We run an F740 which is not licensed for HTTP. Nevertheless, it listens on port 80 and rejects all requests with a "503 HTTP not enabled", and also logs them in /etc/log/httpd.log. That's actually sometimes convenient, as it shows up hackers doing site-wide scans for WWW exposures, without them being too lost in noise.
However, there's a peculiarity about the way /etc/log/httpd.log is written which I would like to understand better. It seems as though entries are often not actually written for hours or even days, until a cluster of entries (typically those from our own "friendly probing" service!) fills up some sort of buffer.
Chris Thompson University of Cambridge Computing Service, Email: cet1@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QG, Phone: +44 1223 334715 United Kingdom.