Apache Log Cutting issues
httpd logs can be automatically cut.
method One: cronolog need to be installed first UseCronologCreate a new log for each day
customlog "|bin/cronolog logs/access_%y%m%d.log" combined
You can also press the hour
customlog "|bin/cronolog logs/access_%y%m%d%h.log" combined
Method Two: rotatelogs for httpd bring your own software Use Rotatelogs record a log every day
customlog "|bin/rotatelogs-l logs/access_%y%m%d.log 86400" combined
per hour
customlog "|bin/rotatelogs-l logs/access_%y%m%d%H. Log 3600 "combined
Apache rotatelogs Syntax
rotatelogs [-l |-t] logfile [rotationtime [offset]] | [Filesizem]
- LUselocal time instead of GMT timeas a time benchmark. Be sure to add-l otherwise the log time and the actual time are 8 hours apart. GMT:UT(Universal Time)Greenwichtime, also known as "World".
-T truncated instead of rotated, log truncation instead of cutting;
logfile
it adds the base name to the log file name. If logfile contains "%", it is treated as a format string for strftime (), otherwise it is automatically appended with the ". nnnnnnnnnn" suffix in seconds. Both of these formats represent the new logstart usingthe time.
Rotationtime
The interval of time in seconds that the log file is scrolled.
Offset
Of the time difference from UTCNumber of minutes. If omitted, the 0″ is assumed and UTC time is used. For example, to specify local time for a region with a UTC difference of "-5 hours", this parameter should be " -300″."
Filesizem
Specifies that scrolling is filesizem file size instead of scrolling by time or slack.
HTTP Referer
The HTTP source address (Referer, or HTTP referer), is a field of the HTTP header that is used to indicate where to link to the current Web page, in the form of a URL. In other words, with the HTTP source address, the current Web page can check where visitors come from, and this is often used to deal with forged cross-site requests.
httpd Log of only the specified URI is logged
http://www.apelearn.com/bbs/forum.php?mod=viewthread&tid=981&fromuid=6069
By default, the log log format is:
Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" Combined
where%h is the IP of the record visitor, if there is a layer of proxy in the front of the web, then this%h is actually the IP of the proxy machine, this is not what we want. In this case,
the%{x-forwarded-for}i field records the client's true IP. so log logs should read:
Logformat "%h%{x-forwarded-for}i%l%u%t \ "%r\"%>s%b \ "%{referer}i\" \ "%{user-agent}i\" " combined
From for notes (Wiz)
HTTPD's Log cutting
