Parameters of the LogFormat record format of apache website logs

Example

The code is as follows:	Copy code
ErrorLog "xxx/log/error2.log" LogFormat "% h % l % u % t" % r "%> s % B" % {Referer} I "" % {User-Agent} I "combined CustomLog "xxxx/log/logweb‑2.log" combined

Generated logs

 

The code is as follows:

Copy code

/Database/110/0 db40c45cfdb980cdffa1d0cffb2891c.htm HTTP/1.1 "200 2992"-"" YisouSpider" 118.186.139.156--[22/Nov/2013: 13: 42: 02 + 0800] "GET/favicon. ico HTTP/1.1 "200 1620"-"" Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0 )" 223.241.162.53--[22/Nov/2013: 13: 42: 02 + 0800] "GET/wy/jquery/37402.htm HTTP/1.1" 200 2910 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.20.1.97 Safari/537.11" 42.120.160.81--[22/Nov/2013: 13: 42: 02 + 0800] "GET/so/cookie % CA % A7 % D0 % A7 HTTP/1.1" 200 4227 "-" "YisouSpider" 42.156.136.81--[22/Nov/2013: 13: 42: 03 + 0800] "GET/show. php/111cn_103_cn.html? Id = 103 & page = 5 HTTP/1.1 "301 5629"-"" YisouSpider" 220.181.108.121--[22/Nov/2013: 13: 42: 03 + 0800] "GET/so/in http/1.1" 200 7223 "-" "Mozilla/5.0 (compatible; baiduspider/2.0; + http://www.baidu.com/search/spider.html )" 42.120.161.81--[22/Nov/2013: 13: 42: 03 + 0800] "GET/list-103-5/HTTP/1.1" 200 5616 "-" "YisouSpider"

After reading the parameters for half a day, I found some parameters about the LogFormat record format.

In the apache configuration file httpd. the conf file is generally similar to LogFormat "% h % l % u % t" % r "%> s % B" % {Referer} I "" % {User-Agent} I "" common logging format settings, so what does each parameter in this format mean? How can we set it to fully grasp the website access situation? Let me briefly describe the parameter meanings.
The request itself will be recorded by placing various "%" escape characters in the format string. When they are written to the log file, they are converted according to the definition in the following table:
% A remote IP address
% A local IP address
% B number of bytes transmitted except the HTTP header
% B indicates the number of bytes transmitted except the HTTP header in CLF format, that is, '-' rather than 0 is displayed when no bytes are transferred.
The content of cookieFoobar that % {Foobar} C sends to the server in the request.
% D the time used by the server to process this request, in microseconds.
% {FOOBAR} e environment variable FOOBAR value
% F file name
% H remote host
Protocol used by the % H request
% {Foobar} I content of the request header Foobar: sent to the server.
% L remote login name (provided by identd, if supported), a "-" will be obtained unless IdentityCheck is set to "On "-".
% M request method
% {Foobar} n is the content of the annotation Foobar from another module.
% {Foobar} o response header Foobar: content.
% P server serves the standard port of the request.
% P is the PID of the subprocess that serves the request.
% {Format} P serves the PID or TID (thread ID) of the request. The value range of format is pid and tid (2.0.46 and later versions) and hextid (APR1.2.0 or a later version is required)
% Q query string (if yes, "? "Boot; otherwise, an empty string is returned)
% R the first line of the request
% S status. For internal redirection requests, this status refers to the status of the original request, and-%> s refers to the status of the final request.
% T time, in common log time format (standard English format)
% {Format} t time, in the format specified by strftime (3. (By default, the local format is used)
% T the time taken to process the request, in seconds.
% U remote user name (based on authentication information; if the returned status (% s) is 401, it may be false)
The URL path of the % U request, excluding the query string.
% V standard ServerName that provides services for this request.
% V indicates the server name set according to the UseCanonicalName command.
% X connection status when the request is completed: X = the connection is interrupted before the response is completed.
+ = Keep the connection after the response is sent.
-= Close the connection after the response is sent.
(In versions later than 1.3, this command is % c, but this is in conflict with the previous SSL syntax: % {var} c)
The number of bytes received by % I, including the data in the request header, and cannot be zero. To use this command, you must enable the mod_logio module.
The number of bytes sent by % O, including the data in the request header, and cannot be zero. To use this command, you must enable the mod_logio module.
Modifier
You can add a comma-separated list of status codes next to "%" to restrict record entries. For example, "% 400,501 {User-agent} I" only records the User-agent header content when status code 400 and 501 occur. If the conditions are not met, use "-" instead. You can add "! "Prefix indicates no," %! 200,304,302 {Referer} I "records all the Referer header content different from the status code 200,304,302 when it occurs.
"<" And ">" modifiers can be used to specify whether to select the original request or the final request for a request that has been internally redirected. By default, % s, % U, % T, % D, % r use the original request, and all other format strings select the final request. For example, %> s can be used to record the final state of the request, while % <u records the original authenticated user of a request internally redirected to a non-authenticated resource.
Notes
For security reasons, special characters in % r, % I, and % o, except double quotation marks (") and backslash (), start from version 2.0.46 () escape with "and \, and escape with the C style (n, t, etc, escape non-printable characters and other special characters in xhh format (hh is the hexadecimal encoding of this character ). In versions earlier than 2.0.46, the content is fully recorded as is. This method will allow the client to insert control characters into the log, so be careful when processing these log files.
In version 2.0 (different from 1.3), strings in the format of % B and % B do not indicate the number of bytes sent to the client, it simply represents the number of HTTP response bytes (different from the former when the connection is interrupted or SSL is used ). The % O string provided by mod_logio records the actual number of bytes sent.
Example
Some common format strings:
General log format (CLF)
"% H % l % u % t" % r "%> s % B"
General log format with VM
"% V % h % l % u % t" % r "%> s % B"
NCSA extension/combined log format
"% H % l % u % t" % r "%> s % B" % {Referer} I "" % {User-agent} I ""
Referer log format
"% {Referer} I-> % U"
Agent (Browser) Log Format
"% {User-agent} I"
LogFormat "% h % l % u % t" % r "%> s % B" % {Referer} I "" % {User-Agent} I "" you can find the corresponding description on the parameters included in "" in common, the last common is actually an identifier in this format. When you apply this format to record logs, you can directly use the identifier, for example:
CustomLog logs/access_log common
A log file access_log recorded in common format is generated under logs.