Patch #9281
open
easy logging of usernames in apache access logs via custom response header
100%
Files
Updated by Karel Pičman about 13 years ago
Can you provide an information how to configure Apache web sever to see this information in the access log? I've added this line in my httpd.conf:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
but there is just '-' instead of a user name in the log file:
192.168.xxx.xxx - - [26/Sep/2011:13:35:14 +0200] "GET /javascripts/application.js?1310384844 HTTP/1.1" 304 229 "https://xxxx/projects/xxxx" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
From my point of view there should be :
response.headers["X-Username"] = User.current.logininstead of:
response.headers["X-Username"] = User.current.name(:username)because the login is unique, not the user name.
Updated by Robert Hailey about 13 years ago
Can you provide an information how to configure Apache web sever to see this information in the access log?
Rather than "%s" you should use "%{X-Username}o".
For example, I've created an "alternate" logging scheme in my httpd.conf:
LogFormat "%{%F %Tz}t %h %{X-Username}o \"%r\" %>s %O %D" alternate
...and then in the redmine-specific config:
CustomLog /var/log/apache2/access_redmine.log alternate
...which yields log lines like this:
2011-09-26 14:03:50z xxx.xxx.xxx.xxx rhailey "GET /news/3 HTTP/1.1" 200 3790 313207
From my point of view there should be [...] instead of [...]
because the login is unique, not the user name.
I'm not familiar with the inner workings of redmine, or ruby in general. It took me some time to come up with that patch, and at one time I had tried 'login' and it did not work (in retrospect, it was probably a different issue).
As best I can tell, the name(:username) syntax reduces to 'login', but at the cost of a function call.
Updated by Robert Hailey about 13 years ago
...typo, I meant rather than "%u"...
Updated by Karel Pičman about 13 years ago
Thanks. It works fine now. Unfortunately the user is not logged by all log records:
192.xxx.xxx.xxx - - picmank [27/Sep/2011:09:35:13 +0200] "GET /my/account HTTP/1.1" 200 6612 "https://xxx/" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2" 192.xxx.xxx.xxx - - - [27/Sep/2011:09:35:13 +0200] "GET /javascripts/prototype.js?1310384844 HTTP/1.1" 304 229 "https://xxx/my/account" "Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"
Updated by Robert Hailey about 13 years ago
... the user is not logged by all log records:
True, it is unfortunate that this does not log the usernames that access static files, but it gets all the "important" log lines (GET with database access, and POST modifications).
I'm not sure logging usernames for static final access is practical (can you intercept a request for a file?).
In any event, I'm glad it's working for you.