Apache logs do not record the image file setting method and source log configuration.

Source: Internet
Author: User
Tags control characters http authentication password protection
Apache logs do not record Image File Settings

<Filesmatch "\. (ICO | GIF | JPG | SWF)">
Setenv imag 1
Customlog logs/access_log combined Env =! Imag

Apache logs: If you record all access requests, the file will be large. If you use log analysis software, the analysis results may not be accurate. In addition, if you do not install the cronolog tool to truncate the log, it will be in an entire file. In this way, the access traffic is high, and the space occupied by the log file is considerable.

By setting this in the httpd. conf file (which can be set directly in the httpd-vhosts.conf file by the VM), logs do not record requests of the specified file type:

<Filesmatch "\. (ICO | GIF | JPG | SWF)"> )"〉
Setenv imag 1
</Filesmatch> 〉
Customlog logs/access_logCombined ENV =! Imag

In the first line, the bold part in the brackets is of the file type, which can be freely specified and separated by a vertical line "|.

In Row 4, The strikethrough part is the path of the log file, which is set according to the actual situation. italic is one of the four logging methods of Apache logs (common, combined, Referer, and agent, select based on actual needs;ENV =! ImagIt must be added to the end. The command does not record the type specified above.

Logs are recorded based on the source address:

<Ifmodule logio_module>
# You need to enable mod_logio.c to use % I and % O
Logformat "% H % L % u % t \" % R \ "%> S % B \" % {Referer} I \ "\" % {User-Agent} I \ "% I % O" combinedio

# The location and format of the access logfile (Common logfile format ).
# If you do not define any access logfiles within a <virtualhost>
# Container, they will be logged here. Contrariwise, if you * do *
# Define per-<virtualhost> access logfiles, transactions will be
# Logged therein and * not * in this file.
# Customlog logs/access_log common
Setenvif Referer Baidu \. com localreferer
Customlog "|/usr/local/sbin/cronolog/usr/local/apache2.2.3/logs/Access _ % Y % m % d. log" combined Env =! Localreferer # non-Baidu source records here
Customlog "|/usr/local/sbin/cronolog/usr/local/apache2.2.3/logs/Baidu _ % Y % m % d. log "combined Env = localreferer # the records from all sources are recorded here by Baidu.


# If you prefer a logfile with access, agent, and referer information
# (Combined logfile format) You can use the following ctictive.
# Customlog logs/access_log combined


Access log)
Related modules Related commands
  • mod_log_config
  • mod_setenvif
  • CustomLog
  • LogFormat
  • SetEnvIf

Access logs record all requests processed by the server. The file name and location depend onCustomLogCommand,LogFormatCommand can simplify the log Content. This section describes how to configure Server access logs.

To implement log management, you must first generate access logs before analyzing logs to obtain useful statistics. Log analysis is not the responsibility of the Web server. It is beyond the scope of this article. For more information and information about analysis tools, see open directory or Yahoo.

Different versions of Apache httpd use different modules and commands to control access records, including mod_log_referer, mod_log_agent, andTransferLogCommand. Now,CustomLogCommands include all the functions of commands in earlier versions.

The access log format is highly flexible and uses a string in the C-style printf () function format. The following are a few examples.mod_log_configThe format string of the module.

Common log format)

This is a typical record format:

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common

It defines a specific record format string andAliasCallcommon"%" Indicates that the server is replaced with some information, and other characters are not replaced. Quotation marks ("Must be followed by a backslash to avoid the end of the string. The format string can also contain special control characters, such as line breaks"\n", Tab"\t".

CustomLogCommand to createAliasUnless the file name is an absolute path starting with a slash, the path is relativeServerRoot.

The preceding configuration is a common log format (CLF). It is used by many different web servers and recognized by many log analysis programs, the records it generates are like: - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

Each part of the record is described as follows: %h)
This is the IP address of the client sending the request to the server. If HostnameLookupsSet On, The server will try to resolve the Host Name of the IP address and replace the IP address here, but this is not recommended because it will significantly slow down the server, it is best to use a log processor to determine the Host Name, for example logresolve. If a proxy exists between the client and the server, the IP address in the record is the proxy IP address, not the real IP address of the client.
-( %l)
This is done by the client identdThe rfc1413 identity determined by the process. The output symbol "-" indicates that the information here is invalid. Unless in a strictly controlled internal network, this information is usually unreliable and should not be used. Only when IdentityCheckSet the command OnApache will try to obtain this information.
frank( %u)
This is the customer ID (userid) and environment variable used by the HTTP Authentication System to access this webpage. REMOTE_USERIt is set to this value and provided to the CGI script. If the status code is 401, it indicates that the customer has not passed the authentication, then this value is meaningless. If no password protection is set for the webpage, this option will be" -".
[10/Oct/2000:13:55:36 -0700]( %t)
This is the time when the server completes request processing. The format is:

[Day/month/year: hour: minute: Second Time Zone]
Day = 2 digits
Month = 3 letters
Year = 4 digits
Time = 2 digits
Minute = 2 digits
Seconds = 2 digits
Time zone = (+ |-) 4 digits

It can be used in a format string %{format}tTo change the time output format. formatIn the C standard library strftime()The usage is the same.
"GET /apache_pb.gif HTTP/1.0"( \"%r\")
The quotation marks are the request lines sent by the client that contain many useful information. We can see that this customer's action is GETThe requested resource is /apache_pb.gif, The protocol used is HTTP/1.0. You can also record other information, such as format strings" %m %U%q %H"Records actions, paths, query strings, protocols, and outputs and" %r.
200( %>s)
This is the status code that the server returns to the client. This information is very valuable because it indicates the request result, or is successfully responded (starting with 2) or redirected (starting with 3 ), or an error occurs (starting with 4) or a server error (starting with 5 ). For a complete list of status codes, see http specifications (Chapter rfc2616 10th ).
2326( %b)
Finally, this is the number of bytes that are returned to the client, excluding the response header. If no information is returned, this item should be" -", If you want to record" 0"Form, you should use %B.
Combined log format)

Another common record format is the combined log format. The format is as follows:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/access_log combined

This format is similar to the common log format, but there are two more%{header}iItem, whereHeaderIt can be any request header. The format of the record is as follows: - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

Among them, the additional items are:

"http://www.example.com/start.html"( \"%{Referer}i\")
"Referer" request header. This indicates the page from which the request was submitted. This page should contain /apache_pb.gifOr its connection.
"Mozilla/4.08 [en] (Win98; I ;Nav)"( \"%{User-agent}i\")
"User-Agent" request header. This is the browser identification information provided by the client.
Multi-file access logs

You can simply use multipleCustomLogCommand to create multi-file access logs. The following example records the basic CLF information, the information of the submitted webpage and browser, and the last two linesCustomLogDemonstrate how to simulateReferLogAndAgentLogCommand effect.

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common
CustomLog logs/referer_log "%{Referer}i -> %U"
CustomLog logs/agent_log "%{User-agent}i"

This example also shows that the record format can be directlyCustomLogSpecified, but not necessarily usedLogFormatStart an alias.

Condition log

In many cases, it is convenient to selectively record some client requests based on the environment variables related to the request characteristics. First, you must useSetEnvIfCommand to set specific environment variables to identify requests that meet certain conditions, and then useCustomLogCommandenv=Clause, which determines to record or exclude specific requests based on these environment variables. For example:

# Do not record local requests
Setenvif remote_addr "127 \. 0 \. 0 \. 1" dontlog
# Do not log requests to the robots.txt File
Setenvif request_uri "^/robots \. txt $" dontlog
# Record other requests
Customlog logs/access_log common Env =! Dontlog

Another example is to record requests in English to one log and non-English requests to another log:

SetEnvIf Accept-Language "en" english
CustomLog logs/english_log common env=english
CustomLog logs/non_english_log common env=!english

Although the above shows that conditional logging is powerful and flexible, it is not the only way to control log Content. You can also use the log processing program to remove content that you don't care about, this makes logs more useful.

Log rolling

Even if a server is not busy, its log file contains a large amount of information. Generally, the access log is increased by 1 MB or more for every 10000 requests. In this case, it is necessary to regularly scroll log files. Apache keeps log files open and keeps writing information. Therefore, the server cannot scroll during running. After you move or delete a log file, you must restart the server to open the new log file.

UseElegant (graceful)Method to enable the server to enable new log files without losing the original unwritten information. Therefore, it is necessary to wait for a while for the server to complete the request being processed and write the record to the original log file. The following is a typical example of rolling logs and compressing old logs to save storage space:

mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old

Another method for performing scrolling is to use the pipeline logs described in the next section.

MPs queue logs

Apache httpd can pass access records and error information to another process through the pipeline, instead of writing a file. Because you do not need to program the master server, this function significantly enhances the flexibility of logs. You only need to use the pipeline operator"|"Followed by an executable file name, this program can obtain event records from the standard input device. Apache starts the pipeline log process at the same time, and if the process crashes during running, will restart this process (so we call this technology "reliable pipeline log ").

The pipeline log process is generated by its parent process Apache httpd and inherits its permissions. This means that pipeline processes are generally run as root, so it is critical to keep this program simple and secure.

An important use of pipeline logs is to allow log scrolling without restarting the server. Therefore, the server provides a simple programrotatelogs. An example of rolling logs every 24 hours is as follows:

CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common

Note: The quotation marks are used to define the command line of the entire pipeline. Although this is for access logs, its usage is the same for other logs.

On other sites, there is a similar but more flexible log rolling program called cronolog.

If there is a simple offline log processing solution, condition logs and pipeline logs should not be used, even if they are very powerful.

Virtual Host

If the server has several virtual hosts, there are several other functions to control log files. First, you can place the log command in<VirtualHost>The same access log and Error Log are used by the master server to record all requests and errors, but the information of each virtual host cannot be conveniently obtained.

IfCustomLogOrErrorLogPlace commands in<VirtualHost>All requests and error messages to this VM will be recorded in its private log file.<VirtualHost>The VM that uses the log command within the same segment will still use the same log as the master server. This method is very useful for servers with fewer virtual hosts. However, when there are many virtual hosts, it will lead to management difficulties and a shortage of file descriptors will often occur.

There is a good compromise between access logs. Access to All Hosts is recorded in the same access log file, and each record indicates the information of the virtual host, in the future, the records will be split and stored into different files. For example:

LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
CustomLog logs/access_log comonvhost

%vUsed to append information of a VM. There is a split-logfile program that can split logs based on different virtual host information and save the results to different files.

Other log files
Related modules Related commands
  • mod_logio
  • mod_log_forensic
  • mod_cgi
  • mod_rewrite
  • LogFormat
  • ForensicLog
  • PidFile
  • RewriteLog
  • RewriteLogLevel
  • ScriptLog
  • ScriptLogBuffer
  • ScriptLogLength
Records the actual number of bytes received and sent

mod_logioTwo additionalLogFormatField (% I and % O) is used to record the actual number of bytes received and sent.

Comparison record (forensic logging)

mod_log_forensicProvidesComparisonRecord, that is, two records are recorded before and after the request is processed. Therefore, the comparison log contains two records for each request. The comparison recorder (forensic logger) is very strict and cannot be customized. It can be an invaluable debugging and security tool.

PID File

At startup, Apache httpd willlogs/httpd.pidThe process ID (process ID [pid]) of the parent httpd stored in the file. This file name can be usedPidFileCommand change. The PID can be used by the Administrator to restart or terminate the backend daemon. In Windows, you can use the command line parameter-K. For more information, see stop and restart.

Script log

You can useScriptLogCommand to record the input and output of the CGI script. This function should be used only for testing and not for servers that work normally. For more information, see mod_cgi.

Re-write log

It is almost necessary to use the powerful and flexible mod_rewrite.RewriteLogTo help with debugging. This log provides detailed decomposition information about how the rewrite engine converts requests, depending on the degree of detailRewriteLogLevelCommand.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.