# apache2 2.2 upgrade breaks logging [SOLVED]

## geowapa

The new apache 2.2 has dropped the program apache2splitlogfile.   It's no longer in the ebuild.

apache-tools provides an alternative called split-logfile2, however it creates different file names, and puts them in the root directory, not in /var/log/apache2.  

   apache2splitlogfile   /var/log/apache2/VLOG-yyyy-mm-(hostname).log

   split-logfile2           /(hostname).log

Is there any plan to restore the logging functionality of Apache 2.0?   The version with 2.2 really has broken my server logging on my test server, and I'm stuck on apache 2.0 until I can get it resolved.

Suggestion...  Please don't just drop functionality without providing some warning and recommended workarounds.  These sorts of changes make it very difficult to run a production environment.

Thanks,

GeorgeLast edited by geowapa on Fri Sep 14, 2007 1:59 am; edited 1 time in total

----------

## steveb

It is not the Gentoo Apache group which has dropped/changed the file in question. Blame the Apache Foundation for changing that file:

```
callisto ~ # tar tvjf /usr/portage/distfiles/httpd-2.2.6.tar.bz2 |grep split

-rw-r--r-- jim/staff      2386 2006-07-12 05:38 httpd-2.2.6/support/split-logfile.in

callisto ~ # tar tvjf /usr/portage/distfiles/httpd-2.2.4.tar.bz2 |grep split

-rw-r--r-- wrowe/wrowe    2386 2006-07-12 05:38 httpd-2.2.4/support/split-logfile.in

callisto ~ # tar tvjf /usr/portage/distfiles/httpd-2.0.58.tar.bz2 |grep split

-rw-r--r-- colmmacc/colmmacc    2239 2006-04-24 19:12 httpd-2.0.58/support/split-logfile.in

callisto ~ #
```

If you need that old file from a 2.0.x Apache, then extract it and use it in your new 2.2.x release.

// SteveB

----------

## geowapa

 *Quote:*   

> It is not the Gentoo Apache group which has dropped/changed the file in question. Blame the Apache Foundation for changing that file:

 

Didn't mean to cast blame, just frustrated at the unanticipated changes and effort to get things working again.  I know that I can easily locally preserve the code, but I prefer to minimize the amount of locally maintained code and stick with the official distribution.

Does anyone know the "why's" behind the change?  If there is a better way, or some reason that the old method is not recommended, I'd rather follow the recommended process.

Thanks,

George

----------

## geowapa

Interesting however... over on the apache e-mail archives there is a message from 2004 - commenting on a apache bug logged against apache2splitlogfile.   Seems that this might have been a gentoo addition?   

 *Quote:*   

> 
> 
> ------- Additional Comments From nd@perlig.de  2004-04-20 18:59 -------
> 
> This bug is Gentoo specific. There's no such code in the vanilla distribution.
> ...

 

----------

## steveb

You know that the script are exactly the same in 2.0.x and 2.2.x? Just the license changed in the new release. So the problem is not the script. It is something else.

Could you post the relevant configuration you have in your 2.0.x Apache regarding the log splitting?

// SteveB

----------

## geowapa

Maybe we are talking about different scripts???  They are very different 

From Apache 2.0:

```
  -rwxr-xr-x 1 root root 4869 Aug 25 17:32 /usr/sbin/apache2splitlogfile
```

From apache-tools:

```
  -rwxr-xr-x 1 root root 2390 Sep  7 19:41 /usr/sbin/split-logfile
```

On my test server, after Apache 2.2 upgrade:

```

 $ equery belongs apache2splitlogfile

[ Searching for file(s) apache2splitlogfile in *... ]

 $ equery belongs split-logfile

[ Searching for file(s) split-logfile in *... ]

app-admin/apache-tools-2.2.4-r4 (/usr/sbin/split-logfile)

```

On my production server - apache 2.0:

```

 $ equery belongs apache2splitlogfile

[ Searching for file(s) apache2splitlogfile in *... ]

www-servers/apache-2.0.58-r2 (/usr/sbin/apache2splitlogfile)

```

And here are some quick snips, first from apache2splitlogfile

```

    s/VLOG=(.*)[\/]*$//;

    $logs=$1;

    if($logs eq "") {$logs="/var/log/apache2";}

    $date=strftime("%Y-%m", localtime());

    $filename="${logs}/VLOG-${date}-${vhost}.log";

```

and from split-logfile

```

    if (! $is_open{$vhost}) {

        open $vhost, ">>${vhost}.log"

            or die ("Can't open ${vhost}.log");

        $is_open{$vhost} = 1;

    }

```

And from the server configurations

Production:

```

$ grep split /etc/apache2/httpd.conf

CustomLog "|/usr/sbin/apache2splitlogfile" vhost env=VLOG

```

test:

```

$ grep split /etc/apache2/modules.d/00_mod_log_config.conf

CustomLog "|/usr/sbin/split-logfile" vhost env=VLOG

```

----------

## steveb

The size does not count. But you are right. They are not 100% the same:

```
apollo ~ # diff -Naur /usr/sbin/apache2splitlogfile ./split-logfile

--- /usr/sbin/apache2splitlogfile       2007-08-26 03:17:05.000000000 +0200

+++ ./split-logfile     2007-09-14 03:24:58.668281016 +0200

@@ -1,74 +1,20 @@

 #!/usr/bin/perl

 #

-## ====================================================================

-## The Apache Software License, Version 1.1

-##

-## Copyright (c) 2000 The Apache Software Foundation.  All rights

-## reserved.

-##

-## Redistribution and use in source and binary forms, with or without

-## modification, are permitted provided that the following conditions

-## are met:

-##

-## 1. Redistributions of source code must retain the above copyright

-##    notice, this list of conditions and the following disclaimer.

-##

-## 2. Redistributions in binary form must reproduce the above copyright

-##    notice, this list of conditions and the following disclaimer in

-##    the documentation and/or other materials provided with the

-##    distribution.

-##

-## 3. The end-user documentation included with the redistribution,

-##    if any, must include the following acknowledgment:

-##       "This product includes software developed by the

-##        Apache Software Foundation (http://www.apache.org/)."

-##    Alternately, this acknowledgment may appear in the software itself,

-##    if and wherever such third-party acknowledgments normally appear.

-##

-## 4. The names "Apache" and "Apache Software Foundation" must

-##    not be used to endorse or promote products derived from this

-##    software without prior written permission. For written

-##    permission, please contact apache@apache.org.

-##

-## 5. Products derived from this software may not be called "Apache",

-##    nor may "Apache" appear in their name, without prior written

-##    permission of the Apache Software Foundation.

-##

-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED

-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR

-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

-## SUCH DAMAGE.

-## ====================================================================

-##

-## This software consists of voluntary contributions made by many

-## individuals on behalf of the Apache Software Foundation.  For more

-## information on the Apache Software Foundation, please see

-## <http://www.apache.org/>.

-##

-## Portions of this software are based upon public domain software

-## originally written at the National Center for Supercomputing Applications,

-## University of Illinois, Urbana-Champaign.

-##

-##

-

-## Heavily modified by Jean-Michel Dault <jmdault@mandrakesoft.com>

-## for use with in the Avanced Extranet Server.

-## This script can now be used with the CustomLogs directive, with a pipe.

-## When in combination with SetEnv VLOG <path>, it will write the log file

-## in the right place. Also, it splits the log automatically with a year

-## and month prefix. Finally, we open and re-close the logfile for every

-## log entry. It is slower, but it permits us to check for symlinks, and

-## flush the buffers so everything is realtime and we don't lose any entry.

-

-

+# Licensed to the Apache Software Foundation (ASF) under one or more

+# contributor license agreements.  See the NOTICE file distributed with

+# this work for additional information regarding copyright ownership.

+# The ASF licenses this file to You under the Apache License, Version 2.0

+# (the "License"); you may not use this file except in compliance with

+# the License.  You may obtain a copy of the License at

+#

+#     http://www.apache.org/licenses/LICENSE-2.0

+#

+# Unless required by applicable law or agreed to in writing, software

+# distributed under the License is distributed on an "AS IS" BASIS,

+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+# See the License for the specific language governing permissions and

+# limitations under the License.

+#

 #

 # This script will take a combined Web server access

 # log file and break its contents into separate files.

@@ -80,16 +26,15 @@

 # The combined log file is read from stdin. Records read

 # will be appended to any existing log files.

 #

+%is_open = ();

-use POSIX qw(strftime);

-

-while (<STDIN>) {

+while ($log_line = <STDIN>) {

     #

     # Get the first token from the log record; it's the

     # identity of the virtual host to which the record

     # applies.

     #

-    ($vhost) = split /\s/;

+    ($vhost) = split (/\s/, $log_line);

     #

     # Normalize the virtual host name to all lowercase.

     # If it's blank, the request was handled by the default

@@ -98,25 +43,25 @@

     #

     $vhost = lc ($vhost) or "access";

     #

-

-    s/VLOG=(.*)[\/]*$//;

-    $logs=$1;

-    if($logs eq "") {$logs="/var/log/apache2";}

-    $date=strftime("%Y-%m", localtime());

-    $filename="${logs}/VLOG-${date}-${vhost}.log";

-    if (-l $filename) {

-       die "File $filename is a symlink, writing too dangerous, dying!\n";

+    # if the vhost contains a "/" or "\", it is illegal so just use

+    # the default log to avoid any security issues due if it is interprted

+    # as a directory separator.

+    if ($vhost =~ m#[/\\]#) { $vhost = "access" }

+    #

+    # If the log file for this virtual host isn't opened

+    # yet, do it now.

+    #

+    if (! $is_open{$vhost}) {

+        open $vhost, ">>${vhost}.log"

+            or die ("Can't open ${vhost}.log");

+        $is_open{$vhost} = 1;

     }

-    open LOGFILE, ">>$filename"

-            or die ("Can't open $filename");

     #

     # Strip off the first token (which may be null in the

     # case of the default server), and write the edited

     # record to the current log file.

     #

-    s/^\S*\s+//;

-    print LOGFILE $_;

-    close(LOGFILE);

+    $log_line =~ s/^\S*\s+//;

+    printf $vhost "%s", $log_line;

 }

-

-exit(0);

+exit 0;

apollo ~ #
```

Looking at the source you will notice this:

```
# This script will take a combined Web server access

# log file and break its contents into separate files.

# It assumes that the first field of each line is the

# virtual host identity (put there by "%v"), and that

# the logfiles should be named that+".log" in the current

# directory.

#

# The combined log file is read from stdin. Records read

# will be appended to any existing log files.
```

And as you see in the split-logfile source... the upstream have changed the way logs are splitted. The date part is gone and the default log path. If you need that functionality, then consider using the old log splitting file or post upstream at Apache that you need that function and that you want that function back.

I really was under the impression that the file has not changed beside the header. Maybe the Gentoo Apache team is patching that file? I am to sleepy to check that right now. But feel free to compare 2.0.x with 2.2.x.

// SteveB

----------

## geowapa

No problem, and thanks so much for the help.

I'm coming to suspect that because of file handle issues when logging a large number of vhosts, upstream may have moved to a batch split instead of the piped splitting that apache2splitlogfile does.

I've found some other references courtesy of Google that deal with the issue with splitting logfiles.

BTW, I just downloaded the 2.0 distribution from apache.org and it does not contain the apache2splitlogfile, so it must be a gentoo addition to the distribution.  And looking at the 2.0 ebuild, apache2splitlogfile is extracted from the Patches

```

        for i in apache2logserverstatus apache2splitlogfile; do

                doexe ${GENTOO_PATCHDIR}/scripts/${i}

```

Thanks again,

I'll mark this resolved.

George

----------

## steveb

Okay

----------

