AIVAS Posted August 16, 2007 Share Posted August 16, 2007 Ok. I can't seem to figure this one out but then I'm no Apache Guru. Oh heck I can compile it, install it, secure it and configure it but this one's got me puzzled. I've read all of the documentation I can find, I've googled a number of different (yet similar) search terms and I'm still sitting on the fence as to whether or not this is possible. :-\ I need to log access to Apache from a specific external IP to a separate log file. Whoa. Before you say well that's easily done, let me add the twist. I already have a log condition which doesn't log access from the LAN. Basically I need to log all external access except this specific IP which needs to go to a separate log file (and NOT to the main one) and deny logging for LAN access. I have: SetEnvIf Remote_Addr "192\.168\.1\.*" DontLogLAN=1 CustomLog "access.log" combined env=!DontLogLAN Now I'd like to add: SetEnvIf Remote_Addr "external IP here" ExternalIP=1 and change the above CustomLog line to: CustomLog "access.log" combined env=!DontLogLAN env=!ExternalIP=1 and add CustomLog "externalIP_access.log" combined env=ExternalIP so I would end up with: SetEnvIf Remote_Addr "192\.168\.1\.*" DontLogLAN=1 SetEnvIf Remote_Addr "external IP here" ExternalIP=1 CustomLog "access.log" combined env=!DontLogLAN env=!ExternalIP=1 CustomLog "externalIP_access.log" combined env=ExternalIP This is a live production server and I don't have the time or resources to set up a test unit (not even virtually). I'm busy enough that I was lucky to find enough time to research this much. ANY assistance would be appreciated. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted August 16, 2007 Share Posted August 16, 2007 I like a good challenge Here you go: SetEnvIf Remote_Addr 192\.168\.1\.*|188.5.5.1 DontLog SetEnvIf Remote_Addr "188.5.5.1" ExternalIP CustomLog /var/log/apache2/access.log combined env=!DontLog CustomLog /var/log/apache2/access1 combined env=ExternalIP Replace 188.5.5.1 with your "External IP". Let us know how it goes for you. -steve Quote Link to comment Share on other sites More sharing options...
AIVAS Posted August 16, 2007 Author Share Posted August 16, 2007 The PIPE character! Doh! Didn't even think about that method. Of course I still wouldn't have been sure and would've posted here anyway. There really should be a decent tutorial somewhere about SetEnvIf. I looked in a number of places a couldn't find anything. While the Apache documentation is adequate it's only just that - adequate. At no point does it broach anything like this (of course this is fairly unique). Anyway seems to works fine. It'll have to run for a few days until I'm positive but the one entry has worked so I don't see why any others wouldn't. Thanks. Note to anyone who might try anything like this: BACK UP YOUR WORKING .CONF FILE FIRST!!!!!! Just in case you type something wrong, that will affect Apache and you'll have downtime. A backup of a known working .conf will allow you to replace the problem and get back up and running very quickly. Go fix the problem and try again - always making sure you have a backup of that working copy. I learned this the hard way many, many, many years ago Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.