Skip to main content
Version: 7.2405.x.x LTS

Using the Apache CustomLog

You may configure additional log facilities using the CustomLog directive of the Apache server within the navajo.xml file. These log facilities may be configured on instance (Server node) or connector (Connector node) level by using either the CustomLog attribute or the CustomLogs child node (if you require many). You may use all the built-in variables of the Apache server as well as the NProxyOp attributes described in the table NProxyOp/Apache tracing description.

Example:

<Server
...
User="nvpuser">
<CustomLogs>"|/opt/nevisproxy/bin/bclogmgr size=100000000 archives=5
/var/opt/nevisproxy/default/logs/custom.log" "{ \"time\": \"%t\", \"ip\": \"%h\",
\"reqF\": \"%r\", \"dTr1B\": \"%{dTr1B}e\" }"</CustomLogs>
</Server>

The default navajo.xml file comes with a CustomLog entry but it is safe to remove it.

For more information on the CustomLog directive, see http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#customlog.

Conditional log

Apache's CustomLog directive may also be used to log conditionally by checking the existence of an environment variable.

The following example shows how to write a dedicated log file containing the ciphers used by clients when communicating to nevisProxy. A Lua script within the CipherTrace filter sets the lua_cipher_changed variable, whenever a log message shall be written while the CipherTraceLogger configures the log appender.

<filter>
<filter-name>CipherTrace</filter-name>
<filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>

<init-param>
<param-name>Script.InputHeaderFunctionName</param-name>
<param-value>cipherLock</param-value>
</init-param>

<init-param>
<param-name>Script</param-name>
<param-value>
function cipherLock(request, response)
currentCipher = request:getEnv("SSL_CIPHER")
if currentCipher == nil then
return
end
session = request:getSession(true)
prevCipher = session:getAttribute("lua:cipher")
if prevCipher == nil then
session:setAttribute("lua:cipher", currentCipher)
request:setEnv("lua_cipher_changed", "initial")
request:setEnv("lua_cipher", currentCipher)
else
if currentCipher ~= prevCipher then
session:setAttribute("lua:cipher", currentCipher)
request:setEnv("lua_cipher_changed", "changed")
request:setEnv("lua_cipher", currentCipher)
end
end
end
</param-value>
</init-param>
</filter>

<filter>
<filter-name>CihperTraceLogger</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}_x:servlet:ApacheConfigFilter</filter-class>
<filter-lib>@PKG_HOME@/webapp/WEB-INF/lib/libApache${HTTPD_LIB_VERSION}_Servlet.so.1</filter-lib>
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
CustomLog "|@PKG_HOME@/bin/bclogmgr size=100000000 archives=5 @PKG_VAR@/${PKG_INSTANCE}/logs/cipher.log" "{ \"time\": \"%t\", \"ip\": \"%h\", \"reqF\": \"%r\", \"trID\": \"%{UNIQUE_ID}e\", \"cipher\": \"%{lua_cipher}e\", \"reason\": \"%{lua_cipher_changed}e\" }" env=lua_cipher_changed
</param-value>
</init-param>
</filter>