Apache HTTP Server Version 2.0
This document refers to the 2.0 version of Apache httpd, which is no longer maintained. Upgrade, and refer to the current version of httpd instead, documented at:
You may follow this link to go to the current version of this document.
Description: | Logging of the requests made to the server |
---|---|
Status: | Base |
Module Identifier: | log_config_module |
Source File: | mod_log_config.c |
This module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request.
Three directives are provided by this module:
TransferLog
to create
a log file, LogFormat
to set a custom format, and CustomLog
to define a log file and format in one
step. The TransferLog
and CustomLog
directives can be used multiple times in each
server to cause each request to be logged to multiple files.
The format argument to the LogFormat
and CustomLog
directives is a string. This string is
used to log each request to the log file. It can contain literal
characters copied into the log files and the C-style control
characters "\n" and "\t" to represent new-lines and tabs.
Literal quotes and backslashes should be escaped with
backslashes.
The characteristics of the request itself are logged by
placing "%
" directives in the format string, which are
replaced in the log file by the values as follows:
Format String | Description | ||||||
---|---|---|---|---|---|---|---|
%% |
The percent sign (Apache 2.0.44 and later) | ||||||
%...a |
Remote IP-address | ||||||
%...A |
Local IP-address | ||||||
%...B |
Size of response in bytes, excluding HTTP headers. | ||||||
%...b |
Size of response in bytes, excluding HTTP headers. In CLF format, i.e.
a '- ' rather than a 0 when no bytes are sent. | ||||||
%...{Foobar}C |
The contents of cookie Foobar in the request sent to the server. | ||||||
%...D |
The time taken to serve the request, in microseconds. | ||||||
%...{FOOBAR}e |
The contents of the environment variable FOOBAR | ||||||
%...f |
Filename | ||||||
%...h |
Remote host | ||||||
%...H |
The request protocol | ||||||
%...{Foobar}i |
The contents of Foobar: header line(s)
in the request sent to the server. Changes made by other
modules (e.g. mod_headers ) affect this.
| ||||||
%...l |
Remote logname (from identd, if supplied). This will return a
dash unless IdentityCheck is set
On . | ||||||
%...m |
The request method | ||||||
%...{Foobar}n |
The contents of note Foobar from another module. | ||||||
%...{Foobar}o |
The contents of Foobar: header line(s)
in the reply. | ||||||
%...p |
The canonical port of the server serving the request | ||||||
%...P |
The process ID of the child that serviced the request. | ||||||
%...{format}P |
The process ID or thread id of the child that serviced the
request. Valid formats are pid and tid .
(Apache 2.0.46 and later)
| ||||||
%...q |
The query string (prepended with a ? if a query
string exists, otherwise an empty string) | ||||||
%...r |
First line of request | ||||||
%...s |
Status. For requests that got internally redirected, this is
the status of the *original* request --- %...>s
for the last. | ||||||
%...t |
Time the request was received (standard english format) | ||||||
%...{format}t |
The time, in the form given by format, which should be in
strftime(3) format. (potentially localized) | ||||||
%...T |
The time taken to serve the request, in seconds. | ||||||
%...u |
Remote user (from auth; may be bogus if return status
(%s ) is 401) | ||||||
%...U |
The URL path requested, not including any query string. | ||||||
%...v |
The canonical ServerName
of the server serving the request. | ||||||
%...V |
The server name according to the UseCanonicalName setting. | ||||||
%...X |
Connection status when response is completed:
(This directive was | ||||||
%...I |
Bytes received, including request and headers, cannot be zero.
You need to enable mod_logio to use this. | ||||||
%...O |
Bytes sent, including headers, cannot be zero. You need to
enable mod_logio to use this. |
The "..." can be nothing at all (e.g.,
"%h %u %r %s %b"
), or it can indicate conditions for
inclusion of the item (which will cause it to be replaced with "-" if
the condition is not met). The forms of condition are a list of
HTTP status codes, which may or may not be preceded by "!".
Thus, "%400,501{User-agent}i" logs User-agent:
on 400
errors and 501 errors (Bad Request, Not Implemented) only;
"%!200,304,302{Referer}i" logs Referer:
on all requests
which did not return some sort of normal status.
The modifiers "<" and ">" can be used for requests that
have been internally redirected to choose whether the original or
final (respectively) request should be consulted. By default, the
%
directives %s, %U, %T, %D,
and
%r
look at the original request while all others look
at the final request. So for example, %>s
can be
used to record the final status of the request and
%<u
can be used to record the original
authenticated user on a request that is internally redirected to an
unauthenticated resource.
Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from %...r
, %...i
and
%...o
. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.
For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
\xhh
sequences, where hh stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are "
and \
which are escaped by prepending
a backslash, and all whitespace characters which are written in their
C-style notation (\n
, \t
etc).
Note that in httpd 2.0, unlike 1.3, the %b
and
%B
format strings do not represent the number of
bytes sent to the client, but simply the size in bytes of the HTTP
response (which will differ, for instance, if the connection is
aborted, or if SSL is used). The %O
format provided
by mod_logio
will log the actual number of bytes
sent over the network.
Some commonly used log format strings are:
"%h %l %u %t \"%r\" %>s %b"
"%v %h %l %u %t \"%r\" %>s %b"
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""
"%{Referer}i -> %U"
"%{User-agent}i"
Note that the canonical ServerName
and Listen
of the server serving the
request are used for %v
and %p
respectively. This happens regardless of the UseCanonicalName
setting
because otherwise log analysis programs would have to duplicate
the entire vhost matching algorithm in order to decide what
host really served the request.
See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.
Description: | Buffer log entries in memory before writing to disk |
---|---|
Syntax: | BufferedLogs On|Off |
Default: | BufferedLogs Off |
Context: | server config |
Status: | Base |
Module: | mod_log_config |
Compatibility: | Available in versions 2.0.41 and later. |
The BufferedLogs
directive causes
mod_log_config
to store several log entries in
memory and write them together to disk, rather than writing them
after each request. On some systems, this may result in more
efficient disk access and hence higher performance. It may be
set only once for the entire server; it cannot be configured
per virtual-host.
Description: | Sets filename for the logging of cookies |
---|---|
Syntax: | CookieLog filename |
Context: | server config, virtual host |
Status: | Base |
Module: | mod_log_config |
Compatibility: | This directive is deprecated. |
The CookieLog
directive sets the
filename for logging of cookies. The filename is relative to the
ServerRoot
. This directive is
included only for compatibility with mod_cookies
,
and is deprecated.
Description: | Sets filename and format of log file |
---|---|
Syntax: | CustomLog file|pipe
format|nickname
[env=[!]environment-variable] |
Context: | server config, virtual host |
Status: | Base |
Module: | mod_log_config |
The CustomLog
directive is used to
log requests to the server. A log format is specified, and the
logging can optionally be made conditional on request
characteristics using environment variables.
The first argument, which specifies the location to which the logs will be written, can take one of the following two types of values:
ServerRoot
.|
", followed by the path
to a program to receive the log information on its standard
input.
If a program is used, then it will be run as the user who
started httpd
. This will be root if the server was
started by root; be sure that the program is secure.
When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.
The second argument specifies what will be written to the
log file. It can specify either a nickname defined by
a previous LogFormat
directive, or it can be an explicit format string as
described in the log formats section.
For example, the following two sets of directives have exactly the same effect:
# CustomLog with format nickname
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common
# CustomLog with explicit format string
CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
The third argument is optional and controls whether or
not to log a particular request based on the
presence or absence of a particular variable in the server
environment. If the specified environment
variable is set for the request (or is not set, in the case
of a 'env=!name
' clause), then the
request will be logged.
Environment variables can be set on a per-request
basis using the mod_setenvif
and/or mod_rewrite
modules. For
example, if you want to record requests for all GIF
images on your server in a separate logfile but not in your main
log, you can use:
SetEnvIf Request_URI \.gif$ gif-image
CustomLog gif-requests.log common env=gif-image
CustomLog nongif-requests.log common env=!gif-image
Or, to reproduce the behavior of the old RefererIgnore directive, you might use the following:
SetEnvIf Referer example\.com localreferer
CustomLog referer.log referer env=!localreferer
Description: | Describes a format for use in a log file |
---|---|
Syntax: | LogFormat format|nickname
[nickname] |
Default: | LogFormat "%h %l %u %t \"%r\" %>s %b" |
Context: | server config, virtual host |
Status: | Base |
Module: | mod_log_config |
This directive specifies the format of the access log file.
The LogFormat
directive can take one of two
forms. In the first form, where only one argument is specified,
this directive sets the log format which will be used by logs
specified in subsequent TransferLog
directives. The single argument can specify an explicit
format as discussed in the custom log
formats section above. Alternatively, it can use a
nickname to refer to a log format defined in a
previous LogFormat
directive as described
below.
The second form of the LogFormat
directive associates an explicit format with a
nickname. This nickname can then be used in
subsequent LogFormat
or
CustomLog
directives
rather than repeating the entire format string. A
LogFormat
directive that defines a nickname
does nothing else -- that is, it only
defines the nickname, it doesn't actually apply the format and make
it the default. Therefore, it will not affect subsequent
TransferLog
directives.
In addition, LogFormat
cannot use one nickname
to define another nickname. Note that the nickname should not contain
percent signs (%
).
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
Description: | Specify location of a log file |
---|---|
Syntax: | TransferLog file|pipe |
Context: | server config, virtual host |
Status: | Base |
Module: | mod_log_config |
This directive has exactly the same arguments and effect as
the CustomLog
directive, with the exception that it does not allow the log format
to be specified explicitly or for conditional logging of requests.
Instead, the log format is determined by the most recently specified
LogFormat
directive
which does not define a nickname. Common Log Format is used if no
other format has been specified.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
TransferLog logs/access_log