What is the Apache 2 error log timestamp format? - apache2

I am trying to add an Apache Error Log configuration to Goaccess, and I'm stuck on the timestamp format. My current guess is %a %b %e %H:%M:%S %Y, but apparently that is incorrect, since it gives me error Token 'Sun Sep 11 09:51:43.343399 2022' doesn't match specifier '%t'. Can anyone tell me the default time stamp format?
EDIT:
I had previously changed the log format to [%t] [%l] [pid %P] %F: %E: [client %a] %M, if that helps.

Try this format:
%a %b %d %H:%M:%S%f %Y
If it doesn't work try this:
%{%a %b %d %H:%M:%S%f %Y}t
Found on this page.

Related

FREETDS Dateformat issues

Below SQL statement
SELECT getdate()
go
When I run from SQL Server management studio it gives
"Jul 27 2016 22:00:00.860"
When I run the same from sqsh it gives
"Jul 27 2016 10:00PM"
sqsh uses freetds to connect to SQL server from my linux box. I have a C program which uses freetds and it will work fine when date is retrieved in 24hour format.
I guess there are settings for freetds to get date in required format, can someone please suggest how to accomplish that by freetds settings.
Here's what I just did on my ubuntu linux box:
Type this command at the bash shell: locale My result (shortened): LANG=en_US
Copy locales.conf file to the config directory: sudo cp /usr/share/doc/freetds-common/examples/locales.conf /etc/freetds/
open the /etc/freetds/locales.conf file in an editor
comment out the old date format defined in the locales.conf file (I've used ";" as a comment char), copy the line
Define a date format that you need in the corresponding section of the locales.conf file
[en_US]
;date format = %b %e %Y %I:%M:%S:%z%p
date format = %Y-%m-%d %H:%M:%S
restart your web server process
Now I get from sqsh:
SELECT getdate();
: 2016-08-01 11:37:45
Currently, the default date format returned by FreeTDS is configured in the locales.conf file. See http://www.freetds.org/userguide/locales.htm for details.

How to get local (regional) date format in linux?

is it possible (if so, how?) to get local (regional) date format? Ideally in cross-platform way, otherwise at least Linux for start would be enough.
What am I talking about: For example this line when executed in terminal returns date (and time) formatted in local (regional) manner:
date +"%c"
What I would like to have instead of the numbers is the form in which this is displayed, for example if I set my regional setting to Lithuanian ones I get:
2016 m. birželio 27 d. 19:06:11
So I would like to get this instead of the above:
YYYY MM DD
If I set regional settings to US ones:
Mon 27 Jun 2016 07:09:24 PM EEST
In this case instead of the above I would like to get:
DD MM YYYY
Meaning - not the actual numbers, but how local(regional) date is formatted.
I later want to use this information for input/output operations facing user
While Joachims hint is correct, here a solution for your original question.
Just enter in bash:
locale -k LC_TIME | grep ^d_fmt | cut -d= -f2
If you need the time format instead of the date format, use t_fmt instead of d_fmt, and for the combined date/time format use d_t_fmt

Keep mod_security messages out of Apache's error_log, letting it use a separate file

Having set up a new server, I'm now running v2 of mod_security. I was able to convert all my rules to the new format, and everything seems to run fine so far. Just one thing I didn't manage is to have mod_security using its own logs (instead of logging to Apache's error_log). With v1.9 I was at least able to duplicate the messages, defining an additional log file with
CustomLog /path/to/modsec_log "%h %l %u %t \"%r\" %>s %b %{mod_security-message}i" env=mod_security-relevant
But not even that works anymore. I couldn't find anything browsing the questions tagged mod-security2, aunt Google didn't turn up any useful hints either. Is there anything I might have missed?
Do you mean the audit and debug logs? I have them set at modsec2.conf like this
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
In the modsecurity_crs_10_setup.conf file (on my configuration under /usr/share/modsecurity-crs) you can disable the logs on Apache error.log
# -- [[ Alert Logging Control ]] --
# You have three options -
#
# - To log to both the Apache error_log and ModSecurity audit_log file use: "log"
# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog"
# - To log *only* to the Apache error_log file use: "log,noauditlog"
Just change SecDefaultAction to
SecDefaultAction "phase:1,deny,nolog,auditlog"
Set the Logpath in the modsecurity.conf file as follows:
SecAuditLog /root/...path../logs/modsec_audit.log ( Relative Path )

How Do I run ulimit -c unlimited automatically

I am trying to provide support for coredump file generation from my rootfs ,I have modified /etc/limits file with "ulimit -c unlimited" command and "* hard core -1" ,Now when I give kill -6 $$ ,expecting core file generation but to get this core file have to run ulimit -c unlimited explicitly .
But I want it to happen automatically , no need to run ulimit -c unlimited it again in shell.
Can anybody tell me what changes I have to make for the same to happen
From a program you can use setrlimit(RLIMIT_CORE, ...) to set the core file's maximum size. To specify an infinite size pass RLIM_INFINITY.
For details on this please read here: http://manpages.debian.net/cgi-bin/man.cgi?query=getrlimit&sektion=2
Using the sysctl command you can do
sysctl kernel.core_pattern=/var/core/core.%p
to have the kernel create cores named core.<pid> in /var/core.
Adding kernel.core_pattern=/var/core/core.%p to /etc/sysctl.conf makes it permanent. (run sysctl -p to process your changes to /etc/sysctl.conf)
Besides %p (for the process id) there are other placeholders as follows (taken from here):
%% a single % character
%p PID of dumped process
%u (numeric) real UID of dumped process
%g (numeric) real GID of dumped process
%s number of signal causing dump
%t time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)
%h hostname (same as nodename returned by uname(2))
%e executable filename (without path prefix)
%E pathname of executable, with slashes ('/') replaced by exclamation marks ('!').
%c core file size soft resource limit of crashing process (since Linux 2.6.24)

How to print time in "dd mm yyyy hh mm sec" format in LINUX / C

I am generating an XML file using libxml2. In one of the tags i want to put the current time in "dd mm yyyy hh mm sec" format.
My dev environment is C/LINUX.
Thanks !
Use strftime. Check the manual page for details.

Resources