HOWTO: Logging

Authentication attempts are logged using syslog, if you're using the *_ALLOW configuration directives.

Since sitemaker now uses syslog, the rest is obsolete and kept only for historical purposes. However, it is a decent way to get password-protected mysites. You should use SSL if you do that. See the Secure Site howto

General Overview

Sometimes it is nice to know who has looked at what data via your 'mySites'. If some users have permissions to make changes to the data or are allowed to delete records, it is also nice to have a record of who made what changes and when. This HOWTO describes the steps required to get mySiteMaker to create log files that retain records of significant^* database queries as well as the user the made them for your mySites.

* Almost all queries are considered significant. An example of an insignificant query would be one of the behind the scenes queries that are involved to populate pulldown menus with values in the edit/add new records screens.

Step by Step Instructions

This may seem like a lot, but it's really not that bad... Also, keep in mind that a lot of the steps mentioned here require you to be acting as root.

Create the directory for where you want to put the "logging" version of mySiteMaker. Unless you know what you are doing, it's a good idea if this new directory is somewhere that your webserver can easily serve files from. Thus, depending on how you installed apache, you may want to put this new directory in /usr/local/apache/htdocs/ or /home/httpd/html/.
If you have already installed mySiteMaker then you are likely to already have mySiteMaker directories for the HTML files as well as the CGI scripts. For logging, you may choose to use the existing HTML directory, but you may wish to create a new directory. The reason for creating a new directory is because access to logging mySites is password restricted.
For example:
```
shell> mkdir /usr/local/apache/htdocs/mySites_logging
```
NOTE: This directory must exist before you attempt a "logging install" of mySiteMaker. We'll get to this in a bit.
Change the owner of the new directory, and everything inside of it, to be the user that runs the apache daemon. On redhat 6.X systems, this is usually 'nobody', on other systems this could be 'www-data', 'web' or 'apache'. For example:
```
shell> chown -R nobody /usr/local/apache/htdocs/mySites_logging
```
Change directories to the new directory. Just do this, it will make things easier. Example:
```
shell> cd /usr/local/apache/htdocs/mySites_logging
```
Create an .htaccess file. This is a text file that will cause apache to request valid usernames and passwords when someone tries to access any page within this directory. You can use your favorite text editor to create a file with the name ".htaccess". An example .htaccess file is given below. You will probably want to change the path to the file ".htpasswd", which we will create in the next step, to be something more meaningful. You can also change the "mySiteMaker: logging" string to be whatever you would like the user to see when they are asked for their username and password.
Example .htaccess file:
```
AuthUserFile /usr/local/apache/htdocs/mySites_logging/.htpasswd
AuthName "mySiteMaker: logging"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
```
Create an .htpasswd file. (or use Nafees' Apache mod_auth_any — This tool is nice because it allows you to use any command line program to authenticate users. This can eliminate the need to generate new passwords or to keep password files synchronized.)

Creating a new .htpasswd file is easy to do once you determine the location of the Apache password generating program, "htpasswd". On some systems it might be installed in "/usr/bin/htpasswd", or it could be in "/usr/local/apache/bin/htpasswd".

If it is installed "/usr/local/apache/bin/htpasswd", then to create the .htpasswd file you will need to run the command:
```
shell> /usr/local/apache/bin/htpasswd -c .htpasswd new_username
```
if it is installed in /usr/bin, then all you'll need to do is
```
shell> htpasswd -c .htpasswd new_username
```
The '-c' option tells the 'htpasswd' program that you want to create a new password file named '.htpasswd'. Once you have created the file, you can add additional users by just specifying the password file and leaving off the '-c'. For example, once the password file is created, you can just run the command this way:
```
shell> htpasswd .htpasswd another_username
```
Install MySiteMaker.
- When you are asked where the root CGI-BIN directory is, enter in the path to the directory we created earlier. (The reason we had to create this directory earlier is due to the fact that the install script will bomb out if the directory you specify for the root CGI-BIN does not exist.) For example:
```
Where is the root CGI-BIN directory? [/home/httpd/cgi-bin/] /usr/local/apache/htdocs/mySites_logging/
```
- When you are asked where you want the CGI files to be stored, enter in the same path you entered for the root CGI-BIN. For example:
```
Where should I store the CGI files? [/usr/local/apache/htdocs/mySites_logging/mySiteMaker/] /usr/local/apache/htdocs/mySites_logging
```
- When you are asked for the root HTML directory, just enter in the root HTML directory. For example:
```
Where is the root HTML directory? [/home/httpd/html/] /usr/local/apache/htdocs/
```
- When asked where to store the HTML files, enter in the same path you entered for the root CGI-BIN. For example:
```
Where should I store the HTML files? [/home/httpd/html/mySiteMaker/] /usr/local/apache/htdocs/mySites_logging/
```
Edit the access.conf file. NOTE: You could also make this change in the httpd.conf file, but it just seems cleaner if you do it in the access.conf file.
We need to configure apache so that we can execute the CGI scripts in the same directory that we also want to use to serve up HTML files. To do this simply add the following lines to the end of apache's access.conf (editing the path of course).
```
<Directory "/usr/local/apache/htdocs/mySites_logging">
    Options Indexes ExecCGI
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
```
Note: The option, "Indexes" listed in the "Options" list, will allow people to see all of the files in the directory if they don't specify any specific files in the URL to "mySites_logging". If you would rather this not be the case (i.e. you would rather only URLs that specify specific files be allowed, like "mySites_logging/new_site.html"), then remove the word "Indexes" from the list.
Edit the httpd.conf file. Make sure your httpd.conf file has "AddHandler cgi-script .cgi". In most default setups, this line will be commented out. Do a search for it and then uncomment it. Regardless of whether you have to uncomment it, add it yourself or if it is already there, make sure ".cgi" is in the list of handlers for cgi-scripts. Thus, make sure there is no comment before the line:
```
AddHandler cgi-script .cgi
```
Restart apache. This will cause apache to reload the configuration files that you just modified and thus the changes you made will take effect.
Once again, depending on how your copy of apache was installed, you will either have to specify the path to the "apachectl" program like this:
```
shell> /usr/local/apache/bin/apachectl restart
```
Or you will be able to restart apache like this:
```
shell> apachectl restart
```
Create the new site. Point your browser to http://your_site/mySites_logging/new_site.html and go to work!
Edit the new conf file. mySiteMaker will create a new conf file for the new mySite that you just created. We can find that new file in the "conf" directory (our example would be "/usr/local/apache/htdocs/mySites_logging/conf/"). You need to edit it to tell mySiteMaker the name of the log file you want to use.
Search for the variable "LOG_FILE" and enter in the name you want the log file to have (with a space between "LOG_FILE" and the file name.) For example:
```
LOG_FILE my_log.log
```
DONE!!! Try it out. Pat yourself on the back.