0

I am trying to use a piped CustomLog to filter my logs:

httpd.conf:

CustomLog "|/bin/sed -r s/pass/REDACTED/g >> /workplace/tmp/access.log" common

However, when I make a request to Apache, I get an error saying 

/bin/sed: can't read >>: No such file or directory

What am I doing wrong here? (It seems others have been able to use piped CustomLog like this)

Community
  • 1
  • 1
Debajit
  • 46,327
  • 33
  • 91
  • 100

3 Answers3

4

I just solved this and thought I should put an update here even though this thread is old.

First, the poster above who suggested that the input file was missing is not correct. There is no input file. Apache is sending the logging messages to sed through a pipe, not through a file.

The trick here is to tell apache to launch a shell for the sed command. Without launching a shell, the ">>" has no special meaning and is treated like a filename. To tell apache to launch a shell for the sed, you append a "$" after the pipe symbol like this:

CustomLog "|$/bin/sed s/'creditCardPAN=[^ ]*'/'creditCardPAN=REDACTED'/ >>logs/ssl_access_log" PaymentLogFormat
Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168
Andy Barclay
  • 41
  • 2
0

I think you are missing the input file. Should be :

sed -r s/pass/REDACTED/g myInputFile.txt >> /workplace/tmp/access.log
ventsyv
  • 3,316
  • 3
  • 27
  • 49
0

for our PCI-DSS compliance, I remove every 16 digit sequence from log before writing it with this customlog

CustomLog '|$/usr/bin/sed -r \"s:\([345][0-9]{5}\)\([0-9]{6}\)\([0-9]{4}\):\\\1******\\\3:g\" >> logs/access_log' common

PS: I don't check luhn checksum

checks

curl https://<instance>/A3000001111112222B -> GET /A300000******2222B

curl https://<instance>/A32345612345612343234561234561234B -> GET /A323456******1234323456******1234

Arnaud Grandville
  • 859
  • 8
  • 10