1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * See also support/check_forensic.
19 * Relate the forensic log to the transfer log by including
20 * %{forensic-id}n in the custom log format, for example:
21 * CustomLog logs/custom "%h %l %u %t \"%r\" %>s %b %{forensic-id}n"
23 * Credit is due to Tina Bird <tbird precision-guesswork.com>, whose
24 * idea this module was.
26 * Ben Laurie 29/12/2003
30 #include "http_config.h"
32 #include "apr_strings.h"
33 #include "apr_atomic.h"
34 #include "http_protocol.h"
35 #include "test_char.h"
40 module AP_MODULE_DECLARE_DATA log_forensic_module;
47 static void *make_forensic_log_scfg(apr_pool_t *p, server_rec *s)
49 fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
57 static void *merge_forensic_log_scfg(apr_pool_t *p, void *parent, void *new)
59 fcfg *cfg = apr_pcalloc(p, sizeof *cfg);
63 cfg->logname = apr_pstrdup(p, nc->logname ? nc->logname : pc->logname);
69 static int open_log(server_rec *s, apr_pool_t *p)
71 fcfg *cfg = ap_get_module_config(s->module_config, &log_forensic_module);
73 if (!cfg->logname || cfg->fd)
76 if (*cfg->logname == '|') {
78 const char *pname = ap_server_root_relative(p, cfg->logname + 1);
80 pl = ap_open_piped_log(p, pname);
82 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
83 "couldn't spawn forensic log pipe %s", cfg->logname);
86 cfg->fd = ap_piped_log_write_fd(pl);
89 const char *fname = ap_server_root_relative(p, cfg->logname);
92 if ((rv = apr_file_open(&cfg->fd, fname,
93 APR_WRITE | APR_APPEND | APR_CREATE,
94 APR_OS_DEFAULT, p)) != APR_SUCCESS) {
95 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
96 "could not open forensic log file %s.", fname);
104 static int log_init(apr_pool_t *pc, apr_pool_t *p, apr_pool_t *pt,
107 for ( ; s ; s = s->next) {
108 if (!open_log(s, p)) {
109 return HTTP_INTERNAL_SERVER_ERROR;
117 /* e is the first _invalid_ location in q
118 N.B. returns the terminating NUL.
120 static char *log_escape(char *q, const char *e, const char *p)
124 if (test_char_table[*(unsigned char *)p]&T_ESCAPE_FORENSIC) {
127 sprintf(q, "%02x", *(unsigned char *)p);
139 typedef struct hlog {
147 static int count_string(const char *p)
151 for (n = 0 ; *p ; ++p, ++n)
152 if (test_char_table[*(unsigned char *)p]&T_ESCAPE_FORENSIC)
157 static int count_headers(void *h_, const char *key, const char *value)
161 h->count += count_string(key)+count_string(value)+2;
166 static int log_headers(void *h_, const char *key, const char *value)
170 /* note that we don't have to check h->pos here, coz its been done
171 for us by log_escape */
173 h->pos = log_escape(h->pos, h->end, key);
175 h->pos = log_escape(h->pos, h->end, value);
180 static int log_before(request_rec *r)
182 fcfg *cfg = ap_get_module_config(r->server->module_config,
183 &log_forensic_module);
189 if (!cfg->fd || r->prev) {
193 if (!(id = apr_table_get(r->subprocess_env, "UNIQUE_ID"))) {
194 /* we make the assumption that we can't go through all the PIDs in
196 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
197 "mod_log_forensic: mod_unique_id must also be active");
200 ap_set_module_config(r->request_config, &log_forensic_module, (char *)id);
205 apr_table_do(count_headers, &h, r->headers_in, NULL);
207 h.count += 1+strlen(id)+1+count_string(r->the_request)+1+1;
208 h.log = apr_palloc(r->pool, h.count);
210 h.end = h.log+h.count;
214 h.pos += strlen(h.pos);
216 h.pos = log_escape(h.pos, h.end, r->the_request);
218 apr_table_do(log_headers, &h, r->headers_in, NULL);
220 ap_assert(h.pos < h.end);
224 rv = apr_file_write(cfg->fd, h.log, &n);
225 ap_assert(rv == APR_SUCCESS && n == h.count-1);
227 apr_table_setn(r->notes, "forensic-id", id);
232 static int log_after(request_rec *r)
234 fcfg *cfg = ap_get_module_config(r->server->module_config,
235 &log_forensic_module);
236 const char *id = ap_get_module_config(r->request_config,
237 &log_forensic_module);
246 s = apr_pstrcat(r->pool, "-", id, "\n", NULL);
248 rv = apr_file_write(cfg->fd, s, &n);
249 ap_assert(rv == APR_SUCCESS && n == l);
254 static const char *set_forensic_log(cmd_parms *cmd, void *dummy, const char *fn)
256 fcfg *cfg = ap_get_module_config(cmd->server->module_config,
257 &log_forensic_module);
263 static const command_rec forensic_log_cmds[] =
265 AP_INIT_TAKE1("ForensicLog", set_forensic_log, NULL, RSRC_CONF,
266 "the filename of the forensic log"),
270 static void register_hooks(apr_pool_t *p)
272 static const char * const pre[] = { "mod_unique_id.c", NULL };
274 ap_hook_open_logs(log_init,NULL,NULL,APR_HOOK_MIDDLE);
275 ap_hook_post_read_request(log_before,pre,NULL,APR_HOOK_REALLY_FIRST);
276 ap_hook_log_transaction(log_after,NULL,NULL,APR_HOOK_REALLY_LAST);
279 module AP_MODULE_DECLARE_DATA log_forensic_module =
281 STANDARD20_MODULE_STUFF,
282 NULL, /* create per-dir config */
283 NULL, /* merge per-dir config */
284 make_forensic_log_scfg, /* server config */
285 merge_forensic_log_scfg, /* merge server config */
286 forensic_log_cmds, /* command apr_table_t */
287 register_hooks /* register hooks */