[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: logging: are we there yet?

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: 2005-08-02 16:21:30 CEST

Ben Collins-Sussman <sussman@collab.net> writes:

> > Wouldn't it be better to make logging independent of that?
>
> We already some variants of this idea, and ended up not liking them.
> Greg Hudson (and others) pointed out that the only trustworthy,
> interesting logging comes from servers. That's why we're advocating
> a server-centric design here, not a repository-centric design.
>
> For example: apache might serve a dozen different websites using
> VirtualHost. We don't see separate logfiles for each site, we see
> logfiles for *apache*. The same idea would go for svnserve. It has
> a single logfile, even though it may be serving a dozen repositories.
> The history of a single repository can be found by parsing the log.
>
> With a single logfile, you can view *all* accesses in one place, and
> also extract individual repository access histories. If each
> repository had its own logfile, then doing a security audit would be
> a real pain; you'd have to hunt down each logfile and scan it
> separately.

Ben, this may not be what you were talking about here, but I still
think that a mod_dav_svn logging subsystem should understand
httpd.conf directives for the log file locations and the log level,
just like mod_rewrite does. Doing so allows administrators to decide
if they want all their mod_dav_svn Subversion logs in one place, or if
they want to distribute them based on URLs. With Apache's cascading
configuration support, there's no point in *not* giving this
flexibility.

Your security audit complaint is bogus. Log file locations will never
be dynamically generated -- if they aren't listed in some Apache
configuration, they don't get used. So the set of logs can be
obtained by grepping for 'SVNAccessLog' and 'SVNErrorLog' in
httpd.conf and its included configuration files.

(And also, have you seen our own red-bean.com Apache configuration?
Lots of virtualhosts, each with their own access, ssl-access, and
error files).

> > What about repositories which are used with several access methods?
> >
>
> Then they get both apache and svnserve logs of activity. Bonus.
>
> (Besides, this is a small edge case. How many projects can you name
> that do this?)

Yeah, -1 on trying to make mod_dav_svn and svnserve share logs.
svnserve, as a Unix-y daemon, can use the Unix-y (syslog) logging
semantics. mod_dav_svn, as an Apache module, uses Apache logging
semantics.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 2 16:26:36 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.