marianhe
asked on
Apache virtual hosts - logging outgoing traffic
Let's consider Apache web server which hosts dozens of named virtual hosts.
It's possible somehow to log outgoing traffic?
Requirement is to have virtual host name logged.
I need that for security reasons, for example hacked PHP/system cron or
modified PHP code of applications.
Possible solution would be to use iptables firewall with Owner match extension.
It's possible somehow to log outgoing traffic?
Requirement is to have virtual host name logged.
I need that for security reasons, for example hacked PHP/system cron or
modified PHP code of applications.
Possible solution would be to use iptables firewall with Owner match extension.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your first part of the post is irrelevant.
I emphasized word "OUTGOING". Apache logs are for incoming traffic.
I emphasized word "OUTGOING". Apache logs are for incoming traffic.
Apache logs include the outgoing transfer in response to the incoming request.
Typically these are used in the hosting environment to measure and control bandwidth and resource usage on a server. You can also use the CustomLog directive to seperate "incoming" and "outgoing" traffic in to different logs - and if required include the virtual host name. The amount of detail in the Apache log files is up to you, and reading the Apache documentation will certainly help you with that. There is also a couple of Apache modules that can be used to include additional transport layer information.
Although you have not mentioned explicitly that you are using Linux, its assumed here, and there are a great number of Open Source tools available to log activity on a Linux server, CSF is one that immediately comes to mind.
Typically these are used in the hosting environment to measure and control bandwidth and resource usage on a server. You can also use the CustomLog directive to seperate "incoming" and "outgoing" traffic in to different logs - and if required include the virtual host name. The amount of detail in the Apache log files is up to you, and reading the Apache documentation will certainly help you with that. There is also a couple of Apache modules that can be used to include additional transport layer information.
Although you have not mentioned explicitly that you are using Linux, its assumed here, and there are a great number of Open Source tools available to log activity on a Linux server, CSF is one that immediately comes to mind.
You need to be able to access the http.conf file and in each virtual host add "custom log" lines.
For instance:
Open in new window
Obviously you should change the path and filenames to suit your environment.
These log files will become quite large over time (depending on how busy the server is) and you should rotate the log files for each virtual host at least monthly, if not more.
For more detailed explanations see: http://httpd.apache.org/docs/2.2/vhosts/
If you are looking a "system" reated traffic - not handled by Apache (bearing in mind that Apache will handle PHP in almost all cases) - then that is different. Here you would need to set up a "syslog" server instance, and then create a number of MRTG and IPTABLES rules.
The best solution if you are not familiar with running a web facing server would be install a Hosting Management system (for Linux CPanel is popular).