Oct 242012

If you’re being careful and monitoring your Apache HTTPD services to verify that they’re up and serving their pages correctly, then you may find that you get a lot of unnecessary event messages from your monitoring agent in the apache log file. After all, where your logs are concerned, you’re really only interested in actual client connections, and not Nagios checking in every 5 minutes.

It’s simple enough to just filter out all events meeting certain criteria, and then just exclude these lines from the log. To do so, ensure that the SetEnvIf module is enabled, check for this line in /etc/httpd/conf/httpd.conf:

  LoadModule setenvif_module modules/mod_setenvif.so

The documentation for the SetEnvIf module is here, and describes all options and presents examples.

In my case, I wanted to exclude from my Apache HTTPD logging any lines generated by the regular status checks done by either Nagios or the Stingray Zeus Load Balancer. While each of these has a particular IP address which could be used as the exclusion criteria, I wanted to create a more reusable configuration that could be used in different environments. Fortunately, the documentation illustrates that one can also match on the User-Agent string.

TO find out what user-agent strings that the Nagios daemon and Load Balancer were using, I changed the Apache LogFormat from “common”, which I generally use, to “combined”, which also specifies the User-Agent, under “%u”. This showed that Nagios takes a User-Agent string from it’s check command, in this case “check_http/v1.4.15 (nagios-plugins 1.4.15)”, whereas the Stingray Zeus Load Balancer registers as “HTTP-Monitor/1.1”. For brevity, I matched on just the first part of each, and altered my configuration to look like this:

	ServerName www.example.com
	SetEnvIf User-Agent "^HTTP-Monitor" dontlog
        SetEnvIf User-Agent "^check_http" dontlog
  	ErrorLog logs/errors.log
  	CustomLog logs/access.log common env=!dontlog

The relevant lines being with “SetEnvIf” which mean that any events with User-Agents matching the regex will get assigned to an environment of “dontlog”. Then, in the CustomLog line, I simply tell it to ignore any events with the environment “dontlog”.

Reload the Apache config, and that’s about it. Now, my logs are significantly smaller, and free of all the background noise of keep-alives and status pings.

Matt Parsons is a freelance Linux specialist who has designed, built and supported Unix and Linux systems in the finance, telecommunications and media industries.

He lives and works in London.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>