User field not fourth in httpd logs

[blixuga]

OOD Version:

[root@ondemand httpd]$ rpm -qa |egrep -i ondemand
ondemand-passenger-6.0.14-1.ood3.0.0.el8.x86_64
ondemand-apache-3.0.0-1.el8.x86_64
ondemand-runtime-3.0.0-1.el8.x86_64
ondemand-release-web-3.0-1.noarch
ondemand-gems-3.0.1-1-3.0.1-1.el8.x86_64
ondemand-nginx-1.20.2-1.p6.0.14.ood3.0.0.el8.x86_64
ondemand-3.0.1-1.el8.x86_64
ondemand-nodejs-3.0.0-1.el8.x86_64
ondemand-ruby-3.0.0-1.el8.x86_64

https://github.com/OSC/ood-reporting-utils/blob/acbe466a32d32968b4c82d46b8342b10c6b49a8b/count_ood_users.sh#L35

Changing the awk to $3 instead of $4 reads our httpd log correctly. Fourth field on our logs is a timestamp.

[johrstrom]

Are you using the default httpd log format? I don't know if we are or not, but will check now.

[blixuga]

Are you using the default httpd log format? I don't know if we are or not, but will check now.

We have not changed anything in the httpd conf files, and the log format section(s) of our ood_portal.yml are commented out. (Default)

[johrstrom]

I don't think we change the logformat either which is odd. What httpd version & OS are you on? Maybe they changed the format (doesn't seem likely)?

[~()]  httpd -v
Server version: Apache/2.4.37 (Red Hat Enterprise Linux)
Server built:   Aug 30 2023 11:01:53
[~()]  grep VERSION /etc/os-release
VERSION="8.8 (Ootpa)"
VERSION_ID="8.8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.8
REDHAT_SUPPORT_PRODUCT_VERSION="8.8"

[blixuga]

[root@ondemand ~]$ httpd -v
Server version: Apache/2.4.37 (rocky)
Server built:   May 17 2023 16:27:49
[root@ondemand ~]$ grep VERSION /etc/os-release
VERSION="8.8 (Green Obsidian)"
VERSION_ID="8.8"
ROCKY_SUPPORT_PRODUCT_VERSION="8.8"
REDHAT_SUPPORT_PRODUCT_VERSION="8.8"

[johrstrom]

Could Rocky be giving a different default log format? I think I found ours on RHEL here.

[~()]  grep -r Log /etc/httpd/
/etc/httpd/conf/httpd.conf:LogFormat "%h %{Host}i %l %u %{local}p %t \"%r\" \"%q\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %D" combined

[blixuga]

Looks like your config has an extra item %{Host}i vs. the one I have. The timestamp on this conf file has not been updated since install.

/etc/httpd/conf/httpd.conf:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Some package info:

[root@ondemand ~]$ rpm -qf /etc/httpd/conf/httpd.conf 
httpd-2.4.37-56.module+el8.8.0+1284+07ef499e.6.x86_64

[root@ondemand ~]$ dnf info httpd
Rocky Linux 8 - AppStream                                                                                                         13 MB/s |  12 MB     00:00    
Rocky Linux 8 - BaseOS                                                                                                            12 MB/s | 7.2 MB     00:00    
Rocky Linux 8 - Extras                                                                                                            51 kB/s |  14 kB     00:00    
Rocky Linux 8 - PowerTools                                                                                                       3.1 MB/s | 2.9 MB     00:00    
TurboVNC official RPMs                                                                                                            55 kB/s | 309 kB     00:05    
cuda-rhel8-x86_64                                                                                                                7.9 MB/s | 2.7 MB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                                                                                   4.1 MB/s |  16 MB     00:03    
lustre-client                                                                                                                     89 kB/s |  63 kB     00:00    
Open OnDemand Web Repo                                                                                                           1.4 MB/s | 834 kB     00:00    
Installed Packages
Name         : httpd
Version      : 2.4.37
Release      : 56.module+el8.8.0+1284+07ef499e.6
Architecture : x86_64
Size         : 4.3 M
Source       : httpd-2.4.37-56.module+el8.8.0+1284+07ef499e.6.src.rpm
Repository   : @System
From repo    : appstream
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient, and extensible
             : web server.

[johrstrom]

OK - I'll have to enhance this to maybe detect the LogFormat.

[blixuga]

OK - I'll have to enhance this to maybe detect the LogFormat.

I think that's a great idea!

[johrstrom]

I have a patch in #4 - can you switch to that branch and see if it discovers the correct LogFormat for you?

[blixuga]

I have a patch in #4 - can you switch to that branch and see if it discovers the correct LogFormat for you?

Something changed that is causing the .sh script to try and use the wrong log file directory. Our install puts log files in /var/log/httpd/

Here is an output from running the if statements with -x:

+ source /etc/os-release
++ NAME='Rocky Linux'
++ VERSION='8.8 (Green Obsidian)'
++ ID=rocky
++ ID_LIKE='rhel centos fedora'
++ VERSION_ID=8.8
++ PLATFORM_ID=platform:el8
++ PRETTY_NAME='Rocky Linux 8.8 (Green Obsidian)'
++ ANSI_COLOR='0;32'
++ LOGO=fedora-logo-icon
++ CPE_NAME=cpe:/o:rocky:rocky:8:GA
++ HOME_URL=https://rockylinux.org/
++ BUG_REPORT_URL=https://bugs.rockylinux.org/
++ SUPPORT_END=2029-05-31
++ ROCKY_SUPPORT_PRODUCT=Rocky-Linux-8
++ ROCKY_SUPPORT_PRODUCT_VERSION=8.8
++ REDHAT_SUPPORT_PRODUCT='Rocky Linux'
++ REDHAT_SUPPORT_PRODUCT_VERSION=8.8
+ [[ rhel centos fedora == \f\e\d\o\r\a ]]
+ HTTPD_DIR=/var/log/apache2
+ ETC_DIR=/etc/apache2

If I force the HTTPD_DIR=/var/log/httpd the script runs correctly and reports correct count. Tried the ruby version and got a count of zero back, so I'm assuming it is using the wrong log dir as well.

[johrstrom]

OK looks like that should be ~= (or similar bash like) instead of ==

[johrstrom]

I have a fix coming for that in #5.