mod_log_data

Mod_log_data

Description

mod_log_data is a module for Apache 2.0, logging incoming and outgoing data.
This module can be used for debug or for security.
This beta version include one filter dumping the POST data for an
incoming request, and a filter dumping the outgoing data.

Download

Last Version on CVS
Latest package

Install

apxs -c -i -a mod_log_data.c

Configure

SetInputFilter	LOG_INCOMING_DATA
SetOutputFilter LOG_OUTGOING_DATA


To use the module for security and due to big log size, you should enable it
only on web app with the "directory" or "location" directives.

ex:

"<"Location /cgi-bin/register.cgi">"
SetInputFilter  LOG_INCOMING_DATA
SetOutputFilter LOG_OUTGOING_DATA
LogDataDisplayHdrs On
"<"/Location">"

Options:

LogDataDisplayHdrs On			(display incoming and outgoing headers)
LogDataLineLen      	 	(len of the log line on the logs)
LogDataMaxBrigades  		(number of brigades to log)
LogDataMaxBuckets 		(number of buckets to log in each brigades)

Example of output

headers: 

[Wed Apr 16 10:23:43 2003] [debug] mod_log_data.c(279): Logging Incoming data
[Wed Apr 16 10:23:43 2003] [debug] mod_log_data.c(293): Dump Incoming Headers
[Wed Apr 16 10:23:43 2003] [notice] HEADER[0]: Accept = */*
[Wed Apr 16 10:23:43 2003] [notice] HEADER[1]: Accept-Language = fr
[Wed Apr 16 10:23:43 2003] [notice] HEADER[2]: Accept-Encoding = gzip, deflate
[Wed Apr 16 10:23:43 2003] [notice] HEADER[3]: User-Agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M)
[Wed Apr 16 10:23:43 2003] [notice] HEADER[4]: Host = 192.168.100.1
[Wed Apr 16 10:23:43 2003] [notice] HEADER[5]: Cookie = vgnvisitor=CM6EM0000Wg000dAfDYeJl8tl7; nomducookie=valeurducookie
[Wed Apr 16 10:23:43 2003] [notice] HEADER[6]: Max-Forwards = 10
[Wed Apr 16 10:23:43 2003] [notice] HEADER[7]: X-Forwarded-For = 192.168.100.3
[Wed Apr 16 10:23:43 2003] [notice] HEADER[8]: X-Forwarded-Host = 192.168.100.1
[Wed Apr 16 10:23:43 2003] [notice] HEADER[9]: X-Forwarded-Server = 192.168.100.1

data:

[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(267): Seems to be the first brigade - creating data log
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(279): Logging Incoming data
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(309): Entering brigade 1
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(335): Dumping bucket 1: 674 bytes
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(208): line len is 65
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): -----------------------------7d34d3a701f8..Content-Disposition:.
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): form-data;.name="toto"......-----------------------------7d34d3a
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): 701f8..Content-Disposition:.form-data;.name="f1";.filename=""..C
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): ontent-Type:.application/octet-stream......---------------------
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): --------7d34d3a701f8..Content-Disposition:.form-data;.name="f2";
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): .filename="C:\Documents.and.Settings\me\Bureau\Test_dump.txt"..C
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): ontent-Type:.text/plain....Test.dump.incoming.data..123456789..T
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): est.dump.incoming.data..123456789..Test.dump.incoming.data..1234
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): 56789..Test.dump.incoming.data..123456789..Test.dump.incoming.da
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(230): ta..123456789..Test.dump.incoming.data..123456789....-----------
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(239): ------------------7d34d3a701f8--..
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(350): End Logging - Removing log filter
[Wed Apr 16 10:30:29 2003] [debug] mod_log_data.c(352): Read 674 bytes of incoming data in 1 brigade(s) and 1 bucket(s)

Contact: nitro@moresecurity.org

Last Update: 24 April 2003