I've been doing logging in apache/ssl and came up with the
following proposed additions to the LogFormat directive to support
SSL-parameter logging. I'd like to know if my directives seem
reasonable:
* The argument to LogFormat is a string, which can include literal
* characters copied into the log files, and '%' directives as follows:
*
* %...h: remote host
* %...l: remote logname (from identd, if supplied)
* %...u: remote user (from auth; may be bogus if return status (%s) is 401)
* %...t: time, in common log format time format
* %...r: first line of request
* %...s: status. For requests that got internally redirected, this
* is status of the *original* request --- %...>s for the last.
* %...b: bytes sent.
* %...{Foobar}i: The contents of Foobar: header line(s) in the request
* sent to the client.
* %...{Foobar}o: The contents of Foobar: header line(s) in the reply.
*
* Additional SSL directives:
*
* %...{cipher}c: cipher used (SSL_get_cipher)
* %...{clientcert}c: client certificate information
* %...{errcode}c: X509 verify error code
* %...{errstr}c: X509 verify error string
the "c" means "crypto" or "cipher".
Any better ideas will be welcomed and implemented.
thanks,
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org/ (or login as "guest") sameer@c2.org
following proposed additions to the LogFormat directive to support
SSL-parameter logging. I'd like to know if my directives seem
reasonable:
* The argument to LogFormat is a string, which can include literal
* characters copied into the log files, and '%' directives as follows:
*
* %...h: remote host
* %...l: remote logname (from identd, if supplied)
* %...u: remote user (from auth; may be bogus if return status (%s) is 401)
* %...t: time, in common log format time format
* %...r: first line of request
* %...s: status. For requests that got internally redirected, this
* is status of the *original* request --- %...>s for the last.
* %...b: bytes sent.
* %...{Foobar}i: The contents of Foobar: header line(s) in the request
* sent to the client.
* %...{Foobar}o: The contents of Foobar: header line(s) in the reply.
*
* Additional SSL directives:
*
* %...{cipher}c: cipher used (SSL_get_cipher)
* %...{clientcert}c: client certificate information
* %...{errcode}c: X509 verify error code
* %...{errstr}c: X509 verify error string
the "c" means "crypto" or "cipher".
Any better ideas will be welcomed and implemented.
thanks,
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org/ (or login as "guest") sameer@c2.org