Accessing logs from a website - Resolved

7 posts / 0 new
Last post
#1 Wed, 11/19/2008 - 23:50
tbirnseth

Accessing logs from a website - Resolved

How can I make the log files accessible from a sub-domain's public_html/${USER} directory?

I created a sub directory named 'logs'. In 'logs' directory (public_html/${USER}/logs) I created 2 sym-links to the error_log and the access_log and chown'd them to user:user with the -h option (so the links are changed rather than the files they point to).

However, when I try to access the logs from my application, the read fails.

Is there a trick? Or can the httpd.conf file be setup to allow the access via a <Directory> directive somehow?

I tried adding an .htaccess file to the logs directory containg: Options -Indexes IncludesNOEXEC FollowSymLinks ExecCGI allow from all

But that doesn't work either.

tony

Post edited by: tbirnseth, at: 2008/11/20 00:01<br><br>Post edited by: tbirnseth, at: 2008/11/20 07:39

Thu, 11/20/2008 - 04:25
andreychek

After you've added the .htaccess file, what error shows up in the logs when you try to access the files in the logs directory?
-Eric

Thu, 11/20/2008 - 06:51 (Reply to #2)
tbirnseth

No error is generated. I do an fread() of the log to reformat and display in my log viewer. It's a log listing along with my application's logs. So the fread() simply fails and I generate an error in my application.

I've tried owner:group of ezom:ezom (the owner of the sub-domain) and apache:apache of the sym-links. Neither solution seems to allow.

I reduced the .htaccess file to:
Options FollowSymLinks
allow from all

Would having the directive for 'SymLinksIfOwnerMatch' help? I would think that would be a secondary step since it would be more restrictive.

Thu, 11/20/2008 - 06:55 (Reply to #3)
andreychek

Ahh, then you aren't actually dealing with an Apache error.

The FollowSymlink option is only for when Apache is handling the read of the logs -- in this case, since the read is being done by your application, Apache is out of the loop.

In fact, at that point, you don't actually need to use symlinks -- try having your app open the files directly using /home/$USER/logs/error_log and see if you have more luck that way.
-Eric

Sun, 06/07/2009 - 07:32 (Reply to #4)
tbirnseth

Maybe a little further info is required...
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by &quot;\r\n&quot; so that becomes the record delimiter.

When I login as 'ezom' and try to do a 'more' of the error_log from an ssh, I get &quot;permission denied&quot;. I would normally assume that the file (with ownership of apache:apache) does not have the 'other' read bits on, but it does. The permissions on the 'logs' directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid 'ezom' in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x--- 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r--r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r--r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -&gt; /home/ezms/logs/access_log
-rw-r--r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -&gt; /home/ezms/logs/error_log
-rw-r--r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]

Sun, 06/07/2009 - 07:32 (Reply to #5)
tbirnseth

Maybe a little further info is required...
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by &quot;\r\n&quot; so that becomes the record delimiter.

When I login as 'ezom' and try to do a 'more' of the error_log from an ssh, I get &quot;permission denied&quot;. I would normally assume that the file (with ownership of apache:apache) does not have the 'other' read bits on, but it does. The permissions on the 'logs' directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid 'ezom' in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x--- 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r--r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r--r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -&gt; /home/ezms/logs/access_log
-rw-r--r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -&gt; /home/ezms/logs/error_log
-rw-r--r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]

Thu, 11/20/2008 - 07:23
tbirnseth

Well, I have no idea why, but chaning the sym-links to be relative rather than absolute resolves the problem!!!!
So the directory listing now looks like:
[code:1]
-sh-3.2$ ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:21 .
lrwxrwxrwx 1 ezom ezom 27 2008-11-20 09:21 access_log -&gt; ../../../../logs/access_log
-rw-r--r-- 1 ezom ezom 6399 2008-11-20 09:20 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 09:21 error_log -&gt; ../../../../logs/error_log
-rw-r--r-- 1 ezom ezom 6025 2008-11-20 09:20 genericOrderXML.txt
[/code:1]

Problem solved!

Topic locked