Hello,
The httpd(8) error log is not logging a timestamp or a remote ip. I get
only the error message itself with no meta data to correlate it to the
access log, which logs properly.
EXAMPLES:
Using the following in httpd.conf
log style forwarded
log {
access "access.log"
error "error.log"
}
I get this:
access.log:
mydomain.com 11.22.33.44 - - [28/Aug/2020:18:01:36 -0500] "GET
/wordpress/xmlrpc.php HTTP/1.1" 403 0 "" "Mozilla/5.0 (X11; Ubuntu; Linux
x86_64; rv:80.0) Gecko/20100101 Firefox/80.0" - -
error.log:
Access to the script '/htdocs/wordpress' has been denied (see
security.limit_extensions)
* Note there is no timestamp or remote ip in the error log. There is no
way to correlate it with the access log to determine what access caused
the error.
If instead you configure httpd to use syslog with:
log syslog
then you get this:
Aug 28 17:49:14 host httpd[74353]: Access to the script '/htdocs/wordpress' has
been denied (see security.limit_extensions)
Aug 28 17:49:14 host httpd[74353]: mydomain.com 11.22.33.44 - -
[28/Aug/2020:17:49:14 -0500] "GET /wordpress/xmlrpc.php HTTP/1.1" 403 0
The timestamps here are added by syslog, which is one way to get the time
stamps, and a way to correlate the error and access logs to some degree.
However, the errors do not list the remote IP.
The expected (to me) behavior would be for the error log to utilize the
same log format as the access log.
Please let me know if you need further info, or if I have made some
operator error.
Thanks.
--
Joe Laffey
https://sourceopen.com/
