Project

General

Profile

Actions

Patch #9281

open

easy logging of usernames in apache access logs via custom response header

Added by Robert Hailey over 12 years ago. Updated over 12 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Administration
Target version:
-
Start date:
2011-09-20
Due date:
% Done:

100%

Estimated time:

Files

loggable_usernames.patch (506 Bytes) loggable_usernames.patch Robert Hailey, 2011-09-20 07:20
Actions #1

Updated by Karel Pičman over 12 years ago

Can you provide an information how to configure Apache web sever to see this information in the access log? I've added this line in my httpd.conf:

LogFormat "%h %l %u %t \"%r\" %>s %b" common

but there is just '-' instead of a user name in the log file:

192.168.xxx.xxx - - [26/Sep/2011:13:35:14 +0200] "GET /javascripts/application.js?1310384844 HTTP/1.1" 304 229 "https://xxxx/projects/xxxx" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"

From my point of view there should be :

response.headers["X-Username"] = User.current.login

instead of:
response.headers["X-Username"] = User.current.name(:username)

because the login is unique, not the user name.

Actions #2

Updated by Robert Hailey over 12 years ago

Can you provide an information how to configure Apache web sever to see this information in the access log?

Rather than "%s" you should use "%{X-Username}o".

For example, I've created an "alternate" logging scheme in my httpd.conf:

LogFormat "%{%F %Tz}t %h %{X-Username}o \"%r\" %>s %O %D" alternate

...and then in the redmine-specific config:

CustomLog /var/log/apache2/access_redmine.log alternate

...which yields log lines like this:

2011-09-26 14:03:50z xxx.xxx.xxx.xxx rhailey "GET /news/3 HTTP/1.1" 200 3790 313207

From my point of view there should be [...] instead of [...]
because the login is unique, not the user name.

I'm not familiar with the inner workings of redmine, or ruby in general. It took me some time to come up with that patch, and at one time I had tried 'login' and it did not work (in retrospect, it was probably a different issue).

As best I can tell, the name(:username) syntax reduces to 'login', but at the cost of a function call.

Actions #3

Updated by Robert Hailey over 12 years ago

...typo, I meant rather than "%u"...

Actions #4

Updated by Karel Pičman over 12 years ago

Thanks. It works fine now. Unfortunately the user is not logged by all log records:

192.xxx.xxx.xxx - - picmank [27/Sep/2011:09:35:13 +0200] "GET /my/account HTTP/1.1" 200 6612 "https://xxx/" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2" 
192.xxx.xxx.xxx - - - [27/Sep/2011:09:35:13 +0200] "GET /javascripts/prototype.js?1310384844 HTTP/1.1" 304 229 "https://xxx/my/account" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
Actions #5

Updated by Robert Hailey over 12 years ago

... the user is not logged by all log records:

True, it is unfortunate that this does not log the usernames that access static files, but it gets all the "important" log lines (GET with database access, and POST modifications).

I'm not sure logging usernames for static final access is practical (can you intercept a request for a file?).

In any event, I'm glad it's working for you.

Actions

Also available in: Atom PDF