Bug 166230
Summary: | Admin Server management window misparses access log | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Directory Server | Reporter: | Sean Cotter <ccotter> | ||||||
Component: | UI - Configuration | Assignee: | Rich Megginson <rmeggins> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 8.1 | CC: | benl, dlackey, jgalipea, nkinder, sbonnevi | ||||||
Target Milestone: | DS8.1 | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-04-29 22:57:54 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 152373, 249650, 493682 | ||||||||
Attachments: |
|
Description
Sean Cotter
2005-08-18 03:38:03 UTC
Created attachment 326632 [details]
diffs
Created attachment 326664 [details]
cvs commit log
Reviewed by: nkinder (Thanks!)
Fix Description: Look for ' - ' instead of just a '-'
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
*** Bug 165822 has been marked as a duplicate of this bug. *** I am seeing the IP address rather than a hostname in these log entries now - please advice. Thanks Jenny (In reply to comment #6) > I am seeing the IP address rather than a hostname in these log entries now - > please advice. Thanks Jenny Can the admin server do a reverse host/DNS lookup to determine the hostname from the IP address? If so, you should see the hostname. If not, you should see errors in the error log to that effect. I can do a reverse lookup - but I do see the error messages too. [jgalipea@jgalipea ~]$ ssh root.redhat.com root.redhat.com's password: Last login: Thu Feb 26 11:47:17 2009 [root@dhcp-100-2-17 ~]# nslookup 10.16.2.17 Server: 10.16.255.2 Address: 10.16.255.2#53 17.2.16.10.in-addr.arpa name = dhcp-100-2-17.bos.redhat.com. [Thu Feb 26 13:14:41 2009] [notice] [client 10.16.2.17] admserv_host_ip_check: ap_get_remote_host could not resolve 10.16.2.17 (In reply to comment #8) > I can do a reverse lookup - but I do see the error messages too. > > [jgalipea@jgalipea ~]$ ssh root.redhat.com > root.redhat.com's password: > Last login: Thu Feb 26 11:47:17 2009 > [root@dhcp-100-2-17 ~]# nslookup 10.16.2.17 > Server: 10.16.255.2 > Address: 10.16.255.2#53 > > 17.2.16.10.in-addr.arpa name = dhcp-100-2-17.bos.redhat.com. > > [Thu Feb 26 13:14:41 2009] [notice] [client 10.16.2.17] admserv_host_ip_check: > ap_get_remote_host could not resolve 10.16.2.17 Looks like you need to enable HostnameLookups http://httpd.apache.org/docs/1.3/mod/core.html#hostnamelookups It is a security thing - it takes resources to do a reverse lookup every time - so you want to make sure that your server can handle the extra load We should add this to the docs You should be able to add this directive to /etc/dirsrv/admin-serv/console.conf We should also add this directive to the default console.conf we ship I am going to re-open the bug to take care of the console.conf directive. If we add it - do we still need to doc it? When I filed the original bug #165822 against the Netscape Enterprise Server version of Admin Server, I wasn't thinking about the implication that the equivalent of Apache's 'HostnameLookups on' was set, and what this implied about all the extra DNS lookups that were being generated. It might actually make sense from a performance perspective to leave this off to avoid generating the extra DNS lookups...the logs were (are?) in Common Log Format, so an offline tool like Webalizer could be used by an admin to analyze the logs if the hostnames matter. On the other hand, I can see the argument in favor of turning them on to avoid a change in logging behavior. Not sure how much overhead this actually adds, either. We still need to add documentation for it for existing installations, in case they want to see hostnames in the logs. Added HostnameLookups Checking in console.conf.in; /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v <-- console.conf.in new revision: 1.5; previous revision: 1.4 done fix verified - DS 8.1 RHEL 5 # By default, the log files will only log the client IP address, # not the hostname, to avoid having to do a DNS lookup # for each request. If HostnameLookups is off, you will also see # notices in the error log saying that # admserv_host_ip_check: ap_get_remote_host could not resolve the IP address # If you want to have hostnames in the log instead of IP addresses, change # this to "on". Use a value of "double" to make it do double reverse DNS lookups. HostnameLookups off with HostnameLookups on [root@dhcp-100-2-17 ~]# tail -f /var/log/dirsrv/admin-serv/access dhcp-100-2-17.bos.redhat.com - admin [19/Mar/2009:11:04:25 -0400] "GET /admin-serv/authenticate HTTP/1.0" 200 421 dhcp-100-2-17.bos.redhat.com - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [19/Mar/2009:11:04:32 -0400] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 dhcp-100-2-17.bos.redhat.com - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [19/Mar/2009:11:04:32 -0400] "GET /admin-serv/tasks/operation/StatusPing HTTP/1.0" 200 19 dhcp-100-2-17.bos.redhat.com - uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot [19/Mar/2009:11:04:34 -0400] "POST /admin-serv/tasks/Configuration/ServerSetup HTTP/1.0" 200 134 I added a really brief section to the new admin server guide that mentions setting that parameter to perform DNS lookups and use hostnames in the logs: http://elladeon.fedorapeople.org/DirServer/8.1/admin-server/Administration_Server_Basics-Logging_Options.html#hostnames-ipaddresses An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |