自動目錄
在APACHE中有定義一些記錄的語法模版
在 /etc/httpd/conf/httpd.conf 中:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
然後我們可以定義要寫入的記錄檔格式,預設是combined,例如預設的存取記錄為:
CustomLog logs/access_log combined
當然你可以把上面的"combined'" 改為你自訂的格式
我們也可以指定自己的網站記錄的格式,例如一個vh:
<VirtualHost *:80>
ServerName n.sfs.tw
...
CustomLog logs/z-access_log combined
</VirtualHost>
由於在 /etc/httpd 目錄中預設有一個logs的連結 (centos6)
下面的第5行,所以記錄檔路徑可指定 logs/your_log_name 就丟到 /var/log/httpd/之中,原理是這樣的
# ls -l /etc/httpd/ 總計 8 drwxr-xr-x. 2 root root 4096 2016-11-04 01:22 conf drwxr-xr-x. 2 root root 4096 2016-11-04 01:21 conf.d lrwxrwxrwx. 1 root root 19 2016-09-25 22:57 logs -> ../../var/log/httpd lrwxrwxrwx. 1 root root 29 2016-09-25 22:57 modules -> ../../usr/lib64/httpd/modules lrwxrwxrwx. 1 root root 19 2016-09-25 22:57 run -> ../../var/run/httpd
COMBINED 格式
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
他存起來的記錄長得像這樣:
59.126.205.242 - - [04/Jan/2009:23:30:57 +0800] "GET /main/images/login/login_05.png HTTP/1.1" 200 1355 "http://exmaple.com/i1.php?fun=login_show" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 FirePHP/0.2.1"
說明如下:
1. 59.126.205.242 是客戶端IP
2. 第一個 '-' 是 %l 因為此網頁不必認證,所以logname 為空
3. 第二個 '-' 是 %u 因為此網頁不必認證,所以username 為空
4. [04/Jan/2009:23:30:57 +0800] 是時間
5. "GET /main/images/login/login_05.png HTTP/1.1" 為客戶端的 request
6. 200 %s 是狀態,%s 是取得最後的狀態,數字200代表 OK
7. 1355 排除掉 HTTP的headers後的長度(Bytes)
8. "http://example.com/main/i1.php?fun=login_show" 記錄 referer。也就是導到此request的頁面的呼叫者,這裡可以當來源分析。
9. "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 FirePHP/0.2.1" 是客戶端的瀏覽器狀態。
可使用的參數說明
%...a: Remote IP-address
%...A: Local IP-address
%...B: Bytes sent, excluding HTTP headers.
%...b: Bytes sent, excluding HTTP headers. In CLF format
i.e. a '-' rather than a 0 when no bytes are sent.
%...c: Connection status when response was completed.
'X' = connection aborted before the response completed.
'+' = connection may be kept alive after the response is sent.
'-' = connection will be closed after the response is sent.
%...{FOOBAR}e: The contents of the environment variable FOOBAR
%...f: Filename
%...h: Remote host
%...H The request protocol
%...{Foobar}i: The contents of Foobar: header line(s) in the request
sent to the server.
%...l: Remote logname (from identd, if supplied)
%...m The request method
%...{Foobar}n: The contents of note "Foobar" from another module.
%...{Foobar}o: The contents of Foobar: header line(s) in the reply.
%...p: The canonical Port of the server serving the request
%...P: The process ID of the child that serviced the request.
%...q The query string (prepended with a ? if a query string exists,
otherwise an empty string)
%...r: First line of request
%...s: Status. For requests that got internally redirected, this is
the status of the *original* request --- %...>s for the last.
%...t: Time, in common log format time format (standard english format)
%...{format}t: The time, in the form given by format, which should
be in strftime(3) format. (potentially localized)
%...T: The time taken to serve the request, in seconds.
%...u: Remote user (from auth; may be bogus if return status (%s) is 401)
%...U: The URL path requested, not including any query string.
%...v: The canonical ServerName of the server serving the request.
%...V: The server name according to the UseCanonicalName setting.
參考資料
[1] http://httpd.apache.org/docs/1.3/mod/mod_log_config.html
