1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
|
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->
<!--
Copyright 2002-2005 The Apache Software Foundation or its licensors,
as applicable.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<modulesynopsis metafile="mod_log_config.xml.meta">
<name>mod_log_config</name>
<description>Logging of the requests made to the server</description>
<status>Base</status>
<sourcefile>mod_log_config.c</sourcefile>
<identifier>log_config_module</identifier>
<summary>
<p>This module provides for flexible logging of client
requests. Logs are written in a customizable format, and may be
written directly to a file, or to an external program.
Conditional logging is provided so that individual requests may
be included or excluded from the logs based on characteristics
of the request.</p>
<p>Three directives are provided by this module:
<directive module="mod_log_config">TransferLog</directive> to create
a log file, <directive module="mod_log_config">LogFormat</directive>
to set a custom format, and <directive module="mod_log_config"
>CustomLog</directive> to define a log file and format in one
step. The <directive>TransferLog</directive> and <directive
>CustomLog</directive> directives can be used multiple times in each
server to cause each request to be logged to multiple files.</p>
</summary>
<seealso><a href="../logs.html">Apache Log Files</a></seealso>
<section id="formats"><title>Custom Log Formats</title>
<p>The format argument to the <directive module="mod_log_config"
>LogFormat</directive> and <directive module="mod_log_config"
>CustomLog</directive> directives is a string. This string is
used to log each request to the log file. It can contain literal
characters copied into the log files and the C-style control
characters "\n" and "\t" to represent new-lines and tabs.
Literal quotes and back-slashes should be escaped with
back-slashes.</p>
<p>The characteristics of the request itself are logged by
placing "<code>%</code>" directives in the format string, which are
replaced in the log file by the values as follows:</p>
<table border="1" style="zebra">
<columnspec><column width=".2"/><column width=".8"/></columnspec>
<tr><th>Format String</th>
<th>Description</th></tr>
<tr><td><code>%%</code></td>
<td>The percent sign</td></tr>
<tr><td><code>%...a</code></td>
<td>Remote IP-address</td></tr>
<tr><td><code>%...A</code></td>
<td>Local IP-address</td></tr>
<tr><td><code>%...B</code></td>
<td>Size of response in bytes, excluding HTTP headers.</td></tr>
<tr><td><code>%...b</code></td>
<td>Size of response in bytes, excluding HTTP headers. In CLF format, <em>i.e.</em>
a '<code>-</code>' rather than a 0 when no bytes are sent.</td></tr>
<tr><td><code>%...{<var>Foobar</var>}C</code></td>
<td>The contents of cookie <var>Foobar</var> in the request sent
to the server.</td></tr>
<tr><td><code>%...D</code></td>
<td>The time taken to serve the request, in microseconds.</td></tr>
<tr><td><code>%...{<var>FOOBAR</var>}e</code></td>
<td>The contents of the environment variable
<var>FOOBAR</var></td></tr>
<tr><td><code>%...f</code></td>
<td>Filename</td></tr>
<tr><td><code>%...h</code></td>
<td>Remote host</td></tr>
<tr><td><code>%...H</code></td>
<td>The request protocol</td></tr>
<tr><td><code>%...{<var>Foobar</var>}i</code></td>
<td>The contents of <code><var>Foobar</var>:</code> header line(s)
in the request sent to the server.</td></tr>
<tr><td><code>%...l</code></td>
<td>Remote logname (from identd, if supplied). This will return a
dash unless <module>mod_ident</module> is present and <directive
module="mod_ident">IdentityCheck</directive> is set
<code>On</code>.</td></tr>
<tr><td><code>%...m</code></td>
<td>The request method</td></tr>
<tr><td><code>%...{<var>Foobar</var>}n</code></td>
<td>The contents of note <var>Foobar</var> from another
module.</td></tr>
<tr><td><code>%...{<var>Foobar</var>}o</code></td>
<td>The contents of <code><var>Foobar</var>:</code> header line(s)
in the reply.</td></tr>
<tr><td><code>%...p</code></td>
<td>The canonical port of the server serving the request</td></tr>
<tr><td><code>%...P</code></td>
<td>The process ID of the child that serviced the request.</td></tr>
<tr><td><code>%...{<var>format</var>}P</code></td>
<td>The process ID or thread id of the child that serviced the
request. Valid formats are <code>pid</code> and <code>tid</code>.
</td></tr>
<tr><td><code>%...q</code></td>
<td>The query string (prepended with a <code>?</code> if a query
string exists, otherwise an empty string)</td></tr>
<tr><td><code>%...r</code></td>
<td>First line of request</td></tr>
<tr><td><code>%...s</code></td>
<td>Status. For requests that got internally redirected, this is
the status of the *original* request --- <code>%...>s</code>
for the last.</td></tr>
<tr><td><code>%...t</code></td>
<td>Time, in common log format time format (standard english
format)</td></tr>
<tr><td><code>%...{<var>format</var>}t</code></td>
<td>The time, in the form given by format, which should be in
<code>strftime(3)</code> format. (potentially localized)</td></tr>
<tr><td><code>%...T</code></td>
<td>The time taken to serve the request, in seconds.</td></tr>
<tr><td><code>%...u</code></td>
<td>Remote user (from auth; may be bogus if return status
(<code>%s</code>) is 401)</td></tr>
<tr><td><code>%...U</code></td>
<td>The URL path requested, not including any query string.</td></tr>
<tr><td><code>%...v</code></td>
<td>The canonical <directive module="core">ServerName</directive>
of the server serving the request.</td></tr>
<tr><td><code>%...V</code></td>
<td>The server name according to the <directive module="core"
>UseCanonicalName</directive> setting.</td></tr>
<tr><td><code>%...X</code></td>
<td>Connection status when response is completed:
<table>
<columnspec><column width=".2"/><column width=".6"/></columnspec>
<tr><td><code>X</code> =</td>
<td>connection aborted before the response completed.</td></tr>
<tr><td><code>+</code> =</td>
<td>connection may be kept alive after the response is
sent.</td></tr>
<tr><td><code>-</code> = </td>
<td>connection will be closed after the response is
sent.</td></tr>
</table>
<p>(This directive was <code>%...c</code> in late versions of Apache
1.3, but this conflicted with the historical ssl
<code>%...{<var>var</var>}c</code> syntax.)</p></td></tr>
<tr><td><code>%...I</code></td>
<td>Bytes received, including request and headers, cannot be zero.
You need to enable <module>mod_logio</module> to use this.</td></tr>
<tr><td><code>%...O</code></td>
<td>Bytes sent, including headers, cannot be zero. You need to
enable <module>mod_logio</module> to use this.</td></tr>
</table>
<p>The "<var>...</var>" can be nothing at all (<em>e.g.</em>,
<code>"%h %u %r %s %b"</code>), or it can indicate conditions for
inclusion of the item (which will cause it to be replaced with "-" if
the condition is not met). The forms of condition are a list of
HTTP status codes, which may or may not be preceded by "!".
Thus, "%400,501{User-agent}i" logs <code>User-agent:</code> on 400
errors and 501 errors (Bad Request, Not Implemented) only;
"%!200,304,302{Referer}i" logs <code>Referer:</code> on all requests
which did <em>not</em> return some sort of normal status.</p>
<p>The modifiers "<" and ">" can be used for requests that
have been internally redirected to choose whether the original or
final (respectively) request should be consulted. By default, the
<code>%</code> directives <code>%s, %U, %T, %D,</code> and
<code>%r</code> look at the original request while all others look
at the final request. So for example, <code>%>s</code> can be
used to record the final status of the request and
<code>%<u</code> can be used to record the original
authenticated user on a request that is internally redirected to an
unauthenticated resource.</p>
<p>Note that in httpd 2.0 versions prior to 2.0.46, no escaping was performed
on the strings from <code>%...r</code>, <code>%...i</code> and
<code>%...o</code>. This was mainly to comply with the requirements of
the Common Log Format. This implied that clients could insert control
characters into the log, so you had to be quite careful when dealing
with raw log files.</p>
<p>For security reasons, starting with 2.0.46, non-printable and
other special characters are escaped mostly by using
<code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
the hexadecimal representation of the raw byte. Exceptions from this
rule are <code>"</code> and <code>\</code> which are escaped by prepending
a backslash, and all whitespace characters which are written in their
C-style notation (<code>\n</code>, <code>\t</code> etc).</p>
<p>Note that in httpd 2.0, unlike 1.3, the <code>%b</code> and
<code>%B</code> format strings do not represent the number of
bytes sent to the client, but simply the size in bytes of the HTTP
response (which will differ, for instance, if the connection is
aborted, or if SSL is used). The <code>%O</code> format provided
by <module>mod_logio</module> will log the actual number of bytes
sent over the network.</p>
<p>Some commonly used log format strings are:</p>
<dl>
<dt>Common Log Format (CLF)</dt>
<dd><code>"%h %l %u %t \"%r\" %>s %b"</code></dd>
<dt>Common Log Format with Virtual Host</dt>
<dd><code>"%v %h %l %u %t \"%r\" %>s %b"</code></dd>
<dt>NCSA extended/combined log format</dt>
<dd><code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""</code></dd>
<dt>Referer log format</dt>
<dd><code>"%{Referer}i -> %U"</code></dd>
<dt>Agent (Browser) log format</dt>
<dd><code>"%{User-agent}i"</code></dd>
</dl>
<p>Note that the canonical <directive module="core"
>ServerName</directive> and <directive module="mpm_common"
>Listen</directive> of the server serving the
request are used for <code>%v</code> and <code>%p</code>
respectively. This happens regardless of the <directive
module="core">UseCanonicalName</directive> setting
because otherwise log analysis programs would have to duplicate
the entire vhost matching algorithm in order to decide what
host really served the request.</p>
</section>
<section id="security"><title>Security Considerations</title>
<p>See the <a
href="../misc/security_tips.html#serverroot">security tips</a>
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</p>
</section>
<directivesynopsis>
<name>CookieLog</name>
<description>Sets filename for the logging of cookies</description>
<syntax>CookieLog <var>filename</var></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<compatibility>This directive is deprecated.</compatibility>
<usage>
<p>The <directive>CookieLog</directive> directive sets the
filename for logging of cookies. The filename is relative to the
<directive module="core">ServerRoot</directive>. This directive is
included only for compatibility with <code>mod_cookies</code>,
and is deprecated.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>CustomLog</name>
<description>Sets filename and format of log file</description>
<syntax>CustomLog <var>file</var>|<var>pipe</var>
<var>format</var>|<var>nickname</var>
[env=[!]<var>environment-variable</var>]</syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<usage>
<p>The <directive>CustomLog</directive> directive is used to
log requests to the server. A log format is specified, and the
logging can optionally be made conditional on request
characteristics using environment variables.</p>
<p>The first argument, which specifies the location to which
the logs will be written, can take one of the following two
types of values:</p>
<dl>
<dt><var>file</var></dt>
<dd>A filename, relative to the <directive module="core"
>ServerRoot</directive>.</dd>
<dt><var>pipe</var></dt>
<dd>The pipe character "<code>|</code>", followed by the path
to a program to receive the log information on its standard
input.
<note type="warning"><title>Security:</title>
<p>If a program is used, then it will be run as the user who
started <program>httpd</program>. This will be root if the server was
started by root; be sure that the program is secure.</p>
</note>
<note type="warning"><title>Note</title>
<p>When entering a file path on non-Unix platforms, care should be taken
to make sure that only forward slashed are used even though the platform
may allow the use of back slashes. In general it is a good idea to always
use forward slashes throughout the configuration files.</p>
</note></dd>
</dl>
<p>The second argument specifies what will be written to the
log file. It can specify either a <var>nickname</var> defined by
a previous <directive module="mod_log_config">LogFormat</directive>
directive, or it can be an explicit <var>format</var> string as
described in the <a href="#formats">log formats</a> section.</p>
<p>For example, the following two sets of directives have
exactly the same effect:</p>
<example>
# CustomLog with format nickname<br />
LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
CustomLog logs/access_log common<br />
<br />
# CustomLog with explicit format string<br />
CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
</example>
<p>The third argument is optional and controls whether or
not to log a particular request based on the
presence or absence of a particular variable in the server
environment. If the specified <a href="../env.html">environment
variable</a> is set for the request (or is not set, in the case
of a '<code>env=!<var>name</var></code>' clause), then the
request will be logged.</p>
<p>Environment variables can be set on a per-request
basis using the <module>mod_setenvif</module>
and/or <module>mod_rewrite</module> modules. For
example, if you want to record requests for all GIF
images on your server in a separate logfile but not in your main
log, you can use:</p>
<example>
SetEnvIf Request_URI \.gif$ gif-image<br />
CustomLog gif-requests.log common env=gif-image<br />
CustomLog nongif-requests.log common env=!gif-image
</example>
<p>Or, to reproduce the behavior of the old RefererIgnore
directive, you might use the following:</p>
<example>
SetEnvIf Referer example\.com localreferer<br />
CustomLog referer.log referer env=!localreferer
</example>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>LogFormat</name>
<description>Describes a format for use in a log file</description>
<syntax>LogFormat <var>format</var>|<var>nickname</var>
[<var>nickname</var>]</syntax>
<default>LogFormat "%h %l %u %t \"%r\" %>s %b"</default>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<usage>
<p>This directive specifies the format of the access log
file.</p>
<p>The <directive>LogFormat</directive> directive can take one of two
forms. In the first form, where only one argument is specified,
this directive sets the log format which will be used by logs
specified in subsequent <directive>TransferLog</directive>
directives. The single argument can specify an explicit
<var>format</var> as discussed in the <a href="#formats">custom log
formats</a> section above. Alternatively, it can use a
<var>nickname</var> to refer to a log format defined in a
previous <directive>LogFormat</directive> directive as described
below.</p>
<p>The second form of the <directive>LogFormat</directive>
directive associates an explicit <var>format</var> with a
<var>nickname</var>. This <var>nickname</var> can then be used in
subsequent <directive>LogFormat</directive> or
<directive module="mod_log_config">CustomLog</directive> directives
rather than repeating the entire format string. A
<directive>LogFormat</directive> directive that defines a nickname
<strong>does nothing else</strong> -- that is, it <em>only</em>
defines the nickname, it doesn't actually apply the format and make
it the default. Therefore, it will not affect subsequent
<directive module="mod_log_config">TransferLog</directive> directives.
In addition, <directive>LogFormat</directive> cannot use one nickname
to define another nickname. Note that the nickname should not contain
percent signs (<code>%</code>).</p>
<example><title>Example</title>
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
</example>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>TransferLog</name>
<description>Specify location of a log file</description>
<syntax>TransferLog <var>file</var>|<var>pipe</var></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<usage>
<p>This directive has exactly the same arguments and effect as
the <directive module="mod_log_config">CustomLog</directive>
directive, with the exception that it does not allow the log format
to be specified explicitly or for conditional logging of requests.
Instead, the log format is determined by the most recently specified
<directive module="mod_log_config">LogFormat</directive> directive
which does not define a nickname. Common Log Format is used if no
other format has been specified.</p>
<example><title>Example</title>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<br />
TransferLog logs/access_log
</example>
</usage>
</directivesynopsis>
</modulesynopsis>
|
