Apache Log Interpretation
want to know when someone has browsed what's on the site? Check The Apache access log to know. The access log is the standard log for Apache, which explains in detail the contents of the access log and the configuration of the relevant options.
one, the format of the access log
Apache has built the ability to record server activity, which is its log function. ThisApache log article describes Apache 's access logs, error logs, and how to analyze log data, how to customize Apache logs, and how to generate statistical reports from log data.
if apache (in windows access.log "and Error_log Windows error.log/usr/local/apache/logs windows installation directory of Logs subdirectory. Different package managers put log files in different locations, so you might want to look for other places, or see where these log files are configured by configuration files.
as its name implies, the access log access_log records all access activities to the WEB server. The following is a typical record in the access log:
126.96.36.199--[19/aug/2000:14:47:37-0400] "get/http/1.0" 200 654
This line of content is determined by7item, there are two gaps in the above example, but the entire line is still divided into7items.
First Iteminformation is the address of the remote host, which indicates who is visiting the site. In the example above, the host accessing the site is188.8.131.52. Casually speaking, this address belongs to a nameSi3001.inktomi.comMachine (to find this information, you can use theNslookupTool FindDns),Inktomi.comis a productionWebsearch for software companies. As you can see, we can get a lot of information about our visitors just by starting with the first entry in the log.
by default, the first information is only the remote host'sIpaddress, but we can askApacheidentify all host names and replace them with host names in the log files .Ipaddress. However, this practice is often not recommended, as it will greatly affect the speed at which servers log logs, thus reducing the efficiency of the entire site. In addition, there are a number of tools that are able to log filesIpaddresses are converted to host names, and therefore requireApacheRecord host name substitutionIpThe address is not worth the candle. However, if it is really necessary to makeApacheTo find out the name of the remote host, we can use the following command:Hostnamelookups on( This option is /usr/local/apache2/conf/extra/httpd-default.confin),ifHostnamelookupsSet asDoubleand notOn, the logger will reverse-lookup the host name it finds, verifying that the host name does point to the originalIpaddress. By defaultHostnamelookupsset toOff.
In the previous example log record,Second Itemis blank, replace with a "-" placeholder. In fact, most of the time this is the case. This location is used to record the browser's identity, not just the user's login name, but the email address or other unique identifier of the person who browsed the browser. This information is returned by Identd, or directly by the browser. Early in the day, Netscape 0.9 also dominated the position, which often recorded the e-mail address of the visitors. However, because someone used it to collect e-mail addresses and send spam, it was not retained for how long, and it was canceled by almost all browsers on the market long ago. So today, the second item in the log is that the chances of seeing an email address are slim.
of the log recordThird Itemis also blank. This location is used to record the name provided by the browser when authenticating. Of course, if some content of the site requires users to authenticate, then this information is not blank. However, for most Web sites, this entry in most records of a log file is still blank.
of the log recordItem FourthIs the time of the request. This information is enclosed in square brackets and is used in the so-called "public log Format" or "Standard English format". Therefore, the previous log record represents the requested time August 19, 2000 Wednesday 14:47:37. The last "-0400" of the time information indicates that the server's time zone is 4 hours before UTC.
of the log recordItem FifthThe information is perhaps the most useful information in the entire log record, which tells us what kind of request the server is receiving. The typical format for this information is "method RESOURCE PROTOCOL", which is the "approach resource Agreement".
In the example above, method is get, and other often possible method is the post and head. In addition, there are a number of possible legal method, but mainly these three kinds. Resource refers to the document, or URL, that the browser requests to the server. In this example, the browser asks for "/", which is the homepage or root of the website. In most cases, "/" points to the index.html document of the DocumentRoot directory, but it may also point to other files depending on the configuration of the server. Protocol is usually HTTP, followed by a version number. The version number is either 1.0, or 1.1, but there are more than 1.0. We know that the HTTP protocol is the basis for the web to work, http/1.0 is an earlier version of the HTTP protocol, and 1.1 is the most recent version. Most Web clients today still use the 1.0 version of the HTTP protocol.
of the log recordItem SixthThe information is the status code. It tells us whether the request was successful or what kind of error was encountered. Most of the time, this value is 200, which indicates that the server has successfully responded to browser requests and everything is fine. You are not prepared to give a complete list of status codes and to explain what they mean, please refer to the relevant information. In general, however, a status code starting with 2 indicates success, and a status code starting with 3 indicates that the user request is redirected to a different location due to various reasons, a status code starting with 4 indicates that there is an error on the client, and a status code starting with 5 indicates that the server encountered an error.
of the log recordItem SeventhRepresents the total number of bytes sent to the client. It tells us whether the transmission is interrupted (that is, whether the value is the same as the size of the file). By adding these values to the log, you can tell how much data the server sends in a day, week, or month.
This article is from the "Wu Fei" blog, please be sure to keep this source http://wutengfei.blog.51cto.com/10942117/1906920
Apache Log Interpretation