Sean Conner sean at conman.org
Tue May 12 03:58:34 BST 2020
- - - - - - - - - - - - - - - - - - - ``` It was thus said that the Great Dave Huseby once stated: > On Mon, May 11, 2020, at 2:21 AM, Sean Conner wrote: > > > We should talk about logging formats some time. Molly Brown keeps logs > > > too (I keep meaning to make a nice graph showing the wave of traffice > > > that came in after we hit HN), in an ad-hoc format that doesn't match > > > yours below at all (unsurprisingly). Having a standard format would > > > facilitate tools to monitor/visualise logs. > > > > I log via syslog(), which handles the timestamps for me (and log rotation, > > and a whole bunch of other stuff related to logging). I place the name of > > the fields to make later processing a bit easier, but as far as I can tell, > > the only thing I log that you don't is the issuer and subject from any > > certificates presented, and that was to satisfy my own curiousity (and to > > potentially troubleshoot any issues). > > I think by default, any logging we do should be at a bare minimum and not > contain the IP address of the client or any other data that would link the > log line to them. I added logging to my hacked up version of Pollux but it > only logs which page was loaded and when. My purpose was to track basic > traffic and any errors that occur and nothing else. One misbehaving client on an IP address can present a headache by repeatedmaking requests and (especially if it's behind a larger pipe than yours)sawmp the server. By recording the IP address, it can be identified andblocked. Or a mishevaving client always makes the same request to a non-existantresource. I had this happen on my gopher server---some web bot kept tryingto fetch the main index.html page. Very annoying. Again, easy to block ifyou have the IP. -spc (Oooh, that reminds me, I have a bug to patch in GLV-1.12556 ... )