IP bizarre dans les logs d'apache2

farias

# grep "^ip" /var/log/apache2/access.*.log  | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -f
     11 ip128.ip-51-75-236.eu
     11 ip130.ip-37-59-204.eu
     11 ip154.ip-51-75-236.eu
     11 ip208.ip-51-68-247.eu
     11 ip223.ip-94-23-188.eu
     12 ip130.ip-51-75-236.eu
     12 ip187.ip-5-39-109.eu
     13 ip209.ip-51-68-247.eu
     14 ip252.ip-5-39-1.eu
     16 ip230.ip-5-39-1.eu

Visiblement c’est AhrefsBot/7.0 .

Ma configuration pour les logs :

    ErrorLog ${APACHE_LOG_DIR}/error.munin.log
    CustomLog ${APACHE_LOG_DIR}/access.munin.log combined

farias

Configuration complète :

 /usr/sbin/apachectl -S
VirtualHost configuration:
*:8081                 is a NameVirtualHost
         default server my.cyber-neurones.org (/etc/apache2/sites-enabled/hugo-le-ssl.conf:2)
         port 8081 namevhost my.cyber-neurones.org (/etc/apache2/sites-enabled/hugo-le-ssl.conf:2)
         port 8081 namevhost sat.cyber-neurones.org (/etc/apache2/sites-enabled/humhub-le-ssl.conf:2)
*:443                  is a NameVirtualHost
         default server aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures-le-ssl.conf:27)
         port 443 namevhost aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures-le-ssl.conf:27)
         port 443 namevhost fit.cyber-neurones.org (/etc/apache2/sites-enabled/fit-le-ssl.conf:2)
         port 443 namevhost git.cyber-neurones.org (/etc/apache2/sites-enabled/git-le-ssl.conf:27)
         port 443 namevhost glance.cyber-neurones.org (/etc/apache2/sites-enabled/glance-le-ssl.conf:2)
         port 443 namevhost my.cyber-neurones.org (/etc/apache2/sites-enabled/hugo-le-ssl.conf:2)
         port 443 namevhost sat.cyber-neurones.org (/etc/apache2/sites-enabled/humhub-le-ssl.conf:2)
         port 443 namevhost insta.cyber-neurones.org (/etc/apache2/sites-enabled/insta-le-ssl.conf:2)
         port 443 namevhost lemmy.cyber-neurones.org (/etc/apache2/sites-enabled/lemmy-le-ssl.conf:2)
         port 443 namevhost pe1800ip.cyber-neurones.org (/etc/apache2/sites-enabled/pe1800ip-le-ssl.conf:2)
         port 443 namevhost photos.cyber-neurones.org (/etc/apache2/sites-enabled/photo-le-ssl.conf:2)
         port 443 namevhost webanalyse.cyber-neurones.org (/etc/apache2/sites-enabled/webanalyse-le-ssl.conf:28)
*:8080                 is a NameVirtualHost
         default server aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures.conf:1)
         port 8080 namevhost aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures.conf:1)
         port 8080 namevhost fit.cyber-neurones.org (/etc/apache2/sites-enabled/fit.conf:1)
         port 8080 namevhost git.cyber-neurones.org (/etc/apache2/sites-enabled/git.conf:1)
         port 8080 namevhost glance.cyber-neurones.org (/etc/apache2/sites-enabled/glance.conf:1)
         port 8080 namevhost my.cyber-neurones.org (/etc/apache2/sites-enabled/hugo.conf:1)
         port 8080 namevhost sat.cyber-neurones.org (/etc/apache2/sites-enabled/humhub.conf:1)
         port 8080 namevhost munin.cyber-neurones.org (/etc/apache2/sites-enabled/munin.conf:1)
         port 8080 namevhost pe1800ip.cyber-neurones.org (/etc/apache2/sites-enabled/pe1800ip.conf:1)
         port 8080 namevhost photos.cyber-neurones.org (/etc/apache2/sites-enabled/photo.conf:1)
         port 8080 namevhost webanalyse.cyber-neurones.org (/etc/apache2/sites-enabled/webanalyse.conf:1)
*:80                   is a NameVirtualHost
         default server aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures.conf:1)
         port 80 namevhost aventures.cyber-neurones.org (/etc/apache2/sites-enabled/aventures.conf:1)
         port 80 namevhost fit.cyber-neurones.org (/etc/apache2/sites-enabled/fit.conf:1)
         port 80 namevhost git.cyber-neurones.org (/etc/apache2/sites-enabled/git.conf:1)
         port 80 namevhost glance.cyber-neurones.org (/etc/apache2/sites-enabled/glance.conf:1)
         port 80 namevhost my.cyber-neurones.org (/etc/apache2/sites-enabled/hugo.conf:1)
         port 80 namevhost sat.cyber-neurones.org (/etc/apache2/sites-enabled/humhub.conf:1)
         port 80 namevhost munin.cyber-neurones.org (/etc/apache2/sites-enabled/munin.conf:1)
         port 80 namevhost pe1800ip.cyber-neurones.org (/etc/apache2/sites-enabled/pe1800ip.conf:1)
         port 80 namevhost photos.cyber-neurones.org (/etc/apache2/sites-enabled/photo.conf:1)
         port 80 namevhost webanalyse.cyber-neurones.org (/etc/apache2/sites-enabled/webanalyse.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex fcgid-pipe: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

farias

J’ai dans apache2.cfg :

HostnameLookups Off

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

farias

Je viens de modifier la configuration :

    ErrorLog ${APACHE_LOG_DIR}/error.munin.log
#    CustomLog ${APACHE_LOG_DIR}/access.munin.log combined
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common2
    CustomLog ${APACHE_LOG_DIR}/access.munin.log common2

J’ai mis ‘%a’ à la place de ‘%h’

NodeBB

IP bizarre dans les logs d'apache2