IBM Support

Logging SSL request information in the access log for IBM HTTP Server

Troubleshooting


Problem

The IBM HTTP Server implementation provides Secure Sockets Layer (SSL) environment variables that are configurable with the LogFormat directive in the httpd.conf file.

Resolving The Problem

The following examples illustrate how SSL environment variables can be used within the httpd.conf file to allow additional logging of SSL request information to the Web server access log.

For example: (install_root/conf/httpd.conf)

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b %{HTTPS}e %{SSL_CIPHER}e %{SSL_CLIENT_DN}e" SSL
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Listen 443
<VirtualHost 192.168.0.10:443>
ServerName www.mycompany.com
SSLEnable
SSLClientAuth Required
CustomLog logs/access.log SSL
</VirtualHost>

SSLDisable
KeyFile "c:\program files\ibm http server\key.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000

For example: (install_root/logs/access.log)

192.168.0.10 - - [29/Jul/2004:02:16:50 -0400] "GET / HTTP/1.1" 200 4757
ON SSL_RSA_WITH_RC4_128_SHA CN=jane Doe,O=ibm,C=US

192.168.0.10 - - [29/Jul/2004:02:16:50 -0400] "GET /HTTP_top_b.gif HTTP/1.1" 304  ON SSL_RSA_WITH_RC4_128_SHA CN=jane Doe,O=ibm,C=US

192.168.0.10 - - [29/Jul/2004:02:16:50 -0400] "GET /conf_serv_bttnOFFa.gif HTTP/1.1" 304
ON SSL_RSA_WITH_RC4_128_SHA CN=jane Doe,O=ibm,C=US

192.168.0.10 - - [29/Jul/2004:02:16:51 -0400] "GET /view_doc_bttnOFF_a.gif HTTP/1.1"304 ON SSL_RSA_WITH_RC4_128_SHA CN=jane Doe,O=ibm,C=US

192.168.0.10 - - [29/Jul/2004:02:16:51 -0400] "GET /visit_web_bttnOFF_a.gif HTTP/1.1"304 ON SSL_RSA_WITH_RC4_128_SHA CN=jane Doe,O=ibm,C=US

Reference key
%{HTTPS}e = ON  (OFF is displayed if HTTP)
%{SSL_CIPHER}e = SSL_RSA_WITH_RC4_128_SHA
%{SSL_CLIENT_DN}e = CN=jane Doe,O=ibm,C=US

For a listing of all available SSL environment variables, refer to the following infocenter links

Handshake environment variables
Server certificate environment variables
Client certificate environment variables

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022

UID

swg21176455

Page Feedback