Bug 143267 - scripts/services/http no longer obeys HTTP_IGNORE_ERROR_HACKS
Summary: scripts/services/http no longer obeys HTTP_IGNORE_ERROR_HACKS
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-17 21:16 UTC by Gilbert E. Detillieux
Modified: 2007-11-30 22:10 UTC (History)
0 users

Clone Of:
Last Closed: 2005-06-28 07:52:51 UTC

Attachments (Terms of Use)
Add support for HTTP_IGNORE_NONERROR_HACKS (1.46 KB, patch)
2004-12-17 21:19 UTC, Gilbert E. Detillieux
no flags Details | Diff

Description Gilbert E. Detillieux 2004-12-17 21:16:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)

Description of problem:
/etc/log.d/conf/services/http.conf is supposed to suppress output of
4xx and 5xx level error responses. It used to, but a patch was applied
to /etc/log.d/scripts/services/http sometime afterlogwatch-5.1-3
(FC2), which broke this.  This is evidenced by the stray http.orig
file that stuck around (for some reason) in the logwatch-5.2.2-1 (FC3)
and logwatch-5.2.2-3 (devel) packages...

--- /etc/log.d/scripts/services/http.orig       2004-12-03
08:15:38.000000000 -0600
+++ /etc/log.d/scripts/services/http        2004-08-31
17:37:03.000000000 -0500
@@ -301,7 +301,7 @@
       if (!$isahack ) {
          if ( !$ignore_error_hacks ) {
             $needs_exam{$field{request}} .= $field{http_rc}." ";
-         } elsif ( $field{http_rc} < 400 ) {
+         } elsif ( $field{http_rc} >= 400 ) {
             $needs_exam{$field{request}} .= $field{http_rc}." ";

Version-Release number of selected component (if applicable):
logwatch-5.2.2-1 and -3

How reproducible:

Steps to Reproduce:
1. Set $HTTP_IGNORE_ERROR_HACKS=1 in /etc/log.d/conf/services/http.conf
2. Run /etc/cron.daily/00-logwatch on an httpd/access_log with 4xx
and/or 5xx response codes on requests that fall into the script's
"other" category
3. Examine results of logwatch's httpd report, under the heading of "A
total of N unidentified 'other' records logged"

Actual Results:  The requests with response codes >= 400 are listed,
but those with response codes < 400 are not.

Expected Results:  According to the comments in
/etc/log.d/conf/services/http.conf, it should be the other way around.

Additional info:

I can see the need to suppress response codes < 400.  For example,
when I run htDig against my http server, I get a lot of spurious
requests listed, with 200 response codes, for files that were
requested but that ended up falling into the script's "other"
category.  (This is what got me investigating this in the first place.)

However, what's really needed is a second variable, say
HTTP_IGNORE_NONERROR_HACKS, to controls this, rather than inverting
the logic of the "elseif" test in the script.  The patch to implement
this is rather straightforward...

Comment 1 Gilbert E. Detillieux 2004-12-17 21:19:46 UTC
Created attachment 108820 [details]

Comment 2 Ivana Varekova 2005-06-28 07:52:51 UTC
This bug is fixed in the current fc version (logwatch-6.1.2-1).

Note You need to log in before you can comment on or make changes to this bug.