Hi all, I am hosting several virtual hosts and I need to provide access log reports (like awstats) for my clients. I would like to know if any of the following alternatives is possible: 1. Is it possible to have diferent access log files for each virtual host? 2. Is it possible to include the "%v" (virtualhost) field in the current access log? I'm using Zope 2.6 from Debian sarge. Thanks in advance, -- Luiz Fernando B. Ribeiro Engenho Soluções para a Internet +55 11 6959-7610
--On Montag, 9. Mai 2005 15:17 Uhr -0300 "Luiz Fernando B. Ribeiro" <luiz@engenhosolucoes.com.br> wrote:
Hi all,
I am hosting several virtual hosts and I need to provide access log reports (like awstats) for my clients. I would like to know if any of the following alternatives is possible:
1. Is it possible to have diferent access log files for each virtual host?
Let Apache write the logfiles per vhost. Andreas
On May 9, 2005, at 20:17, Luiz Fernando B. Ribeiro wrote:
Hi all,
I am hosting several virtual hosts and I need to provide access log reports (like awstats) for my clients. I would like to know if any of the following alternatives is possible:
1. Is it possible to have diferent access log files for each virtual host?
2. Is it possible to include the "%v" (virtualhost) field in the current access log?
No on both counts. I suggest you use something in front of Zope, like Apache, and analyze its logs instead. jens
Hi all, I've been going through the list archives looking for tips on logging (getting sensible statistics from my log files). At the moment I have the setup recommended by most posts, namely multiple Apache virtual hosts that proxies requests to a single Zope instance. I would like to know how I can get Apache to log the current Zope user. Here's an example from my Apache access_log: 10.0.0.100 - - [02/May/2006:15:32:18 +0200] "GET / HTTP/1.1" 200 35721 Which results in this entry from my Z2.log: 127.0.0.1 - adp [02/May/2006:15:32:21 +0200] "GET /VirtualHostBase/http/mysite.com:80/vhosts/mysite.com/VirtualHostRoot/ HTTP/1.1" 200 36054 "" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2" The current user is logged by Zope, but not by Apache. Is there a way to make Apache aware of who is logged in through Zope? Regards, Andreas Jens Vagelpohl wrote:
On May 9, 2005, at 20:17, Luiz Fernando B. Ribeiro wrote:
Hi all,
I am hosting several virtual hosts and I need to provide access log reports (like awstats) for my clients. I would like to know if any of the following alternatives is possible:
1. Is it possible to have diferent access log files for each virtual host?
2. Is it possible to include the "%v" (virtualhost) field in the current access log?
No on both counts. I suggest you use something in front of Zope, like Apache, and analyze its logs instead.
jens
_____________________________________________________________________________________________ This e-mail contains official information from Quality Business Consultants (Pty) Ltd and is intended for use by the addressee only. Important notice: Important restrictions, qualifications and disclaimers ("the Disclaimer") apply to this email. To read this click on the following address: http://www.qbcon.com/disclaimer The Disclaimer forms part of the content of this email in terms of section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you are unable to access the Disclaimer, send a blank e-mail to disclaimer@qbcon.com and we will send you a copy of the Disclaimer.
Andreas Pauley wrote:
I would like to know how I can get Apache to log the current Zope user. Here's an example from my Apache access_log: 10.0.0.100 - - [02/May/2006:15:32:18 +0200] "GET / HTTP/1.1" 200 35721
Which results in this entry from my Z2.log: 127.0.0.1 - adp [02/May/2006:15:32:21 +0200] "GET /VirtualHostBase/http/mysite.com:80/vhosts/mysite.com/VirtualHostRoot/ HTTP/1.1" 200 36054 "" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2"
O, I forgot to mention that the sites run Plone, which I assume uses cookies instead of HTTP headers for authentication. _____________________________________________________________________________________________ This e-mail contains official information from Quality Business Consultants (Pty) Ltd and is intended for use by the addressee only. Important notice: Important restrictions, qualifications and disclaimers ("the Disclaimer") apply to this email. To read this click on the following address: http://www.qbcon.com/disclaimer The Disclaimer forms part of the content of this email in terms of section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you are unable to access the Disclaimer, send a blank e-mail to disclaimer@qbcon.com and we will send you a copy of the Disclaimer.
Andreas Pauley wrote at 2006-5-2 15:57 +0200:
... I would like to know how I can get Apache to log the current Zope user. Here's an example from my Apache access_log: 10.0.0.100 - - [02/May/2006:15:32:18 +0200] "GET / HTTP/1.1" 200 35721
Of course, you cannot, unless Apache performs the authentication. When I remember right, then there is an Apache module (for modern Apache versions) that allows authentication to be done by an external system (e.g. LDAP or Zope). If you use Apache for authentication, you can use "REMOTE_USER" to inform Zope about the authenticated user. Search the archive in order to find out about details. -- Dieter
Dieter Maurer wrote:
Andreas Pauley wrote at 2006-5-2 15:57 +0200:
... I would like to know how I can get Apache to log the current Zope user. Here's an example from my Apache access_log: 10.0.0.100 - - [02/May/2006:15:32:18 +0200] "GET / HTTP/1.1" 200 35721
Of course, you cannot, unless Apache performs the authentication.
Actually, not strictly speaking true ;-) If your Zope auth solution can put a header in the http response, then you can use a custom apache logging directive to put this in your Apache log in place of what it thinks the username is. I've used this quite successfully on one large project... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Dear list,
I've been going through the list archives looking for tips on logging (getting sensible statistics from my log files). At the moment I have the setup recommended by most posts, namely multiple Apache virtual hosts that proxies requests to a single Zope instance.
I would like to know how I can get Apache to log the current Zope user. Here's an example from my Apache access_log: 10.0.0.100 - - [02/May/2006:15:32:18 +0200] "GET / HTTP/1.1" 200 35721
Which results in this entry from my Z2.log: 127.0.0.1 - adp [02/May/2006:15:32:21 +0200] "GET /VirtualHostBase/http/mysite.com:80/vhosts/mysite.com/VirtualHostRoot/ HTTP/1.1" 200 36054 "" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2"
The current user is logged by Zope, but not by Apache. Is there a way to make Apache aware of who is logged in through Zope? I'm also trying to do the same thing. I want either to modify the zope log in order to show the real user IP and replace the referrer by the one the user typed in the browser (without everything between VirtualHostBase and VirtualHostRoot) or just return the authenticated user to apache.
I read the answer from Dieter and unfortunately I'm not authenticating from Apache. So, I went for the approach indicated by Chris Withers without any success:
If your Zope auth solution can put a header in the http response, then > you can use a custom apache logging directive to put this in your Apache log in place of what it thinks the username is. I put this on the "log" method of the medusa/http_server.py file: self.response.setHeader('remote_user',name)
and set my apache access log like this: CustomLog /home/apache/httpd/logs/access_log combined The combined log is defined as follows: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined There you see the %l and %u directives, which are the "Remote logname" and the "Remote user". But apache still doesn't get the zope authenticated user. So, Chris, do you remember what header you set, where, and which method you used? On the other hand, I also tried to do it the opposite way: modify the zope log in order to show the real ip address and remove every VirtualHost info from the referrer. I achieved the first part by using the following patch: http://www.zope.org/Collectors/Zope/1732 Then I tried the following in the "log" method of the medusa/http_server.py file: referer=getattr(self,'VIRTUAL_URL_PARTS',None) #I tried this as well #referer=getattr(self.request,'VIRTUAL_URL_PARTS',None) if not referer: referer=self.get_header('referer') if not referer: referer='' else: referer='/' + referer[1] But it seems that I can't access the 'VIRTUAL_URL_PARTS' key. How can I get this information? Thanks in advanced, Josef
I read the answer from Dieter and unfortunately I'm not authenticating from Apache. So, I went for the approach indicated by Chris Withers without any success:
If your Zope auth solution can put a header in the http response, then > you can use a custom apache logging directive to put this in your Apache log in place of what it thinks the username is. I put this on the "log" method of the medusa/http_server.py file: self.response.setHeader('remote_user',name)
and set my apache access log like this: CustomLog /home/apache/httpd/logs/access_log combined
The combined log is defined as follows: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
There you see the %l and %u directives, which are the "Remote logname" and the "Remote user".
But apache still doesn't get the zope authenticated user. So, Chris, do you remember what header you set, where, and which method you used? Ok, Answering to this question. I guess I had to set the header inside the authenticate method of the BasicUserFolder class. Here is what I did:
def authenticate(self, name, password, request): emergency = self._emergency_user user = None if name is None: pass else: if emergency and name==emergency.getUserName(): user = emergency else: user = self.getUser(name) if user is not None and user.authenticate(password, request): pass else: user = None logUser = 'Anonymous' if (user != None): logUser = user.getUserName() request.response.setHeader('remote-user',logUser) return user The header is set, but apache still doesn't get it, so, I guess I'm using the wrong name. What header should I use? Regards Josef
Josef Meile wrote:
If your Zope auth solution can put a header in the http response, then > you can use a custom apache logging directive to put this in your Apache log in place of what it thinks the username is. I put this on the "log" method of the medusa/http_server.py file: self.response.setHeader('remote_user',name)
As you've found out, this is the wrong level to do this ;-)
and set my apache access log like this: CustomLog /home/apache/httpd/logs/access_log combined
The combined log is defined as follows: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
There you see the %l and %u directives, which are the "Remote logname" and the "Remote user".
Yeah, these aren't the ones you want to be using ;-)
But apache still doesn't get the zope authenticated user. So, Chris, do you remember what header you set, where, and which method you used? Ok, Answering to this question. I guess I had to set the header inside the authenticate method of the BasicUserFolder class. Here is what I did:
def authenticate(self, name, password, request): emergency = self._emergency_user user = None if name is None: pass else: if emergency and name==emergency.getUserName(): user = emergency else: user = self.getUser(name) if user is not None and user.authenticate(password, request): pass else: user = None logUser = 'Anonymous' if (user != None): logUser = user.getUserName() request.response.setHeader('remote-user',logUser)
Well, I wouldn't use that header, try using X-MyUserName instead, and then in the apache config you'd use %{X-MyUserName}o hth, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
If your Zope auth solution can put a header in the http response, then > you can use a custom apache logging directive to put this in your Apache log in place of what it thinks the username is. I put this on the "log" method of the medusa/http_server.py file: self.response.setHeader('remote_user',name)
As you've found out, this is the wrong level to do this ;-) Yes, I must confess I didn't read your suggestion the first time.
and set my apache access log like this: CustomLog /home/apache/httpd/logs/access_log combined
[Some Apache config comes here]... There you see the %l and %u directives, which are the "Remote logname" and the "Remote user".
Yeah, these aren't the ones you want to be using ;-)
But apache still doesn't get the zope authenticated user. So, Chris, do you remember what header you set, where, and which method you used? Ok, Answering to this question. I guess I had to set the header inside the authenticate method of the BasicUserFolder class. Here is what I did:
def authenticate(self, name, password, request):
[Some code comes here]... request.response.setHeader('remote-user',logUser)
Well, I wouldn't use that header, try using X-MyUserName instead, and then in the apache config you'd use %{X-MyUserName}o Thanks Chris, that was exactly what I was looking for. Now Apache logs the correct authenticated user.
Regards Josef
participants (7)
-
Andreas Jung -
Andreas Pauley -
Chris Withers -
Dieter Maurer -
Jens Vagelpohl -
Josef Meile -
Luiz Fernando B. Ribeiro