Follow Us on Twitter

Rotate ssl_request_log in ssl.conf

by Ian Hoogeboom on April 16, 2010 · 5 comments

The CustomLog directive is used for the ssl_request_log, but unlike the ErrorLog or TransferLog directive in the httpd.conf or ssl.conf log, the CustomLog takes multiple arguments.

The trick is to use the “|” (pipe) character in only the filename, leaving the second argument untouched. This will result in the rotation.

This is great, because the ssl_request_log in Oracle AS (10.1.2) is not rotated by default, resulting a log of gigabytes after a couple of months.

Without rotation

CustomLog "<filename>" "<parameters>"

CustomLog logs\ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Solution Using rotation

CustomLog "|<midtier>\Apache\Apache\bin\rotatelogs <filename> <size>" "<parameters>"

CustomLog "|<midtier>\Apache\Apache\bin\rotatelogs logs\ssl_request_log 43200" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Using rotation with alias

To make it a bit more readable, one can use the LogFormat alias:

LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_request_format

CustomLog "|<midtier>\Apache\Apache\bin\rotatelogs logs\ssl_request_log 43200" ssl_request_format

Of course, replace <midtier> with your midtier destination.

More info on the CustomLog directive, see the Apache website.

Ratings:
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

{ 5 comments… read them below or add one }

gaurav August 14, 2012 at 8:53 am

Could you please let me know how to the rotate access logs present in Httpd-ssl.conf….

I was able to rotate the ssl_request_log but was not able to rotate the access logs in the same conf file

Reply

Raghu February 14, 2013 at 4:20 pm

Hi,
I have a Apache.2.2.22 in web-tier and WebLogic-10.3.5 in app-tier. I’m using Apache’s piped logfile feature to rotate log files every night and is working fine as expected for “Access_Log”, “Error_Log”, “SSL_Request_Log” – but not for WebLogic-Proxy-Log (WLLogfile).
I’m not sure whether WebLogic Module supports this feature or not…. please let me know if any way to rotate WL-Proxy logs every day by using Apache’s ‘rotatelog’ feature.

Below are my settings.
——————————————————————————–
LoadModule weblogic_module modules/mod_wl_22.so

KeepAliveEnabled ON
KeepAliveSecs 120
SecureProxy ON
TrustedCAFile /cust/apache-2.2.22/ssl/certificate.crt
Debug ALL
WLLogFile “|/cust/apache-2.2.22/bin/rotatelogs /tmp/wl-proxy.log.%Y%m%d 86400 -480”
RequireSSLHostMatch false
WLIOTimeOutSecs 600
Idempotent OFF

——————————————————————————–

Same ‘rotatelogs’ syntax (Below) are working fine for Access/Error/SSL Logs.
ErrorLog “|/cust/apache-2.2.22/bin/rotatelogs /cust/apache-2.2.22/logs/error.log.%Y%m%d 86400 -480”
CustomLog “|/cust/apache-2.2.22/bin/rotatelogs /cust/apache-2.2.22/logs/access.log.%Y%m%d 86400 -480” combined

Any idea to rotate ‘WLLogFile’ logs would be highly appreciated.

Reply

Tony van Esch February 14, 2013 at 10:27 pm

Hi Raghu,

Replace the WLLogFile entry with CustomLog as described in the Apache documentation here: http://httpd.apache.org/docs/2.2/logs.html#piped

CustomLog “|/cust/apache-2.2.22/bin/rotatelogs /tmp/wl-proxy.log.%Y%m%d 86400 -480″ combined

Hope this helps,
Tony van Esch

Reply

Devendra May 30, 2013 at 10:33 pm

hi Gaurav,,
can u please tell me how to rotate ssl request log and which file u have done this setting bcauz i have doing same getting error.

thanks advance.

devendra

Reply

fan February 4, 2016 at 5:03 pm

Nice work Ian. Thank you for the writeup.
Your “Using rotation with alias” works like a charm.
Thank you.

Reply

Leave a Comment

 

Previous post:

Next post:

About Whitehorses
Company profile
Services
Technology

Whitehorses website

Home page
Whitebooks
Jobs

Follow us
Blog post RSS
Comment RSS
Twitter