Apache Rig
A journal about installing a meaningful Apache.
The blackbox format article at ONLAMP went onto my todo list. It is a well written article, but knowing nothing about Apache, or web traffic, I wondered why it didn’t appear to be referenced. What were these log files that my server keeps rotating good for? The author made a good point that the common log of Apache recorded precious little data, most of which could be easily spoofed.
I finally, had to pester the people at freenode #apache, and now I have four open source traffic visualization packages to choose from.
These reporting packages use Common or Combined Log Formats.
Combined is Common with referrer and user agent added.
They create impressive charts of hit stats using this basic data. So, why not gather more information? The author (GET NAME) ’s blackbox format gathers server information that could create some reports that are just as revealing.
Installed the blackbox format, after some research that finds that no one else mentions it, I decided to go ahead and install anyway. It records valuable infomration. After I determined that the log reporting tools crack these logs, it seemed like it was worth keeping this inofrmation around.
I added the black box line, without the special port number variable that requires a mod_log_configure patch. Liked the output. It wasn’t as long a line as you would imagine from the article.
68.40.195.190/0 - [04/Oct/2005:11:37:10 -0400] "GET / HTTP/1.1" 302/302 25917/3076434080 0/573 335/527/302
68.40.195.190/0 - [04/Oct/2005:11:37:11 -0400] "GET /beta/index.html HTTP/1.1" 200/200 25915/3076434080 6/6709703 350/3925/3699
68.40.195.190/0 - [04/Oct/2005:11:37:17 -0400] "GET /beta/tag/css/thinknola.css HTTP/1.1" 200/200 25914/3076434080 0/34734 408/5067/4807
68.40.195.190/0 - [04/Oct/2005:11:37:17 -0400] "GET /beta/images/think-135.png HTTP/1.1" 200/200 25916/3076434080 0/106778 407/21316/21054
Then I went and patched Apache to add the client's port.
I'm using Linux ES 3.0, and I don't want to distrub it's Apache configuration, which is doing some nice things, like rotating logs.
I'm going to build an Apache to get the changes to mod_log_config, and it took a while to figure out how to get it to emit *.so for modules. Here's the incantation.
I build a separate httpd and installed it as I where going to use it. I didn't want to copy a patched mod_log_configure over the old one, and then forget that it was patched, which is pretty easy to do when your baby-sitting a package manager.
There it is. Apache patched and running
<pre><code allow="none">
68.40.195.190/63039 - [04/Oct/2005:16:35:42 -0400] "GET /beta/index.html HTTP/1.1" 200/200 24570/3076429984 0/293692 350/3925/3699
68.40.195.190/63040 - [04/Oct/2005:16:35:42 -0400] "GET /beta/tag/css/thinknola.css HTTP/1.1" 200/200 24571/3076429984 0/14500 408/5067/4807
68.40.195.190/63041 - [04/Oct/2005:16:35:42 -0400] "GET /beta/images/think-135.png HTTP/1.1" 200/200 24573/3076429984 0/87555 407/21316/21054
68.40.195.190/63042 - [04/Oct/2005:16:35:45 -0400] "GET /beta/index.html HTTP/1.1" 200/200 24574/3076429984 0/192447 350/3925/3699
68.40.195.190/63043 - [04/Oct/2005:16:35:46 -0400] "GET /beta/tag/css/thinknola.css HTTP/1.1" 200/200 24575/3076429984 0/4582 408/5067/4807
68.40.195.190/63044 - [04/Oct/2005:16:35:46 -0400] "GET /beta/images/think-135.png HTTP/1.1" 200/200 24572/3076429984 0/90969 407/21316/21054That’s an older Apache, so I had to get an older tarball from the source archive.
October 20th, 2005 at 10:47 pm
[…] That blackbox log, for example. That helped. […]