Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Help! Script to Remove Code* log entries' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Help! Script to Remove Code* log entries
Authored by: sharumpe on Sep 21, '01 04:49:51PM

The problem with doing something like this is that you have to run it as root or some other use with permissions on the log files. Probably the easiest way would be like this:

egrep -v "(default.ida|(cmd|root).exe)" /var/logs/httpd/access_log > /var/logs/httpd/new_access_log

This filters codered and nimda traces from your logs and leaves the 'new' log in new_access_log. If you want to have a LOT of fun (grin) you can edit your /etc/httpd/httpd.conf file like so:

(look for)
CustomLog "/var/log/httpd/access_log" common

(replace with)
CustomLog "| egrep -v '(default.ida|(cmd|root).exe)' >> /var/logs/httpd/access_log"

This does the filtering on-the-fly. Please note that this is not guaranteed to work exactly as typed here - this is from memory and has not been tested. But the concept is there. :)

Mr. Sharumpe



[ Reply to This | # ]
Help! Script to Remove Code* log entries
Authored by: sharumpe on Sep 21, '01 04:56:53PM

Oops - that (replace with) should read:

CustomLog "|/usr/bin/egrep -v '(default.ida|(cmd|root).exe)' >> /var/log/httpd/access_log" common

Mr. Sharumpe



[ Reply to This | # ]
Help! Script to Remove Code* log entries
Authored by: Anonymous on Sep 22, '01 08:01:16PM

Thanks for the egrep commands, they work great. I couldn't get the Apache conf log to work however. Apache starts but the access_log no longer functions (I use Apache 1.3.20). I'm not sure why. It's ok though, this way I log everything and have cron run a log cleaner script to get rid of all the entries I dont want to see in my stats. This has made the analog/report magic stats page much more useful! Thanks again.

Y



[ Reply to This | # ]