Logging

Apache provides logging for just about any web access information you might be interested in. Logging can help with

• System resource management, by tracking usage

• Intrusion detection, by documenting bad HTTP requests

• Diagnostics, by recording errors in processing requests

Two standard log files are generated when you run your Apache server: access_iog and error_iog. They are found under the /var/iog/httpd directory. (Others include the SSL logs ssi_access_iog, ssi_error_iog and ssi_request_iog.) All logs except for the error_iog (by default, this is just the access_iog) are generated in a format specified by the customLog and LogFormat directives. These directives appear in your httpd.conf file.

A new log format can be defined with the LogFormat directive:

LogFormat "%h %i %u %t \"%r\" %>s %b" common

The common log format is a good starting place for creating your own custom log formats. Note that most of the available log analysis tools assume you're using the common log format or the combined log formatboth of which are defined in the default configuration files.

The following variables are available for LogFormat statements:

%a Remote IP address.

%a Local IP address.

%b Bytes sent, excluding HTTP headers. This is shown in Apache's Combined Log Format

(CLF). For a request without any data content, a - is shown instead of 0.

%b Bytes sent, excluding HTTP headers.

%{VARiABLE}e The contents of the environment variable variable.

%f The filename of the output log.

%h Remote host.

%h Request protocol.

%{HEADER}i The contents of header; header line(s) in the request sent to the server.

%i Remote log name (from identd, if supplied).

i{NOTE}n O{HEADERjo ip iP

Request method.

The contents of note note from another module. The contents of header; header line(s) in the reply. The canonical port of the server serving the request. The process ID of the child that serviced the request.

The contents of the query string, prepended with a ? character. If there's no query string, this evaluates to an empty string.

The first line of request.

Status. For requests that were internally redirected, this is the status of the original request%>s for the last.

The time, in common log time format.

The time, in the form given by format, which should be in strftime(3) format. See the section "Basic SSI Directives" later in this chapter for a complete list of available formatting options.

The seconds taken to serve the request.

Remote user from auth; this might be bogus if the return status (%s) is 401. The URL path requested.

The server name according to the usecanonicaiName directive. The canonical serverName of the server serving the request.

You can put a conditional in front of each variable to determine whether the variable is displayed. If the variable isn't displayed, - is displayed instead. These conditionals are in the form of a list of numerical return values. For example, %!40iu displays the value of remote_user unless the return code is 401.

You can then specify the location and format of a log file using the customLog directive:

CustomLog logs/access_log common

If it is not specified as an absolute path, the location of the log file is assumed to be relative to the

ServerRoot.

4 PREV

Was this article helpful?

0 0

Post a comment