########################################################################### # Configuration file for http filter ########################################################################### Title = "httpd" # Which logfile group... LogFile = http # Define the log file format # # This is now the same as the LogFormat parameter in the configuration file # for httpd. Multiple instances of declared LogFormats in the httpd # configuration file can be declared here by concatenating them with the # '|' character. The default, shown below, includes the Combined Log Format, # the Common Log Format, and the default SSL log format. #$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # The following is supported for backwards compatibility, but deprecated: # Define the log file format # # the only currently supported fields are: # client_ip # request # http_rc # bytes_transfered # agent # #$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent" #$HTTP_FORMAT = "space space space brace quote space space quote quote" # Define the field formats # # the only currently supported formats are: # space = space delimited field # quote = quoted ("..") space delimited field # brace = braced ([..]) space delimited field # Flag to ignore 4xx and 5xx error messages as possible hack attempts # # Set flag to 1 to enable ignore # or set to 0 to disable $HTTP_IGNORE_ERROR_HACKS = 0 # Ignore requests # Note - will not do ANY processing, counts, etc... just skip it and go to # the next entry in the log file. # Note - The match will be case insensitive; e.g. /model/ == /MoDel/ # Examples: # 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = ^/model/\d{1,10}$ # # 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and # all URLS starting with /photographer and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = ^/model/\d{1,10}$|^/photographer/\d{1,10}$ # or simply: # $HTTP_IGNORE_URLS = ^/(model|photographer)/\d{1,10}$ # To ignore a range of IP addresses completely from the log analysis, # set $HTTP_IGNORE_IPS. For example, to ignore all local IP addresses: # # $HTTP_IGNORE_IPS = ^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\. # # For more sophisticated ignore rules, you can define HTTP_IGNORE_EVAL # to an arbitrary chunk of code. # The default is not to filter anything: $HTTP_IGNORE_EVAL = 0 # Example: # $HTTP_IGNORE_EVAL = "($field{http_rc} == 401) && ($field{client_ip}=~/^192\.168\./) && ($field{url}=~m%^/protected1/%)" # See the "scripts/services/http" script for other variables that can be tested. # The variable $HTTP_USER_DISPLAY defines which user accesses are displayed. # The default is not to display user accesses: $HTTP_USER_DISPLAY = 0 # To display access failures: # $HTTP_USER_DISPLAY = "$field{http_rc} >= 400" # To display all user accesses except "Unauthorized": # $HTTP_USER_DISPLAY = "$field{http_rc} != 401" # To raise the needed level of detail for one or more specific # error codes to display a summary instead of listing each # occurrence, set a variable like the following ones: # Raise 403 codes to detail level High #$http_rc_detail_rep_403 = 10 # Always show only summary for 404 codes #$http_rc_detail_rep_404 = 20 # vi: shiftwidth=3 tabstop=3 et