Apache Access Log Management

1. Access Logs

In the previous virtual host configuration file, there are two lines of log-related configuration, and the end of combined is the format type of the log

Errorlog "Logs/111.com-error_log" Customlog "Logs/111.com-access_log" combined

The following log formats are defined in the master configuration file for Apache

Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" Combined Logformat "%h%l%u%t \"%r\ "%> ; s%b "common

/usr/local/apache2.4/logs/111.com-access_log records the access record of host 111.com, the log of combined mode is as follows:

[[email protected]_01 ~]# cat /usr/local/apache2.4/logs/111.com-access_log192.168.231.128  - - [21/Dec/2017:00:22:13 +0800]  "get http://111.com/ http/1.1"  200  8127.0.0.1 - - [21/Dec/2017:20:02:16 +0800]  "head http://111.com/  http/1.1 " 401 -127.0.0.1 - - [21/Dec/2017:20:11:22 +0800] " head http:/ /111.com/ http/1.1 " 401 -127.0.0.1 - - [21/Dec/2017:20:16:12 +0800] " head http://111.com/ http/1.1 " 401 -192.168.231.1 - - [21/dec/2017:20:18:16  +0800]  "get / http/1.1"  401 381192.168.231.1 -  wennan [21/ dec/2017:20:18:51 +0800]  "get / http/1.1"  401 381192.168.231.1 -  wennan [21/dec/2017:20:18:59 +0800]  "get / http/1.1"  200 8192.168.231.1  - wennan [21/dec/2017:20:18:59 +0800]  "get /favicon.ico http/1.1"  404 209192.168.231.1  - wennan [21/Dec/2017:20:19:15 +0800]  "get / http/1.1"  200  8192.168.231.1 - wennan [21/dec/2017:20:22:00 +0800]  "GET / HTTP/1.1"   200 8192.168.231.1 - wennan [21/dec/2017:20:38:38 +0800]  "GET / HTTP/ 1.1 " 200 8192.168.231.1 - wennan [21/Dec/2017:20:40:23 +0800] " get /  http/1.1 " 200 8192.168.231.1 - wennan [21/Dec/2017:20:40:32 +0800] " get / http/1.1 " 200 8192.168.231.1 - wennan [21/dec/2017:20:40:59 + 0800]  "get / http/1.1"  200 8192.168.231.1 - wennan [21/dec/ 2017:20:41:11 +0800]  "get / http/1.1"  200 8192.168.231.128 - wennan  [21/dec/2017:20:43:25 +0800]  " head http://111.com/ http/1.1 " 200 -192.168.231.1 - wennan [21/dec/ 2017:20:51:55 +0800]  "get / http/1.1"  200 8192.168.231.1 - wennan  [21/Dec/2017:20:52:04 +0800]  "get /123.php http/1.1"  500 -127.0.0.1 -  - [21/Dec/2017:20:53:11 +0800]  "head http://111.com/ http/1.1"  200 - 127.0.0.1 - - [21/dec/2017:20:53:21 +0800]  "head http://111.com/123.php  http/1.1 " 401 -192.168.231.128 - wennan [21/Dec/2017:20:53:36 +0800] " HEAD  http://111.com/123.php http/1.1 " 200 -192.168.231.128 - wennan [21/dec/ 2017:20:54:07 +0800]  "get http://111.com/123.php http/1.1"  200 29192.168.231.1  - wennan [21/Dec/2017:20:54:14 +0800]  "get /123.php http/1.1"  200  29192.168.231.128 - - [21/dec/2017:22:05:24 +0800]  "head http://2111.com.cn/ http/1.1"  301  -192.168.231.128 - - [21/Dec/2017:22:58:50 +0800]  "head http://2111.com.cn / http/1.1 " 301 -192.168.231.128 - - [21/Dec/2017:22:58:54 +0800] " head http://2111.com.cn/ http/1.1 " 301 -192.168.231.128 - - [21/dec/ 2017:22:58:55 +0800]  "head http://2111.com.cn/ http/1.1"  301 -192.168.231.128  - - [21/Dec/2017:23:00:48 +0800]  "head http://2111.com.cn/ http/1.1"   301 -  "-"   "curl/7.29.0" 192.168.231.128 - - [21/dec/2017:23:00:49 +0800]   "head http://2111.com.cn/ http/1.1"  301 -  "-"   "curl/7.29.0"

2. Do not log files of the specified type

① include the following in the virtual host configuration file:

Setenvif Request_uri ". *\.gif$" img setenvif request_uri ". *\.jpg$" img setenvif request_uri ". *\.png$" img SetEnvIf Reque St_uri ". *\.bmp$" img setenvif request_uri ". *\.swf$" img setenvif request_uri ". *\.js$" img setenvif request_uri ". *\.css $ "img Customlog" Logs/111.com-access_log "combined env=!img

The above configuration meaning, the GIF and other types of file consent to mark as IMG, and then record the access log when the access record of the IMG tag is not logged

② Restart Service

[Email protected]_01 ~]#/usr/local/apache2.4/bin/apachectl Graceful

③ multiple access to jpg,png and other types of files and non-IMG files after the following log. Setting takes effect.

[[email protected]_01 ~]# !tailtail /usr/local/apache2.4/logs/111.com-access_log127.0.0.1  - - [21/Dec/2017:23:28:57 +0800]  "head http://111.com/asdasdasdasda.jpg  http/1.1 " 404 - "-" " curl/7.29.0 "127.0.0.1 - - [21/dec/2017:23:37:38 + 0800]  "head http://111.com/asdasdasdasda.jpg http/1.1"  404 -  "-"   "curl/ 7.29.0 "127.0.0.1 - - [21/dec/2017:23:38:13 +0800] " head http://111.com/ asdasdasdasda.jpg http/1.1 " 404 - "-" " curl/7.29.0 "127.0.0.1 - - [21/ dec/2017:23:38:45 +0800]  "head http://111.com/asdasdasdasda.jpg http/1.1"  404 -   "-"   "curl/7.29.0" 127.0.0.1 - - [21/dec/2017:23:39:26 +0800]  "HEAD  HTTP://111.com/asdasdasdasda.jpg HTTP/1.1 " 404 - "-" " curl/7.29.0 "127.0.0.1 -  - [21/dec/2017:23:41:20 +0800]  "get http://111.com/asdasdasdasda.jpg http/1.1"  404 215  "-"   " curl/7.29.0 "127.0.0.1 - - [21/dec/2017:23:41:42 +0800] " GET HTTP://111.com/ asdasdasdasda.jpg http/1.1 " 404 215 "-" " curl/7.29.0 "127.0.0.1 - - [21 /dec/2017:23:46:16 +0800]  "get http://111.com/asdasdasdasda.png http/1.1"  404  215  "-"   "curl/7.29.0" 127.0.0.1 - - [21/dec/2017:23:49:52 +0800]  "GET  HTTP://111.com/asdasdasdasda.jpg1 HTTP/1.1 " 404 216 "-" " curl/7.29.0 "127.0.0.1 -  - [21/Dec/2017:23:49:58 +0800]  "get http://111.com/asdasdasdasda.jpg2 http/1.1"  404 216  "-"   "curl/7.29.0"

3. Log Cutting

① Configure the virtual host configuration file as follows:

Customlog "|/usr/local/apache2.4/bin/rotatelogs-l logs/111.com-access_%y%m%d.log 86400" combined env=!img

Description

Here, you call Apache's own daily-to-cut tool, rotatelogs, for processing.

-L: The log is cut at the current time system time, otherwise the log is cut in UTC time.

%y%m%d: Automatically creates a log file of the corresponding time based on the time date.

86400: Cut logs in days.

② Reload the host profile and then use the Curl tool or the browser to access the 111.com content to generate the access date.

[Email protected]_01 ~]# curl-x127.0.0.1:80 111.com/123.php123.php authorization passed[[email protected]_01 ~]# Curl- X127.0.0.1:80 111.com/123.php123.php Authorization passed[[email protected]_01 ~]# curl-x127.0.0.1:80 111.com/123. php123.php authorization Passed[[email protected]_01 ~]# curl-x127.0.0.1:80 111.com/123.php123.php Authorization Passed

③ viewing new log files created in the/usr/local/apache2.4/logs/directory that are split by date

[[email protected]_01 ~]# ls /usr/local/apache2.4/logs/111.com-access_20171222.log   123.com-access_log  access_log111.com-access_log            abc.com-access_log  error_log111.com-error_log             abc.com-error_log   httpd.pid[[email protected]_ 01 logs]# cat 111.com-access_20171222.log127.0.0.1 - - [22/dec/2017:00:35:01  +0800]  "get http://111.com/asdasdasdasda.jpg2 http/1.1"  404 216  "-"   " curl/7.29.0 "127.0.0.1 - - [22/dec/2017:00:35:05 +0800] " GET HTTP://111.com/ asdasdasdasda.jpg2 http/1.1 " 404 216 "-" " curl/7.29.0 "127.0.0.1 - - [ 22/dec/2017:00:35:07 +0800]  "get http://111.com/asdasdasdasda.jpg2 http/1.1"  404  216  "-"   "CURL/7.29.0 "127.0.0.1 - - [22/dec/2017:00:35:07 +0800] " get http://111.com/ asdasdasdasda.jpg2 http/1.1 " 404 216 "-" " curl/7.29.0 "127.0.0.1 - - [ 22/dec/2017:00:35:08 +0800]  "get http://111.com/asdasdasdasda.jpg2 http/1.1"  404  216  "-"   "curl/7.29.0" 127.0.0.1 - - [22/dec/2017:00:35:09 +0800]  "GET  http://111.com/asdasdasdasda.jpg2 http/1.1 " 404 216 "-" " curl/7.29.0 "127.0.0.1  - - [22/Dec/2017:00:35:09 +0800]  "get http://111.com/asdasdasdasda.jpg2  http/1.1 " 404 216 "-" " curl/7.29.0 "127.0.0.1 - - [22/dec/2017:00:35:10  +0800]  "get http://111.com/asdasdasdasda.jpg2 http/1.1"  404 216  "-"   " curl/7.29.0 "127.0.0.1 - - [22/dec/2017:00:35:28 +0800] " GET HTTP://111.com/123. php http/1.1 " 200 29  " -" " curl/7.29.0 "127.0.0.1 - - [22/dec/2017:00:35:30 +0800] " GET HTTP://111. com/123.php http/1.1 " 200 29 "-" " curl/7.29.0 "127.0.0.1 - - [22/dec/ 2017:00:35:30 +0800]  "get http://111.com/123.php http/1.1"  200 29  "-"   "curl/7.29.0" 127.0.0.1 - - [22/dec/2017:00:35:31 +0800]  "GET HTTP://111.com/123. php http/1.1 " 200 29 "-" " curl/7.29.0 "

Apache Access Log Management