This file is indexed.

/usr/sbin/split-logfile is in apache2-utils 2.4.29-1ubuntu4.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/perl
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# This script will take a combined Web server access
# log file and break its contents into separate files.
# It assumes that the first field of each line is the
# virtual host identity (put there by "%v"), and that
# the logfiles should be named that+".log" in the current
# directory.
#
# The combined log file is read from stdin. Records read
# will be appended to any existing log files.
#
use strict;
use warnings;

my %log_file = ();

while (my $log_line = <STDIN>) {
    #
    # Get the first token from the log record; it's the
    # identity of the virtual host to which the record
    # applies.
    #
    my ($vhost) = split (/\s/, $log_line);
    #
    # Normalize the virtual host name to all lowercase.
    # If it's blank, the request was handled by the default
    # server, so supply a default name.  This shouldn't
    # happen, but caution rocks.
    #
    $vhost = lc ($vhost) || "access";
    #
    # if the vhost contains a "/" or "\", it is illegal so just use 
    # the default log to avoid any security issues due if it is interprted
    # as a directory separator.
    if ($vhost =~ m#[/\\]#) { $vhost = "access" }
    #
    # If the log file for this virtual host isn't opened
    # yet, do it now.
    #
    if (! $log_file{$vhost}) {
        open $log_file{$vhost}, ">>${vhost}.log"
            or die ("Can't open ${vhost}.log");
    }
    #
    # Strip off the first token (which may be null in the
    # case of the default server), and write the edited
    # record to the current log file.
    #
    $log_line =~ s/^\S*\s+//;
    print {$log_file{$vhost}} $log_line;
}
exit 0;