|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
|
|
Packit |
90a5c9 |
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
This file is generated from xml source: DO NOT EDIT
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
-->
|
|
Packit |
90a5c9 |
<title>Log Files - Apache HTTP Server Version 2.4</title>
|
|
Packit |
90a5c9 |
<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
|
|
Packit |
90a5c9 |
<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
|
|
Packit |
90a5c9 |
<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
|
|
Packit |
90a5c9 |
<script src="./style/scripts/prettify.min.js" type="text/javascript">
|
|
Packit |
90a5c9 |
</script>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<link href="./images/favicon.ico" rel="shortcut icon" /></head>
|
|
Packit |
90a5c9 |
<body id="manual-page">
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap
|
|
Packit |
90a5c9 |
Apache HTTP Server Version 2.4
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache > HTTP Server > Documentation > Version 2.4
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr |
|
|
Packit |
90a5c9 |
ja |
|
|
Packit |
90a5c9 |
ko |
|
|
Packit |
90a5c9 |
tr
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In order to effectively manage a web server, it is necessary
|
|
Packit |
90a5c9 |
to get feedback about the activity and performance of the
|
|
Packit |
90a5c9 |
server as well as any problems that may be occurring. The Apache HTTP Server
|
|
Packit |
90a5c9 |
provides very comprehensive and flexible logging
|
|
Packit |
90a5c9 |
capabilities. This document describes how to configure its
|
|
Packit |
90a5c9 |
logging capabilities, and how to understand what the logs
|
|
Packit |
90a5c9 |
contain.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Security Warning
|
|
Packit |
90a5c9 |
Error Log
|
|
Packit |
90a5c9 |
Per-module logging
|
|
Packit |
90a5c9 |
Access Log
|
|
Packit |
90a5c9 |
Log Rotation
|
|
Packit |
90a5c9 |
Piped Logs
|
|
Packit |
90a5c9 |
Virtual Hosts
|
|
Packit |
90a5c9 |
Other Log Files
|
|
Packit |
90a5c9 |
See also
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The Apache HTTP Server provides a variety of different mechanisms for
|
|
Packit |
90a5c9 |
logging everything that happens on your server, from the initial
|
|
Packit |
90a5c9 |
request, through the URL mapping process, to the final resolution of
|
|
Packit |
90a5c9 |
the connection, including any errors that may have occurred in the
|
|
Packit |
90a5c9 |
process. In addition to this, third-party modules may provide logging
|
|
Packit |
90a5c9 |
capabilities, or inject entries into the existing log files, and
|
|
Packit |
90a5c9 |
applications such as CGI programs, or PHP scripts, or other handlers,
|
|
Packit |
90a5c9 |
may send messages to the server error log.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In this document we discuss the logging modules that are a standard
|
|
Packit |
90a5c9 |
part of the http server.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Anyone who can write to the directory where Apache httpd is
|
|
Packit |
90a5c9 |
writing a log file can almost certainly gain access to the uid
|
|
Packit |
90a5c9 |
that the server is started as, which is normally root. Do
|
|
Packit |
90a5c9 |
NOT give people write access to the directory the logs
|
|
Packit |
90a5c9 |
are stored in without being aware of the consequences; see the
|
|
Packit |
90a5c9 |
security tips document
|
|
Packit |
90a5c9 |
for details.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In addition, log files may contain information supplied
|
|
Packit |
90a5c9 |
directly by the client, without escaping. Therefore, it is
|
|
Packit |
90a5c9 |
possible for malicious clients to insert control-characters in
|
|
Packit |
90a5c9 |
the log files, so care must be taken in dealing with raw
|
|
Packit |
90a5c9 |
logs.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The server error log, whose name and location is set by the
|
|
Packit |
90a5c9 |
ErrorLog directive, is the
|
|
Packit |
90a5c9 |
most important log file. This is the place where Apache httpd
|
|
Packit |
90a5c9 |
will send diagnostic information and record any errors that it
|
|
Packit |
90a5c9 |
encounters in processing requests. It is the first place to
|
|
Packit |
90a5c9 |
look when a problem occurs with starting the server or with the
|
|
Packit |
90a5c9 |
operation of the server, since it will often contain details of
|
|
Packit |
90a5c9 |
what went wrong and how to fix it.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The error log is usually written to a file (typically
|
|
Packit |
90a5c9 |
error_log on Unix systems and
|
|
Packit |
90a5c9 |
error.log on Windows and OS/2). On Unix systems it
|
|
Packit |
90a5c9 |
is also possible to have the server send errors to
|
|
Packit |
90a5c9 |
syslog or pipe them to a
|
|
Packit |
90a5c9 |
program.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The format of the error log is defined by the ErrorLogFormat directive, with which you
|
|
Packit |
90a5c9 |
can customize what values are logged. A default is format defined
|
|
Packit |
90a5c9 |
if you don't specify one. A typical log message follows:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
[Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416]
|
|
Packit |
90a5c9 |
[client 72.15.99.187] File does not exist: /usr/local/apache2/htdocs/favicon.ico
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The first item in the log entry is the date and time of the
|
|
Packit |
90a5c9 |
message. The next is the module producing the message (core, in this
|
|
Packit |
90a5c9 |
case) and the severity level of that message. This is followed by
|
|
Packit |
90a5c9 |
the process ID and, if appropriate, the thread ID, of the process
|
|
Packit |
90a5c9 |
that experienced the condition. Next, we have the client address
|
|
Packit |
90a5c9 |
that made the request. And finally is the detailed error message,
|
|
Packit |
90a5c9 |
which in this case indicates a request for a file that did not
|
|
Packit |
90a5c9 |
exist.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
A very wide variety of different messages can appear in the
|
|
Packit |
90a5c9 |
error log. Most look similar to the example above. The error
|
|
Packit |
90a5c9 |
log will also contain debugging output from CGI scripts. Any
|
|
Packit |
90a5c9 |
information written to stderr by a CGI script will
|
|
Packit |
90a5c9 |
be copied directly to the error log.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Putting a %L token in both the error log and the access
|
|
Packit |
90a5c9 |
log will produce a log entry ID with which you can correlate the entry
|
|
Packit |
90a5c9 |
in the error log with the entry in the access log. If
|
|
Packit |
90a5c9 |
mod_unique_id is loaded, its unique request ID will be
|
|
Packit |
90a5c9 |
used as the log entry ID, too.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
During testing, it is often useful to continuously monitor
|
|
Packit |
90a5c9 |
the error log for any problems. On Unix systems, you can
|
|
Packit |
90a5c9 |
accomplish this using:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
tail -f error_log
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The LogLevel directive
|
|
Packit |
90a5c9 |
allows you to specify a log severity level on a per-module basis. In
|
|
Packit |
90a5c9 |
this way, if you are troubleshooting a problem with just one
|
|
Packit |
90a5c9 |
particular module, you can turn up its logging volume without also
|
|
Packit |
90a5c9 |
getting the details of other modules that you're not interested in.
|
|
Packit |
90a5c9 |
This is particularly useful for modules such as
|
|
Packit |
90a5c9 |
mod_proxy or mod_rewrite where you
|
|
Packit |
90a5c9 |
want to know details about what it's trying to do.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Do this by specifying the name of the module in your
|
|
Packit |
90a5c9 |
LogLevel directive:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogLevel info rewrite:trace5
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This sets the main LogLevel to info, but
|
|
Packit |
90a5c9 |
turns it up to trace5 for
|
|
Packit |
90a5c9 |
mod_rewrite .
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This replaces the per-module logging directives, such as
|
|
Packit |
90a5c9 |
RewriteLog , that were present in earlier versions of
|
|
Packit |
90a5c9 |
the server.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The server access log records all requests processed by the
|
|
Packit |
90a5c9 |
server. The location and content of the access log are
|
|
Packit |
90a5c9 |
controlled by the CustomLog
|
|
Packit |
90a5c9 |
directive. The LogFormat
|
|
Packit |
90a5c9 |
directive can be used to simplify the selection of
|
|
Packit |
90a5c9 |
the contents of the logs. This section describes how to configure the server
|
|
Packit |
90a5c9 |
to record information in the access log.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Of course, storing the information in the access log is only
|
|
Packit |
90a5c9 |
the start of log management. The next step is to analyze this
|
|
Packit |
90a5c9 |
information to produce useful statistics. Log analysis in
|
|
Packit |
90a5c9 |
general is beyond the scope of this document, and not really
|
|
Packit |
90a5c9 |
part of the job of the web server itself. For more information
|
|
Packit |
90a5c9 |
about this topic, and for applications which perform log
|
|
Packit |
90a5c9 |
analysis, check the
|
|
Packit |
90a5c9 |
Open Directory.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Various versions of Apache httpd have used other modules and
|
|
Packit |
90a5c9 |
directives to control access logging, including
|
|
Packit |
90a5c9 |
mod_log_referer, mod_log_agent, and the
|
|
Packit |
90a5c9 |
TransferLog directive. The CustomLog directive now subsumes
|
|
Packit |
90a5c9 |
the functionality of all the older directives.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The format of the access log is highly configurable. The format
|
|
Packit |
90a5c9 |
is specified using a format string that looks much like a C-style
|
|
Packit |
90a5c9 |
printf(1) format string. Some examples are presented in the next
|
|
Packit |
90a5c9 |
sections. For a complete list of the possible contents of the
|
|
Packit |
90a5c9 |
format string, see the mod_log_config format strings.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
A typical configuration for the access log might look as
|
|
Packit |
90a5c9 |
follows.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
Packit |
90a5c9 |
CustomLog logs/access_log common
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This defines the nickname common and
|
|
Packit |
90a5c9 |
associates it with a particular log format string. The format
|
|
Packit |
90a5c9 |
string consists of percent directives, each of which tell the
|
|
Packit |
90a5c9 |
server to log a particular piece of information. Literal
|
|
Packit |
90a5c9 |
characters may also be placed in the format string and will be
|
|
Packit |
90a5c9 |
copied directly into the log output. The quote character
|
|
Packit |
90a5c9 |
(" ) must be escaped by placing a backslash before
|
|
Packit |
90a5c9 |
it to prevent it from being interpreted as the end of the
|
|
Packit |
90a5c9 |
format string. The format string may also contain the special
|
|
Packit |
90a5c9 |
control characters "\n " for new-line and
|
|
Packit |
90a5c9 |
"\t " for tab.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The CustomLog
|
|
Packit |
90a5c9 |
directive sets up a new log file using the defined
|
|
Packit |
90a5c9 |
nickname. The filename for the access log is relative to
|
|
Packit |
90a5c9 |
the ServerRoot unless it
|
|
Packit |
90a5c9 |
begins with a slash.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The above configuration will write log entries in a format
|
|
Packit |
90a5c9 |
known as the Common Log Format (CLF). This standard format can
|
|
Packit |
90a5c9 |
be produced by many different web servers and read by many log
|
|
Packit |
90a5c9 |
analysis programs. The log file entries produced in CLF will
|
|
Packit |
90a5c9 |
look something like this:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
|
|
Packit |
90a5c9 |
/apache_pb.gif HTTP/1.0" 200 2326
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Each part of this log entry is described below.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
127.0.0.1 (%h )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This is the IP address of the client (remote host) which
|
|
Packit |
90a5c9 |
made the request to the server. If HostnameLookups is
|
|
Packit |
90a5c9 |
set to On , then the server will try to determine
|
|
Packit |
90a5c9 |
the hostname and log it in place of the IP address. However,
|
|
Packit |
90a5c9 |
this configuration is not recommended since it can
|
|
Packit |
90a5c9 |
significantly slow the server. Instead, it is best to use a
|
|
Packit |
90a5c9 |
log post-processor such as logresolve to determine
|
|
Packit |
90a5c9 |
the hostnames. The IP address reported here is not
|
|
Packit |
90a5c9 |
necessarily the address of the machine at which the user is
|
|
Packit |
90a5c9 |
sitting. If a proxy server exists between the user and the
|
|
Packit |
90a5c9 |
server, this address will be the address of the proxy, rather
|
|
Packit |
90a5c9 |
than the originating machine.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
- (%l )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The "hyphen" in the output indicates that the requested
|
|
Packit |
90a5c9 |
piece of information is not available. In this case, the
|
|
Packit |
90a5c9 |
information that is not available is the RFC 1413 identity of
|
|
Packit |
90a5c9 |
the client determined by identd on the clients
|
|
Packit |
90a5c9 |
machine. This information is highly unreliable and should
|
|
Packit |
90a5c9 |
almost never be used except on tightly controlled internal
|
|
Packit |
90a5c9 |
networks. Apache httpd will not even attempt to determine
|
|
Packit |
90a5c9 |
this information unless IdentityCheck is set
|
|
Packit |
90a5c9 |
to On .
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
frank (%u )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This is the userid of the person requesting the document
|
|
Packit |
90a5c9 |
as determined by HTTP authentication. The same value is
|
|
Packit |
90a5c9 |
typically provided to CGI scripts in the
|
|
Packit |
90a5c9 |
REMOTE_USER environment variable. If the status
|
|
Packit |
90a5c9 |
code for the request (see below) is 401, then this value
|
|
Packit |
90a5c9 |
should not be trusted because the user is not yet
|
|
Packit |
90a5c9 |
authenticated. If the document is not password protected,
|
|
Packit |
90a5c9 |
this part will be "- " just like the previous
|
|
Packit |
90a5c9 |
one.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
[10/Oct/2000:13:55:36 -0700]
|
|
Packit |
90a5c9 |
(%t )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The time that the request was received.
|
|
Packit |
90a5c9 |
The format is:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
[day/month/year:hour:minute:second zone]
|
|
Packit |
90a5c9 |
day = 2*digit
|
|
Packit |
90a5c9 |
month = 3*letter
|
|
Packit |
90a5c9 |
year = 4*digit
|
|
Packit |
90a5c9 |
hour = 2*digit
|
|
Packit |
90a5c9 |
minute = 2*digit
|
|
Packit |
90a5c9 |
second = 2*digit
|
|
Packit |
90a5c9 |
zone = (`+' | `-') 4*digit
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
It is possible to have the time displayed in another format
|
|
Packit |
90a5c9 |
by specifying %{format}t in the log format
|
|
Packit |
90a5c9 |
string, where format is either as in
|
|
Packit |
90a5c9 |
strftime(3) from the C standard library,
|
|
Packit |
90a5c9 |
or one of the supported special tokens. For details see
|
|
Packit |
90a5c9 |
the mod_log_config format strings.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
"GET /apache_pb.gif HTTP/1.0"
|
|
Packit |
90a5c9 |
(\"%r\" )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The request line from the client is given in double
|
|
Packit |
90a5c9 |
quotes. The request line contains a great deal of useful
|
|
Packit |
90a5c9 |
information. First, the method used by the client is
|
|
Packit |
90a5c9 |
GET . Second, the client requested the resource
|
|
Packit |
90a5c9 |
/apache_pb.gif , and third, the client used the
|
|
Packit |
90a5c9 |
protocol HTTP/1.0 . It is also possible to log
|
|
Packit |
90a5c9 |
one or more parts of the request line independently. For
|
|
Packit |
90a5c9 |
example, the format string "%m %U%q %H " will log
|
|
Packit |
90a5c9 |
the method, path, query-string, and protocol, resulting in
|
|
Packit |
90a5c9 |
exactly the same output as "%r ".
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
200 (%>s )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This is the status code that the server sends back to the
|
|
Packit |
90a5c9 |
client. This information is very valuable, because it reveals
|
|
Packit |
90a5c9 |
whether the request resulted in a successful response (codes
|
|
Packit |
90a5c9 |
beginning in 2), a redirection (codes beginning in 3), an
|
|
Packit |
90a5c9 |
error caused by the client (codes beginning in 4), or an
|
|
Packit |
90a5c9 |
error in the server (codes beginning in 5). The full list of
|
|
Packit |
90a5c9 |
possible status codes can be found in the HTTP
|
|
Packit |
90a5c9 |
specification (RFC2616 section 10).
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
2326 (%b )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The last part indicates the size of the object returned
|
|
Packit |
90a5c9 |
to the client, not including the response headers. If no
|
|
Packit |
90a5c9 |
content was returned to the client, this value will be
|
|
Packit |
90a5c9 |
"- ". To log "0 " for no content, use
|
|
Packit |
90a5c9 |
%B instead.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Another commonly used format string is called the Combined
|
|
Packit |
90a5c9 |
Log Format. It can be used as follows.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
|
|
Packit |
90a5c9 |
CustomLog log/access_log combined
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This format is exactly the same as the Common Log Format,
|
|
Packit |
90a5c9 |
with the addition of two more fields. Each of the additional
|
|
Packit |
90a5c9 |
fields uses the percent-directive
|
|
Packit |
90a5c9 |
%{header}i , where header can be
|
|
Packit |
90a5c9 |
any HTTP request header. The access log under this format will
|
|
Packit |
90a5c9 |
look like:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
|
|
Packit |
90a5c9 |
/apache_pb.gif HTTP/1.0" 200 2326
|
|
Packit |
90a5c9 |
"http://www.example.com/start.html" "Mozilla/4.08 [en]
|
|
Packit |
90a5c9 |
(Win98; I ;Nav)"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The additional fields are:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
"http://www.example.com/start.html"
|
|
Packit |
90a5c9 |
(\"%{Referer}i\" )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The "Referer" (sic) HTTP request header. This gives the
|
|
Packit |
90a5c9 |
site that the client reports having been referred from. (This
|
|
Packit |
90a5c9 |
should be the page that links to or includes
|
|
Packit |
90a5c9 |
/apache_pb.gif ).
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
"Mozilla/4.08 [en] (Win98; I ;Nav)"
|
|
Packit |
90a5c9 |
(\"%{User-agent}i\" )
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The User-Agent HTTP request header. This is the
|
|
Packit |
90a5c9 |
identifying information that the client browser reports about
|
|
Packit |
90a5c9 |
itself.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Multiple access logs can be created simply by specifying
|
|
Packit |
90a5c9 |
multiple CustomLog
|
|
Packit |
90a5c9 |
directives in the configuration
|
|
Packit |
90a5c9 |
file. For example, the following directives will create three
|
|
Packit |
90a5c9 |
access logs. The first contains the basic CLF information,
|
|
Packit |
90a5c9 |
while the second and third contain referer and browser
|
|
Packit |
90a5c9 |
information. The last two CustomLog lines show how
|
|
Packit |
90a5c9 |
to mimic the effects of the ReferLog and AgentLog directives.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
Packit |
90a5c9 |
CustomLog logs/access_log common
|
|
Packit |
90a5c9 |
CustomLog logs/referer_log "%{Referer}i -> %U"
|
|
Packit |
90a5c9 |
CustomLog logs/agent_log "%{User-agent}i"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This example also shows that it is not necessary to define a
|
|
Packit |
90a5c9 |
nickname with the LogFormat directive. Instead,
|
|
Packit |
90a5c9 |
the log format can be specified directly in the CustomLog directive.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
There are times when it is convenient to exclude certain
|
|
Packit |
90a5c9 |
entries from the access logs based on characteristics of the
|
|
Packit |
90a5c9 |
client request. This is easily accomplished with the help of environment variables. First, an
|
|
Packit |
90a5c9 |
environment variable must be set to indicate that the request
|
|
Packit |
90a5c9 |
meets certain conditions. This is usually accomplished with
|
|
Packit |
90a5c9 |
SetEnvIf . Then the
|
|
Packit |
90a5c9 |
env= clause of the CustomLog directive is used to
|
|
Packit |
90a5c9 |
include or exclude requests where the environment variable is
|
|
Packit |
90a5c9 |
set. Some examples:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
# Mark requests from the loop-back interface
|
|
Packit |
90a5c9 |
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
|
|
Packit |
90a5c9 |
# Mark requests for the robots.txt file
|
|
Packit |
90a5c9 |
SetEnvIf Request_URI "^/robots\.txt$" dontlog
|
|
Packit |
90a5c9 |
# Log what remains
|
|
Packit |
90a5c9 |
CustomLog logs/access_log common env=!dontlog
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
As another example, consider logging requests from
|
|
Packit |
90a5c9 |
english-speakers to one log file, and non-english speakers to a
|
|
Packit |
90a5c9 |
different log file.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SetEnvIf Accept-Language "en" english
|
|
Packit |
90a5c9 |
CustomLog logs/english_log common env=english
|
|
Packit |
90a5c9 |
CustomLog logs/non_english_log common env=!english
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In a caching scenario one would want to know about
|
|
Packit |
90a5c9 |
the efficiency of the cache. A very simple method to
|
|
Packit |
90a5c9 |
find this out would be:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SetEnv CACHE_MISS 1
|
|
Packit |
90a5c9 |
LogFormat "%h %l %u %t "%r " %>s %b %{CACHE_MISS}e" common-cache
|
|
Packit |
90a5c9 |
CustomLog logs/access_log common-cache
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
mod_cache will run before
|
|
Packit |
90a5c9 |
mod_env and, when successful, will deliver the
|
|
Packit |
90a5c9 |
content without it. In that case a cache hit will log
|
|
Packit |
90a5c9 |
- , while a cache miss will log 1 .
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In addition to the env= syntax, LogFormat supports logging values
|
|
Packit |
90a5c9 |
conditional upon the HTTP response code:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogFormat "%400,501{User-agent}i" browserlog
|
|
Packit |
90a5c9 |
LogFormat "%!200,304,302{Referer}i" refererlog
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In the first example, the User-agent will be
|
|
Packit |
90a5c9 |
logged if the HTTP status code is 400 or 501. In other cases, a
|
|
Packit |
90a5c9 |
literal "-" will be logged instead. Likewise, in the second
|
|
Packit |
90a5c9 |
example, the Referer will be logged if the HTTP
|
|
Packit |
90a5c9 |
status code is not 200, 204, or 302. (Note the
|
|
Packit |
90a5c9 |
"!" before the status codes.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Although we have just shown that conditional logging is very
|
|
Packit |
90a5c9 |
powerful and flexible, it is not the only way to control the
|
|
Packit |
90a5c9 |
contents of the logs. Log files are more useful when they
|
|
Packit |
90a5c9 |
contain a complete record of server activity. It is often
|
|
Packit |
90a5c9 |
easier to simply post-process the log files to remove requests
|
|
Packit |
90a5c9 |
that you do not want to consider.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
On even a moderately busy server, the quantity of
|
|
Packit |
90a5c9 |
information stored in the log files is very large. The access
|
|
Packit |
90a5c9 |
log file typically grows 1 MB or more per 10,000 requests. It
|
|
Packit |
90a5c9 |
will consequently be necessary to periodically rotate the log
|
|
Packit |
90a5c9 |
files by moving or deleting the existing logs. This cannot be
|
|
Packit |
90a5c9 |
done while the server is running, because Apache httpd will continue
|
|
Packit |
90a5c9 |
writing to the old log file as long as it holds the file open.
|
|
Packit |
90a5c9 |
Instead, the server must be restarted after the log files are
|
|
Packit |
90a5c9 |
moved or deleted so that it will open new log files.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
By using a graceful restart, the server can be
|
|
Packit |
90a5c9 |
instructed to open new log files without losing any existing or
|
|
Packit |
90a5c9 |
pending connections from clients. However, in order to
|
|
Packit |
90a5c9 |
accomplish this, the server must continue to write to the old
|
|
Packit |
90a5c9 |
log files while it finishes serving old requests. It is
|
|
Packit |
90a5c9 |
therefore necessary to wait for some time after the restart
|
|
Packit |
90a5c9 |
before doing any processing on the log files. A typical
|
|
Packit |
90a5c9 |
scenario that simply rotates the logs and compresses the old
|
|
Packit |
90a5c9 |
logs to save space is:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
mv access_log access_log.old
|
|
Packit |
90a5c9 |
mv error_log error_log.old
|
|
Packit |
90a5c9 |
apachectl graceful
|
|
Packit |
90a5c9 |
sleep 600
|
|
Packit |
90a5c9 |
gzip access_log.old error_log.old
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Another way to perform log rotation is using piped logs as discussed in the next
|
|
Packit |
90a5c9 |
section.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache httpd is capable of writing error and access log
|
|
Packit |
90a5c9 |
files through a pipe to another process, rather than directly
|
|
Packit |
90a5c9 |
to a file. This capability dramatically increases the
|
|
Packit |
90a5c9 |
flexibility of logging, without adding code to the main server.
|
|
Packit |
90a5c9 |
In order to write logs to a pipe, simply replace the filename
|
|
Packit |
90a5c9 |
with the pipe character "| ", followed by the name
|
|
Packit |
90a5c9 |
of the executable which should accept log entries on its
|
|
Packit |
90a5c9 |
standard input. The server will start the piped-log process when
|
|
Packit |
90a5c9 |
the server starts, and will restart it if it crashes while the
|
|
Packit |
90a5c9 |
server is running. (This last feature is why we can refer to
|
|
Packit |
90a5c9 |
this technique as "reliable piped logging".)
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Piped log processes are spawned by the parent Apache httpd
|
|
Packit |
90a5c9 |
process, and inherit the userid of that process. This means
|
|
Packit |
90a5c9 |
that piped log programs usually run as root. It is therefore
|
|
Packit |
90a5c9 |
very important to keep the programs simple and secure.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
One important use of piped logs is to allow log rotation
|
|
Packit |
90a5c9 |
without having to restart the server. The Apache HTTP Server
|
|
Packit |
90a5c9 |
includes a simple program called rotatelogs
|
|
Packit |
90a5c9 |
for this purpose. For example, to rotate the logs every 24 hours, you
|
|
Packit |
90a5c9 |
can use:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Notice that quotes are used to enclose the entire command
|
|
Packit |
90a5c9 |
that will be called for the pipe. Although these examples are
|
|
Packit |
90a5c9 |
for the access log, the same technique can be used for the
|
|
Packit |
90a5c9 |
error log.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
As with conditional logging, piped logs are a very powerful
|
|
Packit |
90a5c9 |
tool, but they should not be used where a simpler solution like
|
|
Packit |
90a5c9 |
off-line post-processing is available.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
By default the piped log process is spawned without invoking
|
|
Packit |
90a5c9 |
a shell. Use "|$ " instead of "| "
|
|
Packit |
90a5c9 |
to spawn using a shell (usually with /bin/sh -c ):
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
# Invoke "rotatelogs" using a shell
|
|
Packit |
90a5c9 |
CustomLog "|$/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This was the default behaviour for Apache 2.2.
|
|
Packit |
90a5c9 |
Depending on the shell specifics this might lead to
|
|
Packit |
90a5c9 |
an additional shell process for the lifetime of the logging
|
|
Packit |
90a5c9 |
pipe program and signal handling problems during restart.
|
|
Packit |
90a5c9 |
For compatibility reasons with Apache 2.2 the notation
|
|
Packit |
90a5c9 |
"|| " is also supported and equivalent to using
|
|
Packit |
90a5c9 |
"| ".
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Windows note
|
|
Packit |
90a5c9 |
Note that on Windows, you may run into problems when running many piped
|
|
Packit |
90a5c9 |
logger processes, especially when HTTPD is running as a service. This is
|
|
Packit |
90a5c9 |
caused by running out of desktop heap space. The desktop heap space given
|
|
Packit |
90a5c9 |
to each service is specified by the third argument to the
|
|
Packit |
90a5c9 |
SharedSection parameter in the
|
|
Packit |
90a5c9 |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\SubSystems\Windows
|
|
Packit |
90a5c9 |
registry value. Change this value with care; the normal
|
|
Packit |
90a5c9 |
caveats for changing the Windows registry apply, but you might also exhaust
|
|
Packit |
90a5c9 |
the desktop heap pool if the number is adjusted too high.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
When running a server with many virtual
|
|
Packit |
90a5c9 |
hosts, there are several options for dealing with log
|
|
Packit |
90a5c9 |
files. First, it is possible to use logs exactly as in a
|
|
Packit |
90a5c9 |
single-host server. Simply by placing the logging directives
|
|
Packit |
90a5c9 |
outside the <VirtualHost> sections in the
|
|
Packit |
90a5c9 |
main server context, it is possible to log all requests in the
|
|
Packit |
90a5c9 |
same access log and error log. This technique does not allow
|
|
Packit |
90a5c9 |
for easy collection of statistics on individual virtual
|
|
Packit |
90a5c9 |
hosts.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If CustomLog
|
|
Packit |
90a5c9 |
or ErrorLog
|
|
Packit |
90a5c9 |
directives are placed inside a
|
|
Packit |
90a5c9 |
<VirtualHost>
|
|
Packit |
90a5c9 |
section, all requests or errors for that virtual host will be
|
|
Packit |
90a5c9 |
logged only to the specified file. Any virtual host which does
|
|
Packit |
90a5c9 |
not have logging directives will still have its requests sent
|
|
Packit |
90a5c9 |
to the main server logs. This technique is very useful for a
|
|
Packit |
90a5c9 |
small number of virtual hosts, but if the number of hosts is
|
|
Packit |
90a5c9 |
very large, it can be complicated to manage. In addition, it
|
|
Packit |
90a5c9 |
can often create problems with insufficient file
|
|
Packit |
90a5c9 |
descriptors.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For the access log, there is a very good compromise. By
|
|
Packit |
90a5c9 |
adding information on the virtual host to the log format
|
|
Packit |
90a5c9 |
string, it is possible to log all hosts to the same log, and
|
|
Packit |
90a5c9 |
later split the log into individual files. For example,
|
|
Packit |
90a5c9 |
consider the following directives.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
|
|
Packit |
90a5c9 |
CustomLog logs/access_log comonvhost
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The %v is used to log the name of the virtual
|
|
Packit |
90a5c9 |
host that is serving the request. Then a program like split-logfile can be used to
|
|
Packit |
90a5c9 |
post-process the access log in order to split it into one file
|
|
Packit |
90a5c9 |
per virtual host.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Logging actual bytes sent and received
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
mod_logio adds in two additional
|
|
Packit |
90a5c9 |
LogFormat fields
|
|
Packit |
90a5c9 |
(%I and %O) that log the actual number of bytes received and sent
|
|
Packit |
90a5c9 |
on the network.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Forensic Logging
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
mod_log_forensic provides for forensic logging of
|
|
Packit |
90a5c9 |
client requests. Logging is done before and after processing a
|
|
Packit |
90a5c9 |
request, so the forensic log contains two log lines for each
|
|
Packit |
90a5c9 |
request. The forensic logger is very strict with no customizations.
|
|
Packit |
90a5c9 |
It can be an invaluable debugging and security tool.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
On startup, Apache httpd saves the process id of the parent
|
|
Packit |
90a5c9 |
httpd process to the file logs/httpd.pid . This
|
|
Packit |
90a5c9 |
filename can be changed with the PidFile directive. The
|
|
Packit |
90a5c9 |
process-id is for use by the administrator in restarting and
|
|
Packit |
90a5c9 |
terminating the daemon by sending signals to the parent
|
|
Packit |
90a5c9 |
process; on Windows, use the -k command line option instead.
|
|
Packit |
90a5c9 |
For more information see the Stopping
|
|
Packit |
90a5c9 |
and Restarting page.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In order to aid in debugging, the
|
|
Packit |
90a5c9 |
ScriptLog directive
|
|
Packit |
90a5c9 |
allows you to record the input to and output from CGI scripts.
|
|
Packit |
90a5c9 |
This should only be used in testing - not for live servers.
|
|
Packit |
90a5c9 |
More information is available in the mod_cgi documentation.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr |
|
|
Packit |
90a5c9 |
ja |
|
|
Packit |
90a5c9 |
ko |
|
|
Packit |
90a5c9 |
tr
|
|
Packit |
90a5c9 |
Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
|
|
Packit |
90a5c9 |
<script type="text/javascript">
|
|
Packit |
90a5c9 |
var comments_shortname = 'httpd';
|
|
Packit |
90a5c9 |
var comments_identifier = 'http://httpd.apache.org/docs/2.4/logs.html';
|
|
Packit |
90a5c9 |
(function(w, d) {
|
|
Packit |
90a5c9 |
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
var s = d.createElement('script');
|
|
Packit |
90a5c9 |
s.type = 'text/javascript';
|
|
Packit |
90a5c9 |
s.async = true;
|
|
Packit |
90a5c9 |
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
|
|
Packit |
90a5c9 |
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
})(window, document);
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
Copyright 2018 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap <script type="text/javascript">
|
|
Packit |
90a5c9 |
if (typeof(prettyPrint) !== 'undefined') {
|
|
Packit |
90a5c9 |
prettyPrint();
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
</body></html>
|