This module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request.
Three directives are provided by this module:
The format argument to the
The characteristics of the request itself are logged by
placing "%
" directives in the format string, which are
replaced in the log file by the values as follows:
Format String | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
%% |
The percent sign. | ||||||||||
%a |
Client IP address of the request (see the
| ||||||||||
%{c}a |
Underlying peer IP address of the connection (see the
| ||||||||||
%A |
Local IP-address. | ||||||||||
%B |
Size of response in bytes, excluding HTTP headers. | ||||||||||
%b |
Size of response in bytes, excluding HTTP headers. In CLF format, i.e.
a '- ' rather than a 0 when no bytes are sent. | ||||||||||
%{VARNAME}C |
The contents of cookie VARNAME in the request sent to the server. Only version 0 cookies are fully supported. | ||||||||||
%D |
The time taken to serve the request, in microseconds. See %T for details. | ||||||||||
%{VARNAME}e |
The contents of the environment variable VARNAME. | ||||||||||
%f |
Filename. | ||||||||||
%h |
Remote hostname. Will log the IP address if Off , which is the default. If it logs the hostname
for only a few hosts, you probably have access control
directives mentioning them by name. See the Require host
documentation. This format is affected by modifications to the
remote hostname by modules like | ||||||||||
%{c}h |
Like %h , but always reports on the hostname of the
underlying TCP connection and not any modifications to the
remote hostname by modules like | ||||||||||
%H |
The request protocol. | ||||||||||
%{VARNAME}i |
The contents of VARNAME: header line(s)
in the request sent to the server. Changes made by other
modules (e.g. %{VARNAME}e described
above.
| ||||||||||
%k |
Number of keepalive requests handled on this connection. Interesting if
| ||||||||||
%l |
Remote logname (from identd, if supplied). This will return a
dash unless On . | ||||||||||
%L |
The request log ID from the error log (or '-' if nothing has been logged to the error log for this request). Look for the matching error log line to see what request caused what error. | ||||||||||
%{c}L |
The connection log ID from the error log (or '-' if nothing has been logged to the error log for this request). Look for the matching error log line to see what request caused what error. | ||||||||||
%m |
The request method. | ||||||||||
%{VARNAME}n |
The contents of note VARNAME from another module. | ||||||||||
%{VARNAME}o |
The contents of VARNAME: header line(s)
in the reply. | ||||||||||
%p |
The canonical port of the server serving the request. | ||||||||||
%{format}p |
The canonical port of the server serving the request, or the
server's actual port, or the client's actual port. Valid formats
are canonical , local , or remote .
| ||||||||||
%P |
The process ID of the child that serviced the request. | ||||||||||
%{format}P |
The process ID or thread ID of the child that serviced the
request. Valid formats are pid , tid ,
and hextid . hextid requires APR 1.2.0 or
higher.
| ||||||||||
%q |
The query string (prepended with a ? if a query
string exists, otherwise an empty string). | ||||||||||
%r |
First line of request. | ||||||||||
%R |
The handler generating the response (if any). | ||||||||||
%s |
Status. For requests that have been internally redirected, this is
the status of the original request. Use %>s
for the final status. | ||||||||||
%t |
Time the request was received, in the format [18/Sep/2011:19:18:28 -0400] .
The last number indicates the timezone offset from GMT | ||||||||||
%{format}t |
The time, in the form given by format, which should be in
an extended strftime(3) format (potentially localized).
If the format starts with begin: (default) the time is taken
at the beginning of the request processing. If it starts with
end: it is the time when the log entry gets written,
close to the end of the request processing. In addition to the formats
supported by strftime(3) , the following format tokens are
supported:
strftime(3)
formatting in the same format string. You can use multiple
%{format}t tokens instead.
| ||||||||||
%T |
The time taken to serve the request, in seconds. The time measured begins when the first line of the HTTP request is read from the host operating system by the HTTP server and ends when the last byte of the response is written by the HTTP server to the host operating system. The time measured does not include any of the following:
| ||||||||||
%{UNIT}T |
The time taken to serve the request, in a time unit given by
UNIT . Valid units are ms for milliseconds,
us for microseconds, and s for seconds.
Using s gives the same result as %T
without any format; using us gives the same result
as %D . Combining %T with a unit is
available in 2.4.13 and later. | ||||||||||
%u |
Remote user if the request was authenticated. May be bogus if return status
(%s ) is 401 (unauthorized). | ||||||||||
%U |
The URL path requested, not including any query string. | ||||||||||
%v |
The canonical | ||||||||||
%V |
The server name according to the | ||||||||||
%X |
Connection status when response is completed:
| ||||||||||
%I |
Bytes received, including request and headers. Cannot be zero.
You need to enable | ||||||||||
%O |
Bytes sent, including headers. May be zero in rare cases
such as when a request is aborted before a response is sent.
You need to enable | ||||||||||
%S |
Bytes transferred (received and sent), including request and headers,
cannot be zero. This is the combination of %I and %O. You need to
enable | ||||||||||
%{VARNAME}^ti |
The contents of VARNAME: trailer line(s)
in the request sent to the server. | ||||||||||
%{VARNAME}^to |
The contents of VARNAME: trailer line(s)
in the response sent from the server. |
Particular items can be restricted to print only for
responses with specific HTTP status codes by placing a
comma-separated list of status codes immediately following the
"%". The status code list may be preceded by a "!
" to
indicate negation.
Format String | Meaning |
---|---|
%400,501{User-agent}i |
Logs User-agent on 400 errors and 501 errors only. For
other status codes, the literal string "-" will be
logged. |
%!200,304,302{Referer}i |
Logs Referer on all requests that do
not return one of the three specified codes,
"- " otherwise.
|
The modifiers "<" and ">" can be used for requests that
have been internally redirected to choose whether the original
or final (respectively) request should be consulted. By
default, the %
directives %s, %U, %T,
%D,
and %r
look at the original request
while all others look at the final request. So for example,
%>s
can be used to record the final status of
the request and %<u
can be used to record the
original authenticated user on a request that is internally
redirected to an unauthenticated resource.
For security reasons, starting with version 2.0.46,
non-printable and other special characters in %r
,
%i
and %o
are escaped using
\xhh
sequences, where hh
stands for the hexadecimal representation of the raw
byte. Exceptions from this rule are "
and
\
, which are escaped by prepending a backslash, and
all whitespace characters, which are written in their C-style
notation (\n
, \t
, etc). In versions
prior to 2.0.46, no escaping was performed on these strings so
you had to be quite careful when dealing with raw log files.
Since httpd 2.0, unlike 1.3, the %b
and
%B
format strings do not represent the number of
bytes sent to the client, but simply the size in bytes of the
HTTP response (which will differ, for instance, if the
connection is aborted, or if SSL is used). The %O
format provided by
Note: %R
format string will not return any handler
information when content caching is involved.
Note: The '^' character at the start of three-character formats has no significance, but it must be the first character of any newly added three-character format to avoid potential conflicts with log formats that use literals adjacent to a format specifier, such as "%Dus".
Some commonly used log format strings are:
"%h %l %u %t \"%r\" %>s %b"
"%v %h %l %u %t \"%r\" %>s %b"
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""
"%{Referer}i -> %U"
"%{User-agent}i"
You can use the %{format}t
directive multiple
times to build up a time format using the extended format tokens
like msec_frac
:
"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"
See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.
The
The
The first argument, which specifies the location to which the logs will be written, can take one of the following two types of values:
|
", followed by the path
to a program to receive the log information on its standard
input. See the notes on piped logs
for more information.
If a program is used, then it will be run as the user who
started
When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.
The second argument specifies what will be written to the
log file. It can specify either a nickname defined by
a previous
For example, the following two sets of directives have exactly the same effect:
The third argument is optional and controls whether or
not to log a particular request. The condition can be the
presence or absence (in the case of a 'env=!name
'
clause) of a particular variable in the server
environment. Alternatively, the condition
can be expressed as arbitrary boolean expression. If the condition is not satisfied, the request
will not be logged. References to HTTP headers in the expression
will not cause the header names to be added to the Vary header.
Environment variables can be set on a per-request
basis using the
Or, to reproduce the behavior of the old RefererIgnore directive, you might use the following:
This directive specifies the format of the access log file.
The
The second form of the %
).
This directive has exactly the same arguments and effect as
the
The
The