[Gllug] Apache log files
damion.yates at gmail.com
damion.yates at gmail.com
Wed Apr 8 15:01:40 UTC 2009
On Wed, 8 Apr 2009, Peter Corlett wrote:
> On Wed, Apr 08, 2009 at 02:49:15PM +0100, John Hearns wrote: [...]
> > That's more like it. But I can still make out access.log - so I can
> > figure out it does something with access logs. More compression!
> > More confusion!
>
> Nah, that's a terrible idea. The original, non-obfuscated version I
> slapped together in a few minutes is this one, which should be more
> obvious:
>
> #!/usr/bin/env perl
> use warnings;
> use strict;
>
> my($fh, $curpath);
>
> while(<>) {
> my($day, $month, $year) = (m~\[(..)/(...)/(....):~);
> die "Regex match failed" unless defined $1; # regex sanity check
> my $path = "$year-$month-$day.access.log";
>
> unless($fh && $curpath eq $path) {
> $curpath = $path;
> open $fh, '>', $path or die "Can't create $path: $!";
> }
Maybe I'm missing something but it looks like this will blat a file of
name $path every time it changes (back), so if a log entry contains
05/Mar/2009 and then 06/Mar/2009, but later returns to 05/Mar/2009, you
wipe all previously logged 05/Mar/2009 entries.
It might sound a little unlikely, but perhaps the user-fed-in data (the
<>), might contain some multiple, overlapping logs, maybe part of a pipe
from zcat, or apache processes/threads might write either side of
midnight? Maybe your regex (which should use \d and \w where necessary
and be bound by \s), will match a referrer (user's browser supplied),
which isn't escaped and so could contain the [ and / around the right
number of characters?
Damion
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list