Fossil SCM

Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online.

drh 2018-06-25 13:47 trunk
Commit a9e74eb311f315da24dbb7f1cc59d0f79f43a5cce51121fc109ec993c73f7b10
Parent b9121b4797a1563…
1 file changed +89
~ src/security_audit.c
M src/security_audit.c
+89
--- src/security_audit.c
+++ src/security_audit.c
@@ -325,10 +325,36 @@
325325
 @ which seems high. Is this server really a %d((int)r)-core machine?
326326
 }
327327
 }
328328
 #endif
329329
330
+ if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
331
+ @ <li><p>
332
+ @ <b>Caution:</b>
333
+ @ No server error log is defined. It is recommended that you establish
334
+ @ an error log on Fossil servers and monitor that log for problems.
335
+ @ To set up an error log:
336
+ @ <ul>
337
+ @ <li>If running from CGI, make an entry "errorlog: <i>FILENAME</i>"
338
+ @ in the CGI script.
339
+ @ <li>If running the "fossil server" or "fossil http" commands,
340
+ @ add the "--errorlog <i>FILENAME</i>" command-line option.
341
+ @ </ul>
342
+ }else{
343
+ FILE *pTest = fossil_fopen(g.zErrlog,"a");
344
+ if( pTest==0 ){
345
+ @ <li><p>
346
+ @ <b>Error:</b>
347
+ @ There is an error log at "%h(g.zErrlog)" but that file is not
348
+ @ writable and so no logging will occur.
349
+ }else{
350
+ fclose(pTest);
351
+ @ <li><p>
352
+ @ The error log at "<a href='%R/errorlog'>%h(g.zErrlog)</a>" that is
353
+ @ %,lld(file_size(g.zErrlog, ExtFILE)) bytes in size.
354
+ }
355
+ }
330356
331357
 @ </ol>
332358
 style_footer();
333359
 }
334360
@@ -368,5 +394,68 @@
368394
 @ <input type="submit" name="cancel" value="Cancel">
369395
 @ </form>
370396
371397
 style_footer();
372398
 }
399
+
400
+/*
401
+** The maximum number of bytes of log to show
402
+*/
403
+#define MXSHOWLOG 20000
404
+
405
+/*
406
+** WEBPAGE: errorlog
407
+**
408
+** Show the content of the error log. Only the administrator can view
409
+** this page.
410
+*/
411
+void errorlog_page(void){
412
+ login_check_credentials();
413
+ i64 szFile;
414
+ FILE *in;
415
+ long got;
416
+ char z[10000];
417
+ if( !g.perm.Setup && !g.perm.Admin ){
418
+ login_needed(0);
419
+ return;
420
+ }
421
+ style_header("Server Error Log");
422
+ if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
423
+ @ <p>There is no server error log!
424
+ @ <p>To create a server error log:
425
+ @ <ol>
426
+ @ <li><p>
427
+ @ If the server is running as CGI, then create a line in the CGI file
428
+ @ like this:
429
+ @ <blockquote><pre>
430
+ @ errorlog: <i>FILENAME</i>
431
+ @ </pre></blockquote>
432
+ @ <li><p>
433
+ @ If the server is running using one of
434
+ @ the "fossil http" or "fossil server" commands then add
435
+ @ a command-line option "--errorlog <i>FILENAME</i>" to that
436
+ @ command.
437
+ @ </ol>
438
+ style_footer();
439
+ return;
440
+ }
441
+ szFile = file_size(g.zErrlog, ExtFILE);
442
+ @ <p>The server error log at "%h(g.zErrlog)" is %,lld(szFile) bytes in size.
443
+ in = fossil_fopen(g.zErrlog, "rb");
444
+ if( in==0 ){
445
+ @ <p class='generalError'>Unable top open that file for reading!</p>
446
+ style_footer();
447
+ return;
448
+ }
449
+ if( szFile>MXSHOWLOG ){
450
+ @ Only the last %,d(MXSHOWLOG) bytes are shown.
451
+ fseek(in, -MXSHOWLOG, SEEK_END);
452
+ }
453
+ @ <hr>
454
+ @ <pre>
455
+ while( fgets(z, sizeof(z), in) ){
456
+ @ %h(z)\
457
+ }
458
+ fclose(in);
459
+ @ </pre>
460
+ style_footer();
461
+}
373462
--- src/security_audit.c
+++ src/security_audit.c
@@ -325,10 +325,36 @@
325 @ which seems high. Is this server really a %d((int)r)-core machine?
326 }
327 }
328 #endif
329
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
330
331 @ </ol>
332 style_footer();
333 }
334
@@ -368,5 +394,68 @@
368 @ <input type="submit" name="cancel" value="Cancel">
369 @ </form>
370
371 style_footer();
372 }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
373
--- src/security_audit.c
+++ src/security_audit.c
@@ -325,10 +325,36 @@
325 @ which seems high. Is this server really a %d((int)r)-core machine?
326 }
327 }
328 #endif
329
330 if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
331 @ <li><p>
332 @ <b>Caution:</b>
333 @ No server error log is defined. It is recommended that you establish
334 @ an error log on Fossil servers and monitor that log for problems.
335 @ To set up an error log:
336 @ <ul>
337 @ <li>If running from CGI, make an entry "errorlog: <i>FILENAME</i>"
338 @ in the CGI script.
339 @ <li>If running the "fossil server" or "fossil http" commands,
340 @ add the "--errorlog <i>FILENAME</i>" command-line option.
341 @ </ul>
342 }else{
343 FILE *pTest = fossil_fopen(g.zErrlog,"a");
344 if( pTest==0 ){
345 @ <li><p>
346 @ <b>Error:</b>
347 @ There is an error log at "%h(g.zErrlog)" but that file is not
348 @ writable and so no logging will occur.
349 }else{
350 fclose(pTest);
351 @ <li><p>
352 @ The error log at "<a href='%R/errorlog'>%h(g.zErrlog)</a>" that is
353 @ %,lld(file_size(g.zErrlog, ExtFILE)) bytes in size.
354 }
355 }
356
357 @ </ol>
358 style_footer();
359 }
360
@@ -368,5 +394,68 @@
394 @ <input type="submit" name="cancel" value="Cancel">
395 @ </form>
396
397 style_footer();
398 }
399
400 /*
401 ** The maximum number of bytes of log to show
402 */
403 #define MXSHOWLOG 20000
404
405 /*
406 ** WEBPAGE: errorlog
407 **
408 ** Show the content of the error log. Only the administrator can view
409 ** this page.
410 */
411 void errorlog_page(void){
412 login_check_credentials();
413 i64 szFile;
414 FILE *in;
415 long got;
416 char z[10000];
417 if( !g.perm.Setup && !g.perm.Admin ){
418 login_needed(0);
419 return;
420 }
421 style_header("Server Error Log");
422 if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
423 @ <p>There is no server error log!
424 @ <p>To create a server error log:
425 @ <ol>
426 @ <li><p>
427 @ If the server is running as CGI, then create a line in the CGI file
428 @ like this:
429 @ <blockquote><pre>
430 @ errorlog: <i>FILENAME</i>
431 @ </pre></blockquote>
432 @ <li><p>
433 @ If the server is running using one of
434 @ the "fossil http" or "fossil server" commands then add
435 @ a command-line option "--errorlog <i>FILENAME</i>" to that
436 @ command.
437 @ </ol>
438 style_footer();
439 return;
440 }
441 szFile = file_size(g.zErrlog, ExtFILE);
442 @ <p>The server error log at "%h(g.zErrlog)" is %,lld(szFile) bytes in size.
443 in = fossil_fopen(g.zErrlog, "rb");
444 if( in==0 ){
445 @ <p class='generalError'>Unable top open that file for reading!</p>
446 style_footer();
447 return;
448 }
449 if( szFile>MXSHOWLOG ){
450 @ Only the last %,d(MXSHOWLOG) bytes are shown.
451 fseek(in, -MXSHOWLOG, SEEK_END);
452 }
453 @ <hr>
454 @ <pre>
455 while( fgets(z, sizeof(z), in) ){
456 @ %h(z)\
457 }
458 fclose(in);
459 @ </pre>
460 style_footer();
461 }
462

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button