[nycphp-talk] logwatch "2 200 responses" issue
csnyder
chsnyder at gmail.com
Wed Mar 22 13:08:04 EST 2006
On 3/22/06, Matt Morgan <matt at jiffycomp.com> wrote:
> This is php-related in that lots of php-based web applications (more
> than one wiki, drupal, mambo & maybe joomla) share the issue. Although
> it may not really be a php problem. I've also seen it in htdig, the open
> source web indexing/searching tool. Has anybody seen it & dealt with it?
>
> Here's the issue. Logwatch, which I have installed on some CentOS 4.2
> and Fedora Core 3 & 4 servers that I help out with, reports on many
> funny log entries. It's a great example of how Unix/Linux admin has
> gotten lots better since I started out. Among the entries it likes to
> keep me informed of is this http response code issue, generated by a
> chat module in drupal:
>
> -------
> A total of 11934 unidentified 'other' records logged
> with response code(s)
> GET /chatbox/text?nickname=jtrant&limit=30&lastrefresh=1142823531
> HTTP/1.1 with response code(s) 2 200 responses
> GET /chatbox/nicklist&forcerefresh=9317 HTTP/1.1 with response code(s)
> 2 200 responses
> --------
>
> The problem is the "2 200 responses." Is that one page returning two
> success codes? I don't really know where it comes from. Anyway, I've
> seen this before, but when it goes on for 12000 messages, the logwatch
> reports are too big and too hard to read.
>
> According to some googling I've done, one may edit logwatch's http
> script and tell it to filter using some other method. But that sounds
> hard (an endless road of modifying the script every time a new app comes
> out?) and I have a feeling this is not really logwatch's fault--where
> does that funny http response code come from, and why is it getting more
> and more common? On this page
>
> https://www.redhat.com/archives/fedora-list/2004-December/msg05044.html
>
> someone attempts an explanation, but it doesn't sound realistic to me
> (unless I just don't understand what he means).
>
> Thanks,
> Matt
In theory it means two HTTP 200 responses. They aren't "funny" -- the
200 response code means a successful request.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
In my opinion, the reporting of HTTP 200 responses is a bug -- why
does any admin care about successful responses? I emailed the logwatch
authors about this in January but got no response. I even tried
hacking the script myself, but I wasn't successful.
If you come up with a solution, please let me know.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list