bandwidth.so LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
Bug#269499: apache-ssl: SSL log directives don't work?
Package: apache-ssl Version: 1.3.31-5 Severity: important The SSL log directives don't work for me, I only get a '+' in the logs. Looking at the source in src/modules/standard/mod_log_config.c, I see that the '%{clientcert}c' log directive is actually handled by log_connection_status since it appears in the log_item_keys array before log_ssl_info (and find_log_func matches on the first entry). So, as far as I understand, the '+' in the logs is the 'status of the connection'. Since '%c' is the same as '%X', the '%c' directive should probably be removed. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.9-rc1+bigboy Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 Versions of packages apache-ssl depends on: ii apache-common 1.3.31-5 Support files for all Apache webse ii debconf 1.4.32 Debian configuration management sy ii dpkg1.10.23 Package maintenance system for Deb ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an ii libdb4.24.2.52-17Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.6-8 XML parsing C library - runtime li ii libmagic1 4.10-3 File type determination library us ii libssl0.9.7 0.9.7d-5 SSL shared libraries ii logrotate 3.7-2Log rotation utility ii mime-support3.28-1 MIME files 'mime.types' 'mailcap ii openssl 0.9.7d-5 Secure Socket Layer (SSL) binary a ii perl5.8.4-2 Larry Wall's Practical Extraction ii ssl-cert1.0-8Simple debconf wrapper for openssl -- debconf information: * apache-ssl/server-name: www.dhalleweyn.com * apache-ssl/server-admin: [EMAIL PROTECTED] * apache-ssl/enable-suexec: false * apache-ssl/init: true * apache-ssl/document-root: /home/www