Apache Logformat Parameter Description

In the Apache configuration file httpd.conf, there are generally similar to Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" Common Logging format settings , then what is the meaning of each parameter in this format, and how can it be set up to fully grasp the site's access? Below I will be the parameter meaning, simply say.

The condition of the request itself is recorded by placing various "%" escape characters in the format string, which are converted according to the definition of the following table when writing to the log file:

% a remote IP address
% A native IP address
% B bytes transmitted in addition to the HTTP header
%B the number of bytes transmitted in the CLF format except the HTTP header, which is the '-' instead of 0 when there is no byte transfer.
%{foobar}c the contents of the Cookiefoobar in the request to the server.
% D The time, in micro units, that the server takes to process this request.
%{foobar}e The value of the environment variable FOOBAR
%f the file name
%h remote host
% h requests the Protocol
%{foobar}i send to the server the content of the request header FOOBAR:.
% l remote Login name (from Identd, if supported), unless IdentityCheck is set to "on", a "-" will be obtained.
%m The requested method
%{foobar}n the contents of the annotation Foobar from another module.
%{foobar}o The contents of the answer header Foobar:. The
%p Server serves the standard port for the request.
% P The PID of the child process serving this request. The
%{format}p serves the PID or TID (thread ID) of the request, and the format range is: PID and Tid (2.0.46 and later) and Hextid (requires APR1.2.0 and above)
%q query string ( If there is a "?" Boot, otherwise return an empty string)
%r the first line of the requested
%s state. For internal redirection requests, this state refers to the state of the original request, and-%>s refers to the state of the last request.
%t time, in normal log time format (Standard English format)
%{format}t time, in the format specified by Strftime (3). (localized format by default)
% T takes the time, in seconds, to finish processing the request.
%u remote user name (based on authentication information, if return status (%s) is 401, may be false)
% u request URL path, does not contain query string. The
%v standard servername to service the request.
% V The server name set according to the USECANONICALNAME directive.
% X Connection status when the request completes: The x= connection is interrupted before the answer is complete. The
+ = answer continues to remain connected after it has been delivered. The connection is closed after the
-= reply has been delivered.

(in a later version of 1.3, this instruction is%c, but this is the same as the previous SSL syntax:%{var}c conflict)
%I The number of bytes received, including the data for the request header, and cannot be zero. To use this command you must enable the Mod_logio module.
%O The number of bytes sent, including the data for the request header, and cannot be zero. To use this command you must enable the Mod_logio module.

Modifier
You can limit the entries for a record by following the "%" followed by a comma-separated list of status codes. For example, "%400,501{user-agent}i" only records User-agent header content when status codes 400 and 501 occur, and "-" instead when conditions are not met. You can also add "!" before the status code The prefix denotes negation, and "%!200,304,302{referer}i" records all Referer header content when the status code differs from 200,304,302.

The < and > modifiers can be used to specify whether the request that has been internally redirected is to select the original request or to select the final request. By default,%s,%u,%T,%d,%r use the original request, and all other format strings select the final request. For example,%>s can be used to record the final state of a request, while%<u records an original authenticated user who has been internally redirected to a request for a non-certified resource.

Some notes
For security reasons, starting with version 2.0.46,%r,%i,%o Special characters in the, except double quotation marks (") and backslashes (\) are escaped with \" and \ \ ", whitespace characters are escaped with C-style (\ n, \ t, etc.), non-printable characters and other special characters are escaped using the \XHH format (HH is the 16-encoding of the character). In previous versions of 2.0.46, the content was recorded as is intact. This will cause the client to be able to insert control characters into the log, so you should be very careful when working with these log files.

In version 2.0 (unlike 1.3), the%b and%b format strings do not represent the number of bytes sent to the client, but simply represent the number of HTTP reply bytes (which differs from the former when the connection is interrupted or when SSL is used). %O provided by Mod_logio The format string will record the actual number of bytes sent.

Example
Some common format strings are:

Common log Format (CLF)
"%h%l%u%t \"%r\ "%>s%b"

Common log format with a virtual host
"%v%h%l%u%t \"%r\ "%>s%b"

NCSA extended/Combined log format
"%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ ""

Referer log Format
"%{referer}i--%u"

Agent (Browser) log format
"%{user-agent}i"

The article at the beginning of the Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" Common Intermediate "" contains parameters can be found in the corresponding description, as for the last Common, in fact, is an identifier for this format, and when you apply this format to log, you can use identifiers directly, for example:
Customlog Logs/access_log Common
A log file that is logged in common format is generated under logs Access_log

Apache Logformat Parameter Description