Apache Scroll Log configuration

Apache log records, records for later check, part excerpt from Apache Chinese manual, translation Jin Bu

A typical record format is as follows:

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common 

It defines a particular record format string and gives it an alias common , where the "%" indicates that the server is replaced with some information, while the other characters are not replaced. quotation marks ( " ) must be escaped with a backslash to avoid being interpreted as the end of the string. The format string can also contain special controls, such as line break " \n ", "tab" \t .

CustomLogDirective establishes a new log file that uses the specified alias , unless its file name is an absolute path that begins with a slash, or its path is relative to ServerRoot the relative path.

The above configuration is a record format known as the Common Log format (CLF), which is used by many different Web servers and is recognized by many log analysis programs, resulting in a record shape such as:

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 

The sections of the record are described below:

127.0.0.1( %h ) sends a request to the server's client address IP, which is the proxy IP address if the client uses a proxy

-( %l ) This is the RFC1413 identity (identity) that is determined by the client identd process, and the symbol "-" in the output indicates that the information here is invalid. This information is often unreliable and should not be used unless it is in a tightly controlled internal network. IdentityCheck On Apache will try to get this information only when the command is set to

frank( %u ) This is the client ID (userid) that the HTTP authentication system gets to access the page, REMOTE_USER and the environment variable is set to that value and provided to the CGI script. If the status code is 401, indicating that the customer did not pass the authentication, this value is meaningless. If the page does not have password protection set, this entry will be " - ".

[10/Oct/2000:13:55:36 -0700]( %t ) This is the time when the server completes the request processing, in the format:[日/月/年:时:分:秒 时区]，可以在格式字符串中使用 %{format}t 来改变时间的输出形式


"GET /apache_pb.gif HTTP/1.0"( \"%r\" ) in quotation marks is a request line from a client that contains a lot of useful information. As can be seen, the action of the customer is GET that the requested resource is /apache_pb.gif , the protocol used is HTTP/1.0 . In addition, other information can be recorded, such as: The format string " %m %U%q %H " will record the action, path, query string, protocol, its output and " %r ".

200( %>s ) This is the status code returned to the client by the server

2326( %b ) This last item is the number of bytes returned to the client that do not include the response header. If no information is returned, the entry should be " - " and should be used if you want to record as " 0 " %B .

Combined log format (Combined log formats)

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/access_log combined

This format is similar to the common log format, but there are two more %{header}i items, the header of which can be any request header. This format is recorded in the form of:

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

Among them, the extra items are:

"http://www.example.com/start.html"( \"%{Referer}i\")

"Referer" request header. This entry indicates the page from which the request was submitted, and the page should contain /apache_pb.gif or be connected.

"Mozilla/4.08 [en] (Win98; I ;Nav)"( \"%{User-agent}i\")

"User-agent" request header.  This is the browser-aware information provided by the client.

log scrolling and pipeline logs

even if a server is not busy, its log files can be very informative, typically every 10,000 requests, the access log will increase by 1MB or more. This is necessary to periodically scroll the log files. Because Apache keeps the log file open and continues to write information, scrolling cannot be performed during the server's operation. After you move or delete a log file, you must restart the server for it to open a new log file

Apache httpd can pass access logs and error messages to another process through a pipeline, rather than writing to a file, which significantly increases the flexibility of the log because it does not require programming of the primary server. As long as the pipe operator "" followed by | an executable file name, you can make this program from the standard input device to obtain event records. Apache starts the pipeline log process at the same time, and during the run, if the process crashes, it restarts the process (so we call this technology "reliable pipeline logs").

The pipeline log process is generated by the Apache HTTPD of its parent process and inherits its permissions, which means that the pipeline process is usually run as root, so it is important to keep the program simple and secure.

An important use of the pipeline log is to allow the log to scroll without restarting the server. To do this, the server provides a simple programrotatelogs

CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common 

This configuration establishes the file "/var/logs/logfile.nnnn", where the nnnn is the system time at which the nominal log is started (this time is always a multiple of the scrolling time and can be used for synchronization with cron scripts). When the scrolling time arrives (in this case, after 24 hours), a new log is generated.

CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common 

This configuration scrolls the log file size when it grows to 5 megabytes

ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S.log 5M"

This configuration scrolls the log when the error log size grows to 5 megabytes, and the log file name suffix is created in the following format:errorlog.YYYY-mm-dd-HH_MM_SS

Apache Scroll Log configuration