logs.html.en revision 53bf1cfe583762b91a0022a3f072a7897d825df1
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
e9458b1a7a19a63aa4c179f9ab20f4d50681c168Jens Elkner<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder This file is generated from xml source: DO NOT EDIT
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<title>Log Files - Apache HTTP Server</title>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<link href="/images/favicon.ico" rel="shortcut icon" /></head>
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder<body id="manual-page"><div id="page-header">
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
4cc0a3156ac9f0f1e080433f8c4d050712e09d2bmcodescu<p class="apache">Apache HTTP Server Version 2.3</p>
4cc0a3156ac9f0f1e080433f8c4d050712e09d2bmcodescu<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
fdf9cef4c2e81f477f3023fb8e45f6faebfa5a65Eugen Kuksa<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.3</a></div><div id="page-content"><div id="preamble"><h1>Log Files</h1>
25da71ee832b729e33def344a68f59fe21ce9c07Eugen Kuksa<p><span>Available Languages: </span><a href="/en/logs.html" title="English"> en </a> |
950875ac099734b9eaccf4233773e6df00477f22Eugen Kuksa<a href="/fr/logs.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
7d0db235b17b2109cd45fa50e6d1bbc77823f81dEugen Kuksa<a href="/ja/logs.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
25da71ee832b729e33def344a68f59fe21ce9c07Eugen Kuksa<a href="/ko/logs.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
92ae4d5885ea837ffe3dae9b2de742f871229b94Christian Maeder<a href="/tr/logs.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder <p>In order to effectively manage a web server, it is necessary
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder to get feedback about the activity and performance of the
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder server as well as any problems that may be occurring. The Apache HTTP Server
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder provides very comprehensive and flexible logging
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder capabilities. This document describes how to configure its
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder logging capabilities, and how to understand what the logs
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder contain.</p>
e5f71ad96ddbaafd3bf8ae0820df93e0db4b0527cmaeder<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#overview">Overview</a></li>
eae0d62755147d991cc3e903f74f98ac31a7cd42Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#security">Security Warning</a></li>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder<li><img alt="" src="/images/down.gif" /> <a href="#errorlog">Error Log</a></li>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder<li><img alt="" src="/images/down.gif" /> <a href="#permodule">Per-module logging</a></li>
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa<li><img alt="" src="/images/down.gif" /> <a href="#accesslog">Access Log</a></li>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder<li><img alt="" src="/images/down.gif" /> <a href="#rotation">Log Rotation</a></li>
eae0d62755147d991cc3e903f74f98ac31a7cd42Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#piped">Piped Logs</a></li>
d4263171d0ce2cbc390a7b44bff98e8b3c0f8ce7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#virtualhost">Virtual Hosts</a></li>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#other">Other Log Files</a></li>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<h2><a name="overview" id="overview">Overview</a></h2>
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="/mod/mod_log_forensic.html">mod_log_forensic</a></code></li><li><code class="module"><a href="/mod/mod_logio.html">mod_logio</a></code></li><li><code class="module"><a href="/mod/mod_cgi.html">mod_cgi</a></code></li></ul></td><td /></tr></table>
5606c84ebef3de545602e215bbd87931334d48f0mcodescu The Apache HTTP Server provides a variety of different mechanisms for
c208973c890b8f993297720fd0247bc7481d4304Christian Maeder logging everything that happens on your server, from the initial
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder request, through the URL mapping process, to the final resolution of
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder the connection, including any errors that may have occurred in the
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder process. In addition to this, third-party modules may provide logging
7c99a6c982aaf61547de8054296c8055c8d1a13aSimon Ulbricht capabilities, or inject entries into the existing log files, and
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder applications such as CGI programs, or PHP scripts, or other handlers,
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder may send messages to the server error log.
1d65a799298f6b1253d774c22f61029e6eb99cadcmaeder In this document we discuss the logging modules that are a standard
ea5ccb1c6e89486a54e1f4bd95840147e96093edChristian Maeder part of the http server.
e42249ec61f50a83525db6e5fc9f5c4dd1b4cf5fcmaeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
f674d7a58db3f991300a708f3799d80c369781f8Eugen Kuksa<h2><a name="security" id="security">Security Warning</a></h2>
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <p>Anyone who can write to the directory where Apache httpd is
e42249ec61f50a83525db6e5fc9f5c4dd1b4cf5fcmaeder writing a log file can almost certainly gain access to the uid
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder that the server is started as, which is normally root. Do
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder <em>NOT</em> give people write access to the directory the logs
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder are stored in without being aware of the consequences; see the
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder <a href="misc/security_tips.html">security tips</a> document
e42249ec61f50a83525db6e5fc9f5c4dd1b4cf5fcmaeder for details.</p>
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder <p>In addition, log files may contain information supplied
20bbcc2b693b3040d7b8cc92ba966580637027d9cmaeder directly by the client, without escaping. Therefore, it is
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa possible for malicious clients to insert control-characters in
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder the log files, so care must be taken in dealing with raw
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
ea5ccb1c6e89486a54e1f4bd95840147e96093edChristian Maeder<h2><a name="errorlog" id="errorlog">Error Log</a></h2>
b99c9606f2faafeabb3fa8c596992143a561c787Simon Ulbricht <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/core.html">core</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/core.html#errorlog">ErrorLog</a></code></li><li><code class="directive"><a href="/mod/core.html#errorlogformat">ErrorLogFormat</a></code></li><li><code class="directive"><a href="/mod/core.html#loglevel">LogLevel</a></code></li></ul></td></tr></table>
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder <p>The server error log, whose name and location is set by the
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder <code class="directive"><a href="/mod/core.html#errorlog">ErrorLog</a></code> directive, is the
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder most important log file. This is the place where Apache httpd
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder will send diagnostic information and record any errors that it
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder encounters in processing requests. It is the first place to
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder look when a problem occurs with starting the server or with the
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder operation of the server, since it will often contain details of
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu what went wrong and how to fix it.</p>
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder <p>The error log is usually written to a file (typically
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <code>error.log</code> on Windows and OS/2). On Unix systems it
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder is also possible to have the server send errors to
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <code>syslog</code> or <a href="#piped">pipe them to a
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa <p>The format of the error log is defined by the <code class="directive"><a href="/mod/core.html#errorlogformat">ErrorLogFormat</a></code> directive, with which you
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder can customize what values are logged. A default is format defined
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder if you don't specify one. A typical log message follows:</p>
2e2559f894aaa661b199e4fa00609f522bc5482aSimon Ulbricht [Fri Sep 09 10:42:29.902022 2011] [core:error] [pid 35708:tid 4328636416]
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder [client 72.15.99.187] File does not exist: /usr/local/apache2/htdocs/favicon.ico
f674d7a58db3f991300a708f3799d80c369781f8Eugen Kuksa <p>The first item in the log entry is the date and time of the
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder message. The next is the module producing the message (core, in this
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder case) and the severity level of that message. This is followed by
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder the process ID and, if appropriate, the thread ID, of the process
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder that experienced the condition. Next, we have the client address
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder that made the request. And finally is the detailed error message,
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder which in this case indicates a request for a file that did not
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <p>A very wide variety of different messages can appear in the
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder error log. Most look similar to the example above. The error
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder log will also contain debugging output from CGI scripts. Any
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder information written to <code>stderr</code> by a CGI script will
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder be copied directly to the error log.</p>
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder <p>If <code class="module"><a href="/mod/mod_unique_id.html">mod_unique_id</a></code> is loaded, you
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder can put a <code>%L</code> token in both the error log and the access
8f9ac967da20be8d7782d2fc0a085dd42f79c0cbEugen Kuksa log, producing a log entry ID with which you can correlate the entry
8f9ac967da20be8d7782d2fc0a085dd42f79c0cbEugen Kuksa in the error log with the entry in the access log.</p>
703004db20b23870f080c4d9640729b19b7c2288Eugen Kuksa <p>During testing, it is often useful to continuously monitor
703004db20b23870f080c4d9640729b19b7c2288Eugen Kuksa the error log for any problems. On Unix systems, you can
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder accomplish this using:</p>
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder tail -f error_log
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder<h2><a name="permodule" id="permodule">Per-module logging</a></h2>
eca54dc24f2c59cc51645115347a89ba2b40de36cmaeder <p>The <code class="directive"><a href="/mod/core.html#loglevel">LogLevel</a></code> directive
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder allows you to specify a log severity level on a per-module basis. In
11c3a215d5cf043181e83929f1ce214df65cb587Christian Maeder this way, if you are troubleshooting a problem with just one
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder particular module, you can turn up its logging volume without also
5fb6343a5a2b4bbc67bc83479c84a92d23d30edfChristian Maeder getting the details of other modules that you're not interested in.
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder This is particularly useful for modules such as
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code> or <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code> where you
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder want to know details about what it's trying to do.</p>
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <p>Do this by specifying the name of the module in your
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <code class="directive">LogLevel</code> directive:</p>
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder LogLevel info rewrite:trace5
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <p>This sets the main <code class="directive">LogLevel</code> to info, but
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <div class="note">This replaces the per-module logging directives, such as
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <code>RewriteLog</code>, that were present in earlier versions of
b87fb5d6d5aba8fc6d3c528f7da0af228ca76b02Eugen Kuksa the server.</div>
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa<h2><a name="accesslog" id="accesslog">Access Log</a></h2>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="/mod/mod_setenvif.html">mod_setenvif</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li></ul></td></tr></table>
7b21830970250ca6369b0ae60f34c990f9a5c5bfTill Mossakowski <p>The server access log records all requests processed by the
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski server. The location and content of the access log are
83ce5f14d356cd62e98f4f674da7f11ea1869eb0Till Mossakowski controlled by the <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code>
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski directive. The <code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code>
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski directive can be used to simplify the selection of
8723ec450f2e7a024230467c0c28a3f154905483cmaeder the contents of the logs. This section describes how to configure the server
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa to record information in the access log.</p>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <p>Of course, storing the information in the access log is only
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa the start of log management. The next step is to analyze this
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa information to produce useful statistics. Log analysis in
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa general is beyond the scope of this document, and not really
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa part of the job of the web server itself. For more information
d3d8d20d41aaaa107cf2dfa4dd0434e6a08b22d5Till Mossakowski about this topic, and for applications which perform log
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder analysis, check the <a href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_analysis/">
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa Open Directory</a> or <a href="http://dir.yahoo.com/Computers_and_Internet/Software/Internet/World_Wide_Web/Servers/Log_Analysis_Tools/">
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <p>Various versions of Apache httpd have used other modules and
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa directives to control access logging, including
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa mod_log_referer, mod_log_agent, and the
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <code>TransferLog</code> directive. The <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code> directive now subsumes
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa the functionality of all the older directives.</p>
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <p>The format of the access log is highly configurable. The format
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa is specified using a format string that looks much like a C-style
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa printf(1) format string. Some examples are presented in the next
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa sections. For a complete list of the possible contents of the
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa format string, see the <code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code> <a href="mod/mod_log_config.html#formats">format strings</a>.</p>
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <h3><a name="common" id="common">Common Log Format</a></h3>
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa <p>A typical configuration for the access log might look as
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa follows.</p>
fe495a0978e5aa70776103c37fb0eb2bd6abea69Eugen Kuksa LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder <p>This defines the <em>nickname</em> <code>common</code> and
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder associates it with a particular log format string. The format
5d3978bb76c33d08d6297f69f10bbc04721ee3a5cmaeder string consists of percent directives, each of which tell the
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder server to log a particular piece of information. Literal
1f0483f71bad0707f10293d0b4db4649aa93fb35Christian Maeder characters may also be placed in the format string and will be
1f0483f71bad0707f10293d0b4db4649aa93fb35Christian Maeder copied directly into the log output. The quote character
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder (<code>"</code>) must be escaped by placing a backslash before
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder it to prevent it from being interpreted as the end of the
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder format string. The format string may also contain the special
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder control characters "<code>\n</code>" for new-line and
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder <p>The <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code>
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder directive sets up a new log file using the defined
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder <em>nickname</em>. The filename for the access log is relative to
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder the <code class="directive"><a href="/mod/core.html#serverroot">ServerRoot</a></code> unless it
293abe6af19382a456dbe612aef45054ef76832fcmaeder begins with a slash.</p>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <p>The above configuration will write log entries in a format
7b21830970250ca6369b0ae60f34c990f9a5c5bfTill Mossakowski known as the Common Log Format (CLF). This standard format can
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski be produced by many different web servers and read by many log
8e3e7896a1818bb0521674cf4f10403e9f9911b3Till Mossakowski analysis programs. The log file entries produced in CLF will
e5f71ad96ddbaafd3bf8ae0820df93e0db4b0527cmaeder look something like this:</p>
9f4902edfa3d477e42343e0ec357a2f93b1119d1Christian Maeder <p>Each part of this log entry is described below.</p>
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder <dt><code>127.0.0.1</code> (<code>%h</code>)</dt>
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <dd>This is the IP address of the client (remote host) which
4bd27a2cb9efd5d8ff00b5cf823487403add724ecmaeder made the request to the server. If <code class="directive"><a href="/mod/core.html#hostnamelookups">HostnameLookups</a></code> is
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder set to <code>On</code>, then the server will try to determine
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder the hostname and log it in place of the IP address. However,
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder this configuration is not recommended since it can
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder significantly slow the server. Instead, it is best to use a
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder log post-processor such as <code class="program"><a href="/programs/logresolve.html">logresolve</a></code> to determine
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder the hostnames. The IP address reported here is not
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder necessarily the address of the machine at which the user is
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder sitting. If a proxy server exists between the user and the
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder server, this address will be the address of the proxy, rather
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder than the originating machine.</dd>
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder <dd>The "hyphen" in the output indicates that the requested
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder piece of information is not available. In this case, the
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder information that is not available is the RFC 1413 identity of
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder the client determined by <code>identd</code> on the clients
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder machine. This information is highly unreliable and should
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder almost never be used except on tightly controlled internal
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder networks. Apache httpd will not even attempt to determine
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder this information unless <code class="directive"><a href="/mod/core.html#identitycheck">IdentityCheck</a></code> is set
feb9227bb5c49d5bea1a112500c3b3eba31abdfbcmaeder <dd>This is the userid of the person requesting the document
df24d7f0c79862ffd8189698645e201bf07a4d9cEugen Kuksa as determined by HTTP authentication. The same value is
df24d7f0c79862ffd8189698645e201bf07a4d9cEugen Kuksa typically provided to CGI scripts in the
df24d7f0c79862ffd8189698645e201bf07a4d9cEugen Kuksa <code>REMOTE_USER</code> environment variable. If the status
df24d7f0c79862ffd8189698645e201bf07a4d9cEugen Kuksa code for the request (see below) is 401, then this value
feb9227bb5c49d5bea1a112500c3b3eba31abdfbcmaeder should not be trusted because the user is not yet
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder authenticated. If the document is not password protected,
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder this part will be "<code>-</code>" just like the previous
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa The time that the request was received.
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa The format is:
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa <code>[day/month/year:hour:minute:second zone]<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa day = 2*digit<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa month = 3*letter<br />
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa year = 4*digit<br />
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa hour = 2*digit<br />
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa minute = 2*digit<br />
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa second = 2*digit<br />
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa zone = (`+' | `-') 4*digit</code>
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa <p>It is possible to have the time displayed in another format
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa by specifying <code>%{format}t</code> in the log format
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa string, where <code>format</code> is either as in
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa <code>strftime(3)</code> from the C standard library,
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa or one of the supported special tokens. For details see
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa the <code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code> <a href="mod/mod_log_config.html#formats">format strings</a>.</p>
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa <dd>The request line from the client is given in double
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski quotes. The request line contains a great deal of useful
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa information. First, the method used by the client is
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa <code>GET</code>. Second, the client requested the resource
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa <code>/apache_pb.gif</code>, and third, the client used the
d16243f2fd4825f598eee589b68e324e23eb469dEugen Kuksa protocol <code>HTTP/1.0</code>. It is also possible to log
d16243f2fd4825f598eee589b68e324e23eb469dEugen Kuksa one or more parts of the request line independently. For
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa example, the format string "<code>%m %U%q %H</code>" will log
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa the method, path, query-string, and protocol, resulting in
ab38e2fac740c4336afafbe0584053dc2e67002bEugen Kuksa exactly the same output as "<code>%r</code>".</dd>
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa <dd>This is the status code that the server sends back to the
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa client. This information is very valuable, because it reveals
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa whether the request resulted in a successful response (codes
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder beginning in 2), a redirection (codes beginning in 3), an
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder error caused by the client (codes beginning in 4), or an
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder error in the server (codes beginning in 5). The full list of
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa possible status codes can be found in the <a href="http://www.w3.org/Protocols/rfc2616/rfc2616.txt">HTTP
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <dd>The last part indicates the size of the object returned
8d11785bab797efec9c78e11c9c07e7a32b35e21Eugen Kuksa to the client, not including the response headers. If no
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht content was returned to the client, this value will be
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder "<code>-</code>". To log "<code>0</code>" for no content, use
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht <h3><a name="combined" id="combined">Combined Log Format</a></h3>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <p>Another commonly used format string is called the Combined
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa Log Format. It can be used as follows.</p>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht \"%{User-agent}i\"" combined<br />
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa <p>This format is exactly the same as the Common Log Format,
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa with the addition of two more fields. Each of the additional
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa fields uses the percent-directive
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <code>%{<em>header</em>}i</code>, where <em>header</em> can be
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht any HTTP request header. The access log under this format will
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht look like:</p>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht "http://www.example.com/start.html" "Mozilla/4.08 [en]
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa (Win98; I ;Nav)"
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <dt><code>"http://www.example.com/start.html"</code>
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <dd>The "Referer" (sic) HTTP request header. This gives the
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht site that the client reports having been referred from. (This
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht should be the page that links to or includes
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <dt><code>"Mozilla/4.08 [en] (Win98; I ;Nav)"</code>
5586064a8b4b5328f37f9a7cf2aaf893ed099e67Eugen Kuksa <dd>The User-Agent HTTP request header. This is the
de8983abdf4b35af1ed1fdee2de4dff13c2368bacmaeder identifying information that the client browser reports about
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <h3><a name="multiple" id="multiple">Multiple Access Logs</a></h3>
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht <p>Multiple access logs can be created simply by specifying
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht multiple <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code>
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht directives in the configuration
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht file. For example, the following directives will create three
ccd9cf19d129595770d592d3d0d80c6619f7a141Eugen Kuksa access logs. The first contains the basic CLF information,
465c6b72e8e480969b5f08658e394992bcc08bfcSimon Ulbricht while the second and third contain referer and browser
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht information. The last two <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code> lines show how
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht to mimic the effects of the <code>ReferLog</code> and <code>AgentLog</code> directives.</p>
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa CustomLog logs/referer_log "%{Referer}i -> %U"<br />
60e6795dd310e10194e12bb660575aadf941328bEugen Kuksa <p>This example also shows that it is not necessary to define a
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa nickname with the <code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code> directive. Instead,
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht the log format can be specified directly in the <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code> directive.</p>
1698621aea64f7a2b04a4084984eed1437e22771Christian Maeder <h3><a name="conditional" id="conditional">Conditional Logs</a></h3>
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder <p>There are times when it is convenient to exclude certain
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder entries from the access logs based on characteristics of the
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder client request. This is easily accomplished with the help of <a href="env.html">environment variables</a>. First, an
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder environment variable must be set to indicate that the request
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder meets certain conditions. This is usually accomplished with
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder <code class="directive"><a href="/mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>. Then the
cbd64ad1d663565751cb9442f78a40ff96c6bed6Eugen Kuksa <code>env=</code> clause of the <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code> directive is used to
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu include or exclude requests where the environment variable is
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht set. Some examples:</p>
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder # Mark requests from the loop-back interface<br />
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder SetEnvIf Request_URI "^/robots\.txt$" dontlog<br />
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder # Log what remains<br />
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa <p>As another example, consider logging requests from
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa english-speakers to one log file, and non-english speakers to a
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa different log file.</p>
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht SetEnvIf Accept-Language "en" english<br />
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht CustomLog logs/english_log common env=english<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa CustomLog logs/non_english_log common env=!english
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <p>In a caching scenario one would want to know about
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa the efficiency of the cache. A very simple method to
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa find this out would be:</p>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SetEnv CACHE_MISS 1<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa LogFormat "%h %l %u %t "%r " %>s %b %{CACHE_MISS}e" common-cache<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <p><code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code> will run before
f345dca8aecfdbc7137a28dda45f9a5574d1fd14Eugen Kuksa <code class="module"><a href="/mod/mod_env.html">mod_env</a></code> and when successfull will deliver the
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa content without it. In that case a cache hit will log
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <code>-</code>, while a cache miss will log <code>1</code>.</p>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <p>In addition to the <code>env=</code> syntax, <code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code> supports logging values
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa conditional upon the HTTP response code:</p>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa LogFormat "%400,501{User-agent}i" browserlog<br />
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa LogFormat "%!200,304,302{Referer}i" refererlog
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa <p>In the first example, the <code>User-agent</code> will be
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa logged if the HTTP status code is 400 or 501. In other cases, a
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa literal "-" will be logged instead. Likewise, in the second
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa example, the <code>Referer</code> will be logged if the HTTP
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa status code is <strong>not</strong> 200, 204, or 302. (Note the
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa "!" before the status codes.</p>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <p>Although we have just shown that conditional logging is very
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa powerful and flexible, it is not the only way to control the
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa contents of the logs. Log files are more useful when they
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa contain a complete record of server activity. It is often
f345dca8aecfdbc7137a28dda45f9a5574d1fd14Eugen Kuksa easier to simply post-process the log files to remove requests
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa that you do not want to consider.</p>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
f345dca8aecfdbc7137a28dda45f9a5574d1fd14Eugen Kuksa<h2><a name="rotation" id="rotation">Log Rotation</a></h2>
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa <p>On even a moderately busy server, the quantity of
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder information stored in the log files is very large. The access
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa log file typically grows 1 MB or more per 10,000 requests. It
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder will consequently be necessary to periodically rotate the log
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht files by moving or deleting the existing logs. This cannot be
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder done while the server is running, because Apache httpd will continue
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa writing to the old log file as long as it holds the file open.
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa Instead, the server must be <a href="stopping.html">restarted</a> after the log files are
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksa moved or deleted so that it will open new log files.</p>
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder <p>By using a <em>graceful</em> restart, the server can be
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder instructed to open new log files without losing any existing or
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder pending connections from clients. However, in order to
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht accomplish this, the server must continue to write to the old
d1c667fd9445963d9d31e2cf5d0ead15e77082a4cmaeder log files while it finishes serving old requests. It is
dab141168df1b5ae84852d862b3aefc8782cfc7emcodescu therefore necessary to wait for some time after the restart
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa before doing any processing on the log files. A typical
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu scenario that simply rotates the logs and compresses the old
8723ec450f2e7a024230467c0c28a3f154905483cmaeder logs to save space is:</p>
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder apachectl graceful<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder sleep 600<br />
4bd27a2cb9efd5d8ff00b5cf823487403add724ecmaeder <p>Another way to perform log rotation is using <a href="#piped">piped logs</a> as discussed in the next
8723ec450f2e7a024230467c0c28a3f154905483cmaeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
60e6795dd310e10194e12bb660575aadf941328bEugen Kuksa <p>Apache httpd is capable of writing error and access log
60e6795dd310e10194e12bb660575aadf941328bEugen Kuksa files through a pipe to another process, rather than directly
1d65a799298f6b1253d774c22f61029e6eb99cadcmaeder to a file. This capability dramatically increases the
90d3a604eeb43972cef8bfd283a0118a4ad6e9e7cmaeder flexibility of logging, without adding code to the main server.
1d65a799298f6b1253d774c22f61029e6eb99cadcmaeder In order to write logs to a pipe, simply replace the filename
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht with the pipe character "<code>|</code>", followed by the name
8723ec450f2e7a024230467c0c28a3f154905483cmaeder of the executable which should accept log entries on its
7463a1bf64cfa90917e2afb6a5017ec411d2b3dbSimon Ulbricht standard input. The server will start the piped-log process when
7f150d7930b47c297e184638ecd811b3656b0dadChristian Maeder the server starts, and will restart it if it crashes while the
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht server is running. (This last feature is why we can refer to
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder this technique as "reliable piped logging".)</p>
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht <p>Piped log processes are spawned by the parent Apache httpd
f6a562e28240e4f9107c199ba7a8e500ccfbfa55Simon Ulbricht process, and inherit the userid of that process. This means
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder that piped log programs usually run as root. It is therefore
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder very important to keep the programs simple and secure.</p>
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder <p>One important use of piped logs is to allow log rotation
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht without having to restart the server. The Apache HTTP Server
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder includes a simple program called <code class="program"><a href="/programs/rotatelogs.html">rotatelogs</a></code>
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht for this purpose. For example, to rotate the logs every 24 hours, you
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht <p>Notice that quotes are used to enclose the entire command
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht that will be called for the pipe. Although these examples are
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder for the access log, the same technique can be used for the
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder error log.</p>
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht <p>A similar but much more flexible log rotation program
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder called <a href="http://www.cronolog.org/">cronolog</a>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder is available at an external site.</p>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p>As with conditional logging, piped logs are a very powerful
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder tool, but they should not be used where a simpler solution like
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht off-line post-processing is available.</p>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p>By default the piped log process is spawned without invoking
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder a shell. Use "<code>|$</code>" instead of "<code>|</code>"
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder to spawn using a shell (usually with <code>/bin/sh -c</code>):</p>
d1c667fd9445963d9d31e2cf5d0ead15e77082a4cmaeder # Invoke "rotatelogs" using a shell<br />
d1c667fd9445963d9d31e2cf5d0ead15e77082a4cmaeder <p>This was the default behaviour for Apache 2.2.
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu Depending on the shell specifics this might lead to
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu an additional shell process for the lifetime of the logging
cbd64ad1d663565751cb9442f78a40ff96c6bed6Eugen Kuksa pipe program and signal handling problems during restart.
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder For compatibility reasons with Apache 2.2 the notation
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder "<code>||</code>" is also supported and equivalent to using
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder<h2><a name="virtualhost" id="virtualhost">Virtual Hosts</a></h2>
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder <p>When running a server with many <a href="vhosts/">virtual
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder hosts</a>, there are several options for dealing with log
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder files. First, it is possible to use logs exactly as in a
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa single-host server. Simply by placing the logging directives
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa outside the <code class="directive"><a href="/mod/core.html#virtualhost"><VirtualHost></a></code> sections in the
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa main server context, it is possible to log all requests in the
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder same access log and error log. This technique does not allow
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder for easy collection of statistics on individual virtual
5606c84ebef3de545602e215bbd87931334d48f0mcodescu <p>If <code class="directive"><a href="/mod/mod_log_config.html#customlog">CustomLog</a></code>
5606c84ebef3de545602e215bbd87931334d48f0mcodescu or <code class="directive"><a href="/mod/core.html#errorlog">ErrorLog</a></code>
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu directives are placed inside a
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu <code class="directive"><a href="/mod/core.html#virtualhost"><VirtualHost></a></code>
dab141168df1b5ae84852d862b3aefc8782cfc7emcodescu section, all requests or errors for that virtual host will be
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu logged only to the specified file. Any virtual host which does
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu not have logging directives will still have its requests sent
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu to the main server logs. This technique is very useful for a
dab141168df1b5ae84852d862b3aefc8782cfc7emcodescu small number of virtual hosts, but if the number of hosts is
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu very large, it can be complicated to manage. In addition, it
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu can often create problems with <a href="vhosts/fd-limits.html">insufficient file
dab141168df1b5ae84852d862b3aefc8782cfc7emcodescu <p>For the access log, there is a very good compromise. By
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu adding information on the virtual host to the log format
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht string, it is possible to log all hosts to the same log, and
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht later split the log into individual files. For example,
2e2559f894aaa661b199e4fa00609f522bc5482aSimon Ulbricht consider the following directives.</p>
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht LogFormat "%v %l %u %t \"%r\" %>s %b"
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder comonvhost<br />
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht <p>The <code>%v</code> is used to log the name of the virtual
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht host that is serving the request. Then a program like <a href="programs/other.html">split-logfile</a> can be used to
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder post-process the access log in order to split it into one file
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder per virtual host.</p>
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder<h2><a name="other" id="other">Other Log Files</a></h2>
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_logio.html">mod_logio</a></code></li><li><code class="module"><a href="/mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="/mod/mod_log_forensic.html">mod_log_forensic</a></code></li><li><code class="module"><a href="/mod/mod_cgi.html">mod_cgi</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="/mod/mod_log_config.html#bufferedlogs">BufferedLogs</a></code></li><li><code class="directive"><a href="/mod/mod_log_forensic.html#forensiclog">ForensicLog</a></code></li><li><code class="directive"><a href="/mod/mpm_common.html#pidfile">PidFile</a></code></li><li><code class="directive"><a href="/mod/mod_cgi.html#scriptlog">ScriptLog</a></code></li><li><code class="directive"><a href="/mod/mod_cgi.html#scriptlogbuffer">ScriptLogBuffer</a></code></li><li><code class="directive"><a href="/mod/mod_cgi.html#scriptloglength">ScriptLogLength</a></code></li></ul></td></tr></table>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <h3>Logging actual bytes sent and received</h3>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p><code class="module"><a href="/mod/mod_logio.html">mod_logio</a></code> adds in two additional
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder <code class="directive"><a href="/mod/mod_log_config.html#logformat">LogFormat</a></code> fields
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder (%I and %O) that log the actual number of bytes received and sent
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder on the network.</p>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p><code class="module"><a href="/mod/mod_log_forensic.html">mod_log_forensic</a></code> provides for forensic logging of
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder client requests. Logging is done before and after processing a
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht request, so the forensic log contains two log lines for each
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht request. The forensic logger is very strict with no customizations.
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder It can be an invaluable debugging and security tool.</p>
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder <h3><a name="pidfile" id="pidfile">PID File</a></h3>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p>On startup, Apache httpd saves the process id of the parent
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder httpd process to the file <code>logs/httpd.pid</code>. This
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder filename can be changed with the <code class="directive"><a href="/mod/mpm_common.html#pidfile">PidFile</a></code> directive. The
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht process-id is for use by the administrator in restarting and
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht terminating the daemon by sending signals to the parent
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht process; on Windows, use the -k command line option instead.
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht For more information see the <a href="stopping.html">Stopping
ccd9cf19d129595770d592d3d0d80c6619f7a141Eugen Kuksa <h3><a name="scriptlog" id="scriptlog">Script Log</a></h3>
f07364021546acc2fa5da55501bd6207b040f7bfEugen Kuksa <p>In order to aid in debugging, the
8723ec450f2e7a024230467c0c28a3f154905483cmaeder <code class="directive"><a href="/mod/mod_cgi.html#scriptlog">ScriptLog</a></code> directive
8723ec450f2e7a024230467c0c28a3f154905483cmaeder allows you to record the input to and output from CGI scripts.
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder This should only be used in testing - not for live servers.
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder More information is available in the <a href="mod/mod_cgi.html">mod_cgi</a> documentation.</p>
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder<p><span>Available Languages: </span><a href="/en/logs.html" title="English"> en </a> |
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder<a href="/fr/logs.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder<a href="/ja/logs.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder<a href="/ko/logs.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder<a href="/tr/logs.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p>
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder<p class="apache">Copyright 2011 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
8723ec450f2e7a024230467c0c28a3f154905483cmaeder<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>