This module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request.
Three directives are provided by this module:
The format argument to the
The characteristics of the request itself are logged by
placing "%" directives in the format string, which are
replaced in the log file by the values as follows:
| Format String | Description | ||||||
|---|---|---|---|---|---|---|---|
%% |
The percent sign | ||||||
%...a |
Remote IP-address | ||||||
%...A |
Local IP-address | ||||||
%...B |
Bytes sent, excluding HTTP headers. | ||||||
%...b |
Bytes sent, excluding HTTP headers. In CLF format, i.e.
a '-' rather than a 0 when no bytes are sent. | ||||||
%...{Foobar}C |
The contents of cookie Foobar in the request sent to the server. | ||||||
%...D |
The time taken to serve the request, in microseconds. | ||||||
%...{FOOBAR}e |
The contents of the environment variable FOOBAR | ||||||
%...f |
Filename | ||||||
%...h |
Remote host | ||||||
%...H |
The request protocol | ||||||
%...{Foobar}i |
The contents of Foobar: header line(s)
in the request sent to the server. | ||||||
%...l |
Remote logname (from identd, if supplied). This will return a
dash unless On. | ||||||
%...m |
The request method | ||||||
%...{Foobar}n |
The contents of note Foobar from another module. | ||||||
%...{Foobar}o |
The contents of Foobar: header line(s)
in the reply. | ||||||
%...p |
The canonical port of the server serving the request | ||||||
%...P |
The process ID of the child that serviced the request. | ||||||
%...{format}P |
The process ID or thread id of the child that serviced the
request. Valid formats are pid and tid.
| ||||||
%...q |
The query string (prepended with a ? if a query
string exists, otherwise an empty string) | ||||||
%...r |
First line of request | ||||||
%...s |
Status. For requests that got internally redirected, this is
the status of the *original* request --- %...>s
for the last. | ||||||
%...t |
Time, in common log format time format (standard english format) | ||||||
%...{format}t |
The time, in the form given by format, which should be in
strftime(3) format. (potentially localized) | ||||||
%...T |
The time taken to serve the request, in seconds. | ||||||
%...u |
Remote user (from auth; may be bogus if return status
(%s) is 401) | ||||||
%...U |
The URL path requested, not including any query string. | ||||||
%...v |
The canonical | ||||||
%...V |
The server name according to the | ||||||
%...X |
Connection status when response is completed:
(This directive was | ||||||
%...I |
Bytes received, including request and headers, cannot be zero.
You need to enable | ||||||
%...O |
Bytes sent, including headers, cannot be zero. You need to
enable |
The "..." can be nothing at all (e.g.,
"%h %u %r %s %b"), or it can indicate conditions for
inclusion of the item (which will cause it to be replaced with "-" if
the condition is not met). The forms of condition are a list of
HTTP status codes, which may or may not be preceded by "!".
Thus, "%400,501{User-agent}i" logs User-agent: on 400
errors and 501 errors (Bad Request, Not Implemented) only;
"%!200,304,302{Referer}i" logs Referer: on all requests
which did not return some sort of normal status.
Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from %...r, %...i and
%...o. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.
For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
\xhh sequences, where hh stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are " and \ which are escaped by prepending
a backslash, and all whitespace characters which are written in their
C-style notation (\n, \t etc).
Some commonly used log format strings are:
"%h %l %u %t \"%r\" %>s %b""%v %h %l %u %t \"%r\" %>s %b""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\"""%{Referer}i -> %U""%{User-agent}i"Note that the canonical %v and %p
respectively. This happens regardless of the
See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.
The mod_cookies,
and is deprecated.
The
The first argument, which specifies the location to which the logs will be written, can take one of the following two types of values:
|", followed by the path
to a program to receive the log information on its standard
input.
If a program is used, then it will be run as the user who started httpd. This will be root if the server was started by root; be sure that the program is secure.
When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.
The second argument specifies what will be written to the
log file. It can specify either a nickname defined by
a previous
For example, the following two sets of directives have exactly the same effect:
The third argument is optional and controls whether or
not to log a particular request based on the
presence or absence of a particular variable in the server
environment. If the specified environment
variable is set for the request (or is not set, in the case
of a 'env=!name' clause), then the
request will be logged.
Environment variables can be set on a per-request
basis using the
This directive specifies the format of the access log file.
The
The second form of the %).
This directive has exactly the same arguments and effect as
the