访问日志
CustomLog
描述: 定义服务器记录访问日志的文件及日志格式
语法: CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression]
语境: 系统配置文件, <VirtualHost>片段
状态: Base
模块: mod_log_config
第一个参数指定了日志的写入位置,可以采用以下两种类型的值之一:
- 文件:一个文件名,相对于ServerRoot。
- 输送给管道程序:管道符“ |”,后跟程序的路径,以接收有关其标准输入的日志信息
第二个参数指定将写入日志文件的内容。它可以是由指令 LogFormat 定义的昵称,也可以是 LogFormat 指令说明中描述的格式字符串,例如以下两组指令效果完全相同:
# CustomLog with format nicknameLogFormat "%h %l %u %t \"%r\" %>s %b" commonCustomLog "logs/access_log" common# CustomLog with explicit format stringCustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"
第三个参数是可选的,控制是否记录特定请求。条件可以是服务器环境中特定变量的存在或不存在;条件可以表示为任意布尔表达式。如果不满足条件,则不会记录请求。
可以使用mod_setenvif 或 mod_rewrite 模块基于每个请求设置环境变量。例如,如果要在服务器上的日志文件中单独记录所有GIF图像的请求,而不是在主日志中记录,则可以使用:
SetEnvIf Request_URI \.gif$ gif-imageCustomLog "gif-requests.log" common env=gif-imageCustomLog "nongif-requests.log" common env=!gif-image
LogFormat
描述: 定义服务器记录访问日志的格式
语法: LogFormat format|nickname [nickname]
语境: 系统配置文件, <VirtualHost>片段
默认: LogFormat “%h %l %u %t \”%r\” %>s %b”
状态: Base
模块: mod_log_config
指令有三种形式:
LogFormat format显式的设置日志格式,在后续TransferLog指令中指定的日志将使用该日志格式。LogFormat format nickname将显式格式与昵称相关联,它只定义昵称,不实际应用格式。另外,不能使用一个昵称来定义另一个昵称。请注意,昵称不应包含百分率符号%。LogFormat nickname使用昵称来引用在LogFormat format nickname指令中定义的日志格式。
通过在格式字符串中放置 % 指令来记录请求本身的特性,这些指令在日志文件中由值替换,如下所示:
| Format String | Description |
|---|---|
| %% | The percent sign. |
| %a | Client IP address of the request (see the mod_remoteip module). |
| %{c}a | Underlying peer IP address of the connection (see the mod_remoteip module). |
| %A | Local IP-address. |
| %B | Size of response in bytes, excluding HTTP headers. |
| %b | Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a ‘-‘ rather than a 0 when no bytes are sent. |
| %{VARNAME}C | The contents of cookie VARNAME in the request sent to the server. Only version 0 cookies are fully supported. |
| %D | The time taken to serve the request, in microseconds. |
| %{VARNAME}e | The contents of the environment variable VARNAME. |
| %f | Filename. |
| %h | Remote hostname. Will log the IP address if HostnameLookups is set to Off, which is the default. If it logs the hostname for only a few hosts, you probably have access control directives mentioning them by name. See the Require host documentation. |
| %H | The request protocol. |
| %{VARNAME}i | The contents of VARNAME: header line(s) in the request sent to the server. Changes made by other modules (e.g. mod_headers) affect this. If you’re interested in what the request header was prior to when most modules would have modified it, use mod_setenvif to copy the header into an internal environment variable and log that value with the %{VARNAME}e described above. |
| %k | Number of keepalive requests handled on this connection. Interesting if KeepAlive is being used, so that, for example, a ‘1’ means the first keepalive request after the initial one, ‘2’ the second, etc…; otherwise this is always 0 (indicating the initial request). |
| %l | Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set On. |
| %L | The request log ID from the error log (or ‘-‘ if nothing has been logged to the error log for this request). Look for the matching error log line to see what request caused what error. |
| %m | The request method. |
| %{VARNAME}n | The contents of note VARNAME from another module. |
| %{VARNAME}o | The contents of VARNAME: header line(s) in the reply. |
| %p | The canonical port of the server serving the request. |
| %{format}p | The canonical port of the server serving the request, or the server’s actual port, or the client’s actual port. Valid formats are canonical, local, or remote. |
| %P | The process ID of the child that serviced the request. |
| %{format}P | The process ID or thread ID of the child that serviced the request. Valid formats are pid, tid, and hextid. hextid requires APR 1.2.0 or higher. |
| %q | The query string (prepended with a ? if a query string exists, otherwise an empty string). |
| %r | First line of request. |
| %R | The handler generating the response (if any). |
| %s | Status. For requests that have been internally redirected, this is the status of the original request. Use %>s for the final status. |
| %t | Time the request was received, in the format [18/Sep/2011:19:18:28 -0400]. The last number indicates the timezone offset from GMT |
| %{format}t | The time, in the form given by format, which should be in an extended strftime(3) format (potentially localized). If the format starts with begin: (default) the time is taken at the beginning of the request processing. If it starts with end: it is the time when the log entry gets written, close to the end of the request processing. In addition to the formats supported by strftime(3), the following format tokens are supported: |
| sec | number of seconds since the Epoch |
| msec | number of milliseconds since the Epoch |
| usec | number of microseconds since the Epoch |
| msec_frac | millisecond fraction |
| usec_frac | microsecond fraction |
| These tokens can not be combined with each other or strftime(3) formatting in the same format string. You can use multiple %{format}t tokens instead. | |
| %T | The time taken to serve the request, in seconds. |
| %{UNIT}T | The time taken to serve the request, in a time unit given by UNIT. Valid units are ms for milliseconds, us for microseconds, and s for seconds. Using s gives the same result as %T without any format; using us gives the same result as %D. Combining %T with a unit is available in 2.4.13 and later. |
| %u | Remote user if the request was authenticated. May be bogus if return status (%s) is 401 (unauthorized). |
| %U | The URL path requested, not including any query string. |
| %v | The canonical ServerName of the server serving the request. |
| %V | The server name according to the UseCanonicalName setting. |
| %X | Connection status when response is completed: |
| X = | Connection aborted before the response completed. |
| + = | Connection may be kept alive after the response is sent. |
| - = | Connection will be closed after the response is sent. |
| %I | Bytes received, including request and headers. Cannot be zero. You need to enable mod_logio to use this. |
| %O | Bytes sent, including headers. May be zero in rare cases such as when a request is aborted before a response is sent. You need to enable mod_logio to use this. |
| %S | Bytes transferred (received and sent), including request and headers, cannot be zero. This is the combination of %I and %O. You need to enable mod_logio to use this. |
| %{VARNAME}^ti | The contents of VARNAME: trailer line(s) in the request sent to the server. |
| %{VARNAME}^to | The contents of VARNAME: trailer line(s) in the response sent from the server. |
通过在“%”后面紧跟逗号分隔的状态代码列表,可以限制特定项目仅打印具有特定HTTP状态代码的响应。状态代码列表可以在前面加上 ! 以表示否定,例如:
%400,501{User-agent}i,表示状态码为400和501的请求,则记录User-agent,否则记录-%!200,304,302{Referer}i,表示状态码不是200/304/302的请求,则记录Referer,否则记录-
TransferLog
描述: 指定日志文件的位置
语法: TransferLog file|pipe
语境: 系统配置文件, <VirtualHost>片段
状态: Base
模块: mod_log_config
指令与 CustomLog 用法类似,却有不同:TransferLog只能指定文件位置,不能指定日志格式或者引用 LogFormat 定义的昵称,日志的格式由在此之前最后一个有效的 LogFormat指令确定。(关联昵称的LogFormat不能作为 TransferLog的日志格式)
错误日志
ErrorLog
描述: 服务器记录错误日志的文件
语法: ErrorLog file-path|syslog[:[facility][:tag]]
语境: 系统配置文件, <VirtualHost>片段
默认: ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)
状态: Core
模块: Core
如果file-path不是一个以斜杠(/)开头的绝对路径,那么将被认为是一个相对于ServerRoot的相对路径;如果file-path以一个管道符号(|)开头,那么会为它指定一个命令来处理错误日志。如:
ErrorLog "|/usr/local/bin/httpd_errors"
如果系统支持,可以使用syslog来记载日志:
ErrorLog syslog:userErrorLog syslog:user:httpd.srv1ErrorLog syslog::httpd.srv2
ErrorLogFormat
描述: 错误日志条目的内容及格式
语法: ErrorLogFormat [connection|request] format
语境: 系统配置文件, <VirtualHost>片段
状态: Core
模块: Core
利用第一个参数可以为connection或request定义不同的日志内容及格式。
一般使用空格作为分割字段的符号;也可以使用组合符号%(注意百分比后面有个空格)作为分割字段的符号,它表示不产生任何输出的零宽度字符。想要使用空格字符,而不作为分隔符,可以使用反斜杠转义空格字符。
除了实际的日志消息之外,还允许在错误日志中记录指定的补充信息,支持的格式化字符串及其含义如下表:
| Format String | Description |
|---|---|
| %% | The percent sign |
| %a | Client IP address and port of the request |
| %{c}a | Underlying peer IP address and port of the connection (see the mod_remoteip module) |
| %A | Local IP-address and port |
| %{name}e | Request environment variable name |
| %E | APR/OS error status code and string |
| %F | Source file name and line number of the log call |
| %{name}i | Request header name |
| %k | Number of keep-alive requests on this connection |
| %l | Loglevel of the message |
| %L | Log ID of the request |
| %{c}L | Log ID of the connection |
| %{C}L | Log ID of the connection if used in connection scope, empty otherwise |
| %m | Name of the module logging the message |
| %M | The actual log message |
| %{name}n | Request note name |
| %P | Process ID of current process |
| %T | Thread ID of current thread |
| %{g}T | System unique thread ID of current thread (the same ID as displayed by e.g. top; currently Linux only) |
| %t | The current time |
| %{u}t | The current time including micro-seconds |
| %{cu}t | The current time in compact ISO 8601 format, including micro-seconds |
| %v | The canonical ServerName of the current server. |
| %V | The server name of the server serving the request according to the UseCanonicalName setting. |
| \ | (backslash space) Non-field delimiting space |
| % | (percent space) Field delimiter (no output) |
某些格式字符串项不会产生输出。例如,只有在日志消息与请求相关联并且日志消息发生在已经从客户机读取了Referer头时,才会出现Referer头。如果没有产生输出,默认行为是删除从前一个空格字符到下一个空格字符的所有内容。例如,如果日志格式[%t] [%l] [%a] %M 中的远程地址 %a 不可用,则不记录周围的括号。可以通过向格式字符串项添加修饰符来更改默认行为:
-(减号)修饰符将记录一个-。- 在为
connection或request定义日志格式时,还可以使用+(加号)修饰符。如果带有加号修饰符的项不产生任何输出,则省略整个行。 - 数字作为修饰符可用于将日志严重性级别分配给格式项。只有当日志消息的严重性高于指定的日志严重性级别时,才会记录该项目。可定义的数值为1-4,7-15(值越小越严重)
例如,如果向%{Referer}i令牌添加修饰符,如果Referer未设置则会发生以下情况:
| 修改后的令牌 | 含义 |
|---|---|
| %-{Referer}i | 记录一个- |
| %+{Referer}i | 忽略整行 |
| %4{Referer}i | 仅在日志消息严重程度高于4才记录Referer |
LogLevel
描述: 控制错误日志的详细程度
语法: LogLevel [module:]level [module:level] …
语境: 系统配置文件, <VirtualHost>片段, <Directory>片段
默认: LogLevel warn
状态: Core
模块: Core
以下级别可用,按重要性递减顺序:
| Level | Description | Example |
|---|---|---|
| emerg | Emergencies - system is unusable. | “Child cannot open lock file. Exiting” |
| alert | Action must be taken immediately. | “getpwuid: couldn’t determine user name from uid” |
| crit | Critical Conditions. | “socket: Failed to get a socket, exiting child” |
| error | Error conditions. | “Premature end of script headers” |
| warn | Warning conditions. | “child process 1234 did not exit, sending another SIGHUP” |
| notice | Normal but significant condition. | “httpd: caught SIGBUS, attempting to dump core in …” |
| info | Informational. | “Server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers)…” |
| debug | Debug-level messages | “Opening config file …” |
| trace1 | Trace messages | “proxy: FTP: control connection complete” |
| trace2 | Trace messages | “proxy: CONNECT: sending the CONNECT request to the remote proxy” |
| trace3 | Trace messages | “openssl: Handshake: start” |
| trace4 | Trace messages | “read from buffered SSL brigade, mode 0, 17 bytes” |
| trace5 | Trace messages | “map lookup FAILED: map=rewritemap key=keyname” |
| trace6 | Trace messages | “cache lookup FAILED, forcing new map lookup” |
| trace7 | Trace messages, dumping large amounts of data | “ 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 “ |
| trace8 | Trace messages, dumping large amounts of data | “ 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 “ |
当指定特定级别时,也将报告来自所有其他更高级别的级别的消息。