You are here

Custom Access Log format

Affects version(s): 
5.x
4.2.x

The access logs of any virtual host are accessible in the Logviewer and are separately stored on the disk in a standard Apache Access Log file. The logs are stored under /home/log/access_logs/ an can be read by the user log. The Apache Access log files can be used for analysis in third party software. This article describes how to change the format of these Access Logs.

5.0:

In Airlock 5.x the customized global Apache Log Format can be defined in the Expert Settings Apache.
Menu "Expert Settings" -> "Security Gate / Apache" -> Set switch for Apache to "ON"

Please see the Apache documentation for available variables to use in the log format syntax.

A example access log entry (default):

LogFormat        "%h %l %u %t \"%m %{AL_PLAINTEXT_PATH}e %H\" %>s %b" common_decrypted

Those Apache Expert settings are part of the Airlock Configuration. There is no need to manually backup any files any more. In this case those settings are update resistent.

You need to activate your Airlock configuration to deploy your new Apache expert settings.

4.2:

The log format is contained in the web listener configuration. The corresponding template files are:

  • Apache 1.3: /opt/slt/ses/apache/conf/httpd.conf.in
  • Apache 2.0: /opt/slt/ses/apache2/conf/httpd.conf.in
  • Apache 2.2: /opt/slt/ses/apache22/conf/httpd.conf.in

As default  Airlock uses Apache 2.2. To find out or change the version of the Weblistener, open a secure shell to  Airlock. Login as user menu and select "3) Expert Settings" from the console menu.

To change your access log format perform the following steps:

  • login as user root
  • open the corresponding file:
    # vi /opt/slt/ses/apache22/conf/httpd.conf.in
  • search for common_decrypted (this is the log format used for the logfiles in /home/log/access_logs/)
  • You can change the common_decrypted format according to the Apache documentation.
  • E.g. for adding Referer and User-Agent, rename the log format common_decrypted to common_decrypted_orig and the log format combined_decrypted to common_decrypted.
    Do NOT change the log format airlock_extended. This format is used internally for the Log viewer. Changes on it will cause malfunctions!
  • Save your changes
  • Restart the Configuration Center Agent (only 4.2.x)
    # svcadm restart svc:/site/slt_alec_agent
  • Open the  Airlock Configuration Center and activate the current configuration.
  • Restart the web listener using
    # zlogin ext
    # /etc/init.d/slt.apache stop
    # /etc/init.d/slt.apache start
    # exit

Any Airlock update may undo this changes. Always check the configuration after applying an update.

How to activate apache access logs see How to enable the Apache access logs

Knowledge Base Categories: