logs.xml revision 16c733f1d1ed4665c550ed8b9ff15abf7df85a48
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<!DOCTYPE manualpage SYSTEM "/style/manualpage.dtd">
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<!-- $LastChangedRevision$ -->
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder Licensed to the Apache Software Foundation (ASF) under one or more
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder contributor license agreements. See the NOTICE file distributed with
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder this work for additional information regarding copyright ownership.
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder The ASF licenses this file to You under the Apache License, Version 2.0
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder (the "License"); you may not use this file except in compliance with
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder the License. You may obtain a copy of the License at
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder Unless required by applicable law or agreed to in writing, software
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder distributed under the License is distributed on an "AS IS" BASIS,
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder See the License for the specific language governing permissions and
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder limitations under the License.
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder <p>In order to effectively manage a web server, it is necessary
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder to get feedback about the activity and performance of the
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder server as well as any problems that may be occurring. The Apache HTTP Server
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder provides very comprehensive and flexible logging
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder capabilities. This document describes how to configure its
945e82ed7877917f3ab1657f555e71991372546aChristian Maeder logging capabilities, and how to understand what the logs
fd94a6f66ccb5cef99aa42069b61e4b8734dbd3fChristian Maeder </modulelist>
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder The Apache HTTP Server provides a variety of different mechanisms for
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder logging everything that happens on your server, from the initial
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder request, through the URL mapping process, to the final resolution of
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder the connection, including any errors that may have occurred in the
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder process. In addition to this, third-party modules may provide logging
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder capabilities, or inject entries into the existing log files, and
6a88f8edd881afaf4b865b01bfbb4faaf0e7a3c9Simon Ulbricht applications such as CGI programs, or PHP scripts, or other handlers,
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder may send messages to the server error log.
734a5ebd38032798f0ab908e2d52862c71b2c127Simon Ulbricht In this document we discuss the logging modules that are a standard
ea5ccb1c6e89486a54e1f4bd95840147e96093edChristian Maeder part of the http server.
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder <p>Anyone who can write to the directory where Apache httpd is
473f5af6e4803fbeecc814065952396f2501039bChristian Maeder writing a log file can almost certainly gain access to the uid
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder that the server is started as, which is normally root. Do
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <em>NOT</em> give people write access to the directory the logs
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder are stored in without being aware of the consequences; see the
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <a href="misc/security_tips.html">security tips</a> document
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder for details.</p>
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <p>In addition, log files may contain information supplied
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder directly by the client, without escaping. Therefore, it is
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder possible for malicious clients to insert control-characters in
f56cdf11927c31495bae642a9eb383212c90ba61Christian Maeder the log files, so care must be taken in dealing with raw
526e7f36639cb58e3c99a54bea082499a6b04a25Christian Maeder </modulelist>
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder <directivelist>
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <directive module="core">ErrorLog</directive>
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder <directive module="core">LogLevel</directive>
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder </directivelist>
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <p>The server error log, whose name and location is set by the
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder <directive module="core">ErrorLog</directive> directive, is the
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder most important log file. This is the place where Apache httpd
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder will send diagnostic information and record any errors that it
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder encounters in processing requests. It is the first place to
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder look when a problem occurs with starting the server or with the
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder operation of the server, since it will often contain details of
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder what went wrong and how to fix it.</p>
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <p>The error log is usually written to a file (typically
11c3a215d5cf043181e83929f1ce214df65cb587Christian Maeder <code>error.log</code> on Windows and OS/2). On Unix systems it
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder is also possible to have the server send errors to
5fb6343a5a2b4bbc67bc83479c84a92d23d30edfChristian Maeder <code>syslog</code> or <a href="#piped">pipe them to a
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <p>The format of the error log is relatively free-form and
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder descriptive. But there is certain information that is contained
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder in most error log entries. For example, here is a typical
9d50556254571c0811e94b4d948463754812a5aaChristian Maeder [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1]
31a81edf1285dc338211bfe86ba50a1f4128d9d2Christian Maeder client denied by server configuration:
5dd895cd3d794ecd2f0035ee3a7b6d6bf2eac5efChristian Maeder <p>The first item in the log entry is the date and time of the
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder message. The second item lists the severity of the error being
e9cc16f13333a57c9c965bc0e02afadec32cfb8bChristian Maeder reported. The <directive module="core">LogLevel</directive>
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder directive is used to control the types of errors that are sent
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder to the error log by restricting the severity level. The third
232c13ff6847a6f2bac7163392f80ab692cd7774Christian Maeder item gives the IP address of the client that generated the
232c13ff6847a6f2bac7163392f80ab692cd7774Christian Maeder error. Beyond that is the message itself, which in this case
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder indicates that the server has been configured to deny the
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder client access. The server reports the file-system path (as
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder opposed to the web path) of the requested document.</p>
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder <p>A very wide variety of different messages can appear in the
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder error log. Most look similar to the example above. The error
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder log will also contain debugging output from CGI scripts. Any
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder information written to <code>stderr</code> by a CGI script will
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder be copied directly to the error log.</p>
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder <p>It is not possible to customize the error log by adding or
8e244bee2398d3ee0c90a2baf42f091606e28c96Christian Maeder removing information. However, error log entries dealing with
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder particular requests have corresponding entries in the <a
cc9f19b1fe81424205736fe0ae73620395b1bb74Simon Ulbricht href="#accesslog">access log</a>. For example, the above example
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht entry corresponds to an access log entry with status code 403.
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder Since it is possible to customize the access log, you can
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder obtain more information about error conditions using that log
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <p>During testing, it is often useful to continuously monitor
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder the error log for any problems. On Unix systems, you can
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder accomplish this using:</p>
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder tail -f error_log
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht </modulelist>
233754e153e665aa748bf8b45bd8b1938b6c21a7Christian Maeder <directivelist>
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder <directive module="mod_log_config">CustomLog</directive>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <directive module="mod_log_config">LogFormat</directive>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <directive module="mod_setenvif">SetEnvIf</directive>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht </directivelist>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <p>The server access log records all requests processed by the
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht server. The location and content of the access log are
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht controlled by the <directive module="mod_log_config">CustomLog</directive>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht directive. The <directive module="mod_log_config">LogFormat</directive>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht directive can be used to simplify the selection of
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht the contents of the logs. This section describes how to configure the server
5d93620c37abd9c665d3fe532d4852d62dff4233Christian Maeder to record information in the access log.</p>
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht <p>Of course, storing the information in the access log is only
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht the start of log management. The next step is to analyze this
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht information to produce useful statistics. Log analysis in
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht general is beyond the scope of this document, and not really
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder part of the job of the web server itself. For more information
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht about this topic, and for applications which perform log
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht analysis, check the <a
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_analysis/">
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht href="http://dir.yahoo.com/Computers_and_Internet/Software/Internet/World_Wide_Web/Servers/Log_Analysis_Tools/">
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <p>Various versions of Apache httpd have used other modules and
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht directives to control access logging, including
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht mod_log_referer, mod_log_agent, and the
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <code>TransferLog</code> directive. The <directive
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht module="mod_log_config">CustomLog</directive> directive now subsumes
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht the functionality of all the older directives.</p>
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht <p>The format of the access log is highly configurable. The format
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder is specified using a format string that looks much like a C-style
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht printf(1) format string. Some examples are presented in the next
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht sections. For a complete list of the possible contents of the
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht format string, see the <module>mod_log_config</module> <a
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht href="mod/mod_log_config.html#formats">format strings</a>.</p>
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht <p>A typical configuration for the access log might look as
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
4f820114168836fb05b720c429866baa5665690eChristian Maeder <p>This defines the <em>nickname</em> <code>common</code> and
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht associates it with a particular log format string. The format
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht string consists of percent directives, each of which tell the
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder server to log a particular piece of information. Literal
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder characters may also be placed in the format string and will be
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder copied directly into the log output. The quote character
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder (<code>"</code>) must be escaped by placing a backslash before
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder it to prevent it from being interpreted as the end of the
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder format string. The format string may also contain the special
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder control characters "<code>\n</code>" for new-line and
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder <p>The <directive module="mod_log_config">CustomLog</directive>
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder directive sets up a new log file using the defined
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <em>nickname</em>. The filename for the access log is relative to
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht the <directive module="core">ServerRoot</directive> unless it
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder begins with a slash.</p>
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder <p>The above configuration will write log entries in a format
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht known as the Common Log Format (CLF). This standard format can
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht be produced by many different web servers and read by many log
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder analysis programs. The log file entries produced in CLF will
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht look something like this:</p>
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder <p>Each part of this log entry is described below.</p>
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder <dt><code>127.0.0.1</code> (<code>%h</code>)</dt>
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder <dd>This is the IP address of the client (remote host) which
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder made the request to the server. If <directive
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder set to <code>On</code>, then the server will try to determine
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht the hostname and log it in place of the IP address. However,
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder this configuration is not recommended since it can
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder significantly slow the server. Instead, it is best to use a
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht log post-processor such as <program>logresolve</program> to determine
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht the hostnames. The IP address reported here is not
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht necessarily the address of the machine at which the user is
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht sitting. If a proxy server exists between the user and the
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht server, this address will be the address of the proxy, rather
562e30787355109feb0133ffea2ad86b6c143c26Simon Ulbricht than the originating machine.</dd>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <dd>The "hyphen" in the output indicates that the requested
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht piece of information is not available. In this case, the
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht information that is not available is the RFC 1413 identity of
e57d34b9f5eda12bce8e12229cf6f1c7fd9159a1Christian Maeder the client determined by <code>identd</code> on the clients
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder machine. This information is highly unreliable and should
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht almost never be used except on tightly controlled internal
7463a1bf64cfa90917e2afb6a5017ec411d2b3dbSimon Ulbricht networks. Apache httpd will not even attempt to determine
7f150d7930b47c297e184638ecd811b3656b0dadChristian Maeder this information unless <directive
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht module="core">IdentityCheck</directive> is set
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht <dt><code>frank</code> (<code>%u</code>)</dt>
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht <dd>This is the userid of the person requesting the document
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder as determined by HTTP authentication. The same value is
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder typically provided to CGI scripts in the
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht <code>REMOTE_USER</code> environment variable. If the status
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder code for the request (see below) is 401, then this value
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht should not be trusted because the user is not yet
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht authenticated. If the document is not password protected,
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht this part will be "<code>-</code>" just like the previous
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder <dt><code>[10/Oct/2000:13:55:36 -0700]</code>
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht The time that the request was received.
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder The format is:
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht <code>[day/month/year:hour:minute:second zone]<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder day = 2*digit<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder month = 3*letter<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder year = 4*digit<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder hour = 2*digit<br />
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder minute = 2*digit<br />
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht second = 2*digit<br />
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht zone = (`+' | `-') 4*digit</code>
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder <p>It is possible to have the time displayed in another format
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder by specifying <code>%{format}t</code> in the log format
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder string, where <code>format</code> is either as in
bc76266f6a06f30dc77341fb2898d7f5765ff05cChristian Maeder <code>strftime(3)</code> from the C standard library,
bc76266f6a06f30dc77341fb2898d7f5765ff05cChristian Maeder or one of the supported special tokens. For details see
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder href="mod/mod_log_config.html#formats">format strings</a>.</p>
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder <dt><code>"GET /apache_pb.gif HTTP/1.0"</code>
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder <dd>The request line from the client is given in double
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder quotes. The request line contains a great deal of useful
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder information. First, the method used by the client is
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder <code>GET</code>. Second, the client requested the resource
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder <code>/apache_pb.gif</code>, and third, the client used the
e24da6268aa5791c7efd44571cafc0e36bf568dbChristian Maeder protocol <code>HTTP/1.0</code>. It is also possible to log
e57d34b9f5eda12bce8e12229cf6f1c7fd9159a1Christian Maeder one or more parts of the request line independently. For
f1b9177fa86eee281ffe30e99b0e8abd89535f7eChristian Maeder example, the format string "<code>%m %U%q %H</code>" will log
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder the method, path, query-string, and protocol, resulting in
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder exactly the same output as "<code>%r</code>".</dd>
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder <dt><code>200</code> (<code>%>s</code>)</dt>
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <dd>This is the status code that the server sends back to the
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht client. This information is very valuable, because it reveals
2e2559f894aaa661b199e4fa00609f522bc5482aSimon Ulbricht whether the request resulted in a successful response (codes
2e2559f894aaa661b199e4fa00609f522bc5482aSimon Ulbricht beginning in 2), a redirection (codes beginning in 3), an
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht error caused by the client (codes beginning in 4), or an
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht error in the server (codes beginning in 5). The full list of
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht possible status codes can be found in the <a
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht href="http://www.w3.org/Protocols/rfc2616/rfc2616.txt">HTTP
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder specification</a> (RFC2616 section 10).</dd>
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht <dd>The last part indicates the size of the object returned
f6a562e28240e4f9107c199ba7a8e500ccfbfa55Simon Ulbricht to the client, not including the response headers. If no
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder content was returned to the client, this value will be
fdae29fce51a3b43f17e1cad0deb0f5381b9d3f6Christian Maeder "<code>-</code>". To log "<code>0</code>" for no content, use
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <p>Another commonly used format string is called the Combined
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder Log Format. It can be used as follows.</p>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder \"%{User-agent}i\"" combined<br />
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht <p>This format is exactly the same as the Common Log Format,
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht with the addition of two more fields. Each of the additional
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder fields uses the percent-directive
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder <code>%{<em>header</em>}i</code>, where <em>header</em> can be
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder any HTTP request header. The access log under this format will
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder look like:</p>
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder "http://www.example.com/start.html" "Mozilla/4.08 [en]
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht (Win98; I ;Nav)"
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht <dt><code>"http://www.example.com/start.html"</code>
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder <dd>The "Referer" (sic) HTTP request header. This gives the
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder site that the client reports having been referred from. (This
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder should be the page that links to or includes
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder <dt><code>"Mozilla/4.08 [en] (Win98; I ;Nav)"</code>
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder <dd>The User-Agent HTTP request header. This is the
0bbc28585c7d42913167ff78a862ef25ea59e85eChristian Maeder identifying information that the client browser reports about
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder <p>Multiple access logs can be created simply by specifying
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder multiple <directive module="mod_log_config">CustomLog</directive>
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder directives in the configuration
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder file. For example, the following directives will create three
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder access logs. The first contains the basic CLF information,
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder while the second and third contain referer and browser
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder information. The last two <directive
8d2321e17a34951fbd52f68e9f9f148f0890e471Christian Maeder module="mod_log_config">CustomLog</directive> lines show how
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder to mimic the effects of the <code>ReferLog</code> and <code
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
f3fb0e085030be5bc309d946a6a9c20736dd3e0fSimon Ulbricht CustomLog logs/referer_log "%{Referer}i -> %U"<br />
f3fb0e085030be5bc309d946a6a9c20736dd3e0fSimon Ulbricht <p>This example also shows that it is not necessary to define a
116efc752fbf094a464c4f4940d9a450ab41c6c9Simon Ulbricht nickname with the <directive
31a81edf1285dc338211bfe86ba50a1f4128d9d2Christian Maeder module="mod_log_config">LogFormat</directive> directive. Instead,
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder the log format can be specified directly in the <directive
31a81edf1285dc338211bfe86ba50a1f4128d9d2Christian Maeder module="mod_log_config">CustomLog</directive> directive.</p>
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder <p>There are times when it is convenient to exclude certain
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder entries from the access logs based on characteristics of the
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder client request. This is easily accomplished with the help of <a
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder href="env.html">environment variables</a>. First, an
e98c3d3efab62d97ebdeed52f4109d961f6432aaChristian Maeder environment variable must be set to indicate that the request
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder meets certain conditions. This is usually accomplished with
e98c3d3efab62d97ebdeed52f4109d961f6432aaChristian Maeder <directive module="mod_setenvif">SetEnvIf</directive>. Then the
dbce18afddbe9b055be0e37f51e00d00d519b1cdChristian Maeder module="mod_log_config">CustomLog</directive> directive is used to
dbce18afddbe9b055be0e37f51e00d00d519b1cdChristian Maeder include or exclude requests where the environment variable is
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder set. Some examples:</p>
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder # Mark requests from the loop-back interface<br />
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />
fd94a6f66ccb5cef99aa42069b61e4b8734dbd3fChristian Maeder # Mark requests for the robots.txt file<br />
ea5ccb1c6e89486a54e1f4bd95840147e96093edChristian Maeder SetEnvIf Request_URI "^/robots\.txt$" dontlog<br />
bd90cf050d470eb42f6e0b79327cc53bd0f80dc9Christian Maeder # Log what remains<br />
bd90cf050d470eb42f6e0b79327cc53bd0f80dc9Christian Maeder CustomLog logs/access_log common env=!dontlog
de8eee2014437ec4020be15cd363257f87e79943Christian Maeder <p>As another example, consider logging requests from
de8eee2014437ec4020be15cd363257f87e79943Christian Maeder english-speakers to one log file, and non-english speakers to a
bd90cf050d470eb42f6e0b79327cc53bd0f80dc9Christian Maeder different log file.</p>
de8eee2014437ec4020be15cd363257f87e79943Christian Maeder SetEnvIf Accept-Language "en" english<br />
78c294da55788b25e175180168371c9536a6d440Christian Maeder CustomLog logs/english_log common env=english<br />
bd90cf050d470eb42f6e0b79327cc53bd0f80dc9Christian Maeder CustomLog logs/non_english_log common env=!english
5a448e9be8c4482a978b174b744237757335140fChristian Maeder <p>In a caching scenario one would want to know about
bd90cf050d470eb42f6e0b79327cc53bd0f80dc9Christian Maeder the efficiency of the cache. A very simple method to
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder find this out would be:</p>
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder SetEnv CACHE_MISS 1<br />
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder LogFormat "%h %l %u %t "%r " %>s %b %{CACHE_MISS}e" common-cache<br />
142fd5dd7fcfa170f08b2a0ab232859428f6e3c2Christian Maeder <p><module>mod_cache</module> will run before
142fd5dd7fcfa170f08b2a0ab232859428f6e3c2Christian Maeder <module>mod_env</module> and when successfull will deliver the
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder content without it. In that case a cache hit will log
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder <code>-</code>, while a cache miss will log <code>1</code>.</p>
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder <p>Although we have just shown that conditional logging is very
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder powerful and flexible, it is not the only way to control the
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder contents of the logs. Log files are more useful when they
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder contain a complete record of server activity. It is often
3e87e1dc85fa76cc6eaeb8eafbc0bea77af939f4Christian Maeder easier to simply post-process the log files to remove requests
3f08b178a44369b618a5e0b5f1fc2207fe043aabChristian Maeder that you do not want to consider.</p>
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder <p>On even a moderately busy server, the quantity of
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder information stored in the log files is very large. The access
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder log file typically grows 1 MB or more per 10,000 requests. It
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder will consequently be necessary to periodically rotate the log
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder files by moving or deleting the existing logs. This cannot be
e98c3d3efab62d97ebdeed52f4109d961f6432aaChristian Maeder done while the server is running, because Apache httpd will continue
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder writing to the old log file as long as it holds the file open.
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder Instead, the server must be <a
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder href="stopping.html">restarted</a> after the log files are
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder moved or deleted so that it will open new log files.</p>
59fa2ed5a4936e7e56f7164d8a274df68dd4160cSimon Ulbricht <p>By using a <em>graceful</em> restart, the server can be
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder instructed to open new log files without losing any existing or
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder pending connections from clients. However, in order to
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder accomplish this, the server must continue to write to the old
ef1c24c8229ade3ac872febebd18c181e32fb9c4Christian Maeder log files while it finishes serving old requests. It is
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder therefore necessary to wait for some time after the restart
016b8f06b709deef8c24b3d6c59f085857a166d4Christian Maeder before doing any processing on the log files. A typical
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder scenario that simply rotates the logs and compresses the old
e98c3d3efab62d97ebdeed52f4109d961f6432aaChristian Maeder logs to save space is:</p>
4ed68712ee368cbebfeaa327968583cb022e3c72Christian Maeder apachectl graceful<br />
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder sleep 600<br />
4d54e7814b18ce142359c92a5868e6dcff9219b5Christian Maeder <p>Another way to perform log rotation is using <a
7be1485dfcaa5decb3586d194ff4b2443668e349Simon Ulbricht href="#piped">piped logs</a> as discussed in the next
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder <p>Apache httpd is capable of writing error and access log
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder files through a pipe to another process, rather than directly
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder to a file. This capability dramatically increases the
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder flexibility of logging, without adding code to the main server.
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder In order to write logs to a pipe, simply replace the filename
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder with the pipe character "<code>|</code>", followed by the name
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder of the executable which should accept log entries on its
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder standard input. The server will start the piped-log process when
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder the server starts, and will restart it if it crashes while the
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder server is running. (This last feature is why we can refer to
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder this technique as "reliable piped logging".)</p>
7a3e20d1b7fe1b0e47c0b9138716b0bbc8ecf1f6Christian Maeder <p>Piped log processes are spawned by the parent Apache httpd
7a3e20d1b7fe1b0e47c0b9138716b0bbc8ecf1f6Christian Maeder process, and inherit the userid of that process. This means
7a3e20d1b7fe1b0e47c0b9138716b0bbc8ecf1f6Christian Maeder that piped log programs usually run as root. It is therefore
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder very important to keep the programs simple and secure.</p>
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder <p>One important use of piped logs is to allow log rotation
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder without having to restart the server. The Apache HTTP Server
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder includes a simple program called <program>rotatelogs</program>
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder for this purpose. For example, to rotate the logs every 24 hours, you
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder CustomLog "|/usr/local/apache/bin/rotatelogs
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder <p>Notice that quotes are used to enclose the entire command
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder that will be called for the pipe. Although these examples are
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder for the access log, the same technique can be used for the
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder error log.</p>
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder <p>A similar but much more flexible log rotation program
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder called <a href="http://www.cronolog.org/">cronolog</a>
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder is available at an external site.</p>
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder <p>As with conditional logging, piped logs are a very powerful
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder tool, but they should not be used where a simpler solution like
f675b8f0a612e37472640da57b48d795bef4427eChristian Maeder off-line post-processing is available.</p>
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder <p>When running a server with many <a href="vhosts/">virtual
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder hosts</a>, there are several options for dealing with log
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder files. First, it is possible to use logs exactly as in a
05c714be15ce094d83f1b989cdf5236be78419bfSimon Ulbricht single-host server. Simply by placing the logging directives
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder type="section">VirtualHost</directive> sections in the
cc9f19b1fe81424205736fe0ae73620395b1bb74Simon Ulbricht main server context, it is possible to log all requests in the
9cdf614df292d5984d9ffa69755e7e039f328116Christian Maeder same access log and error log. This technique does not allow
e4a035578fa9d1911eee097e2ed9a998c90c7805Christian Maeder for easy collection of statistics on individual virtual
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder <p>If <directive module="mod_log_config">CustomLog</directive>
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder or <directive module="core">ErrorLog</directive>
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder directives are placed inside a
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder <directive module="core" type="section">VirtualHost</directive>
233754e153e665aa748bf8b45bd8b1938b6c21a7Christian Maeder section, all requests or errors for that virtual host will be
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder logged only to the specified file. Any virtual host which does
cc9f19b1fe81424205736fe0ae73620395b1bb74Simon Ulbricht not have logging directives will still have its requests sent
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder to the main server logs. This technique is very useful for a
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder small number of virtual hosts, but if the number of hosts is
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht very large, it can be complicated to manage. In addition, it
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht can often create problems with <a
11c3a215d5cf043181e83929f1ce214df65cb587Christian Maeder href="vhosts/fd-limits.html">insufficient file
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <p>For the access log, there is a very good compromise. By
029d127079d24fa541e0bbba0133bc273268dd4eSimon Ulbricht adding information on the virtual host to the log format
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder string, it is possible to log all hosts to the same log, and
d864f0a0e04e61b5f87963496765eafcf646ed7bChristian Maeder later split the log into individual files. For example,
4d54e7814b18ce142359c92a5868e6dcff9219b5Christian Maeder consider the following directives.</p>
a07a6a1143844a6f061a49aefc550e3bdd28f331Christian Maeder LogFormat "%v %l %u %t \"%r\" %>s %b"
a07a6a1143844a6f061a49aefc550e3bdd28f331Christian Maeder comonvhost<br />
eb24ac2f4701c8e012acf1bb8f686baa5422bb5aChristian Maeder <p>The <code>%v</code> is used to log the name of the virtual
10eaa95e20c860acbfbecd6cf07e3ae0bf7b55cbSimon Ulbricht host that is serving the request. Then a program like <a
465c6b72e8e480969b5f08658e394992bcc08bfcSimon Ulbricht href="programs/other.html">split-logfile</a> can be used to
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder post-process the access log in order to split it into one file
6a88f8edd881afaf4b865b01bfbb4faaf0e7a3c9Simon Ulbricht per virtual host.</p>
8ca6b0820806f62042d84a1fff11599db55591c4Christian Maeder </modulelist>
029d127079d24fa541e0bbba0133bc273268dd4eSimon Ulbricht <directivelist>
029d127079d24fa541e0bbba0133bc273268dd4eSimon Ulbricht <directive module="mod_log_config">LogFormat</directive>
7c661ba558707feaa5d8a299365c2191e1afabb2Christian Maeder <directive module="mod_log_forensic">ForensicLog</directive>
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <directive module="mpm_common">PidFile</directive>
5bedf8c26d27eac08962c78379bcb2e5cb529036Christian Maeder <directive module="mod_rewrite">RewriteLog</directive>
dbce18afddbe9b055be0e37f51e00d00d519b1cdChristian Maeder <directive module="mod_rewrite">RewriteLogLevel</directive>
23ee432f8fe96e07f2523ca7c4bda9bcce1ea6f0Simon Ulbricht <directive module="mod_cgi">ScriptLog</directive>
23ee432f8fe96e07f2523ca7c4bda9bcce1ea6f0Simon Ulbricht <directive module="mod_cgi">ScriptLogBuffer</directive>
23ee432f8fe96e07f2523ca7c4bda9bcce1ea6f0Simon Ulbricht <directive module="mod_cgi">ScriptLogLength</directive>
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder </directivelist>
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder <title>Logging actual bytes sent and received</title>
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder <p><module>mod_logio</module> adds in two additional
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder <directive module="mod_log_config">LogFormat</directive> fields
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder (%I and %O) that log the actual number of bytes received and sent
43d8d7472d3a0a78d9a2c85122815a81deb8689aChristian Maeder on the network.</p>
92ae4d5885ea837ffe3dae9b2de742f871229b94Christian Maeder <p><module>mod_log_forensic</module> provides for forensic logging of
486db0a875bcdd0b80cf0d447d14c9c00a92ae94Simon Ulbricht client requests. Logging is done before and after processing a
486db0a875bcdd0b80cf0d447d14c9c00a92ae94Simon Ulbricht request, so the forensic log contains two log lines for each
be1ce1c2b2819ef32743136c13101f1927375311Christian Maeder request. The forensic logger is very strict with no customizations.
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder It can be an invaluable debugging and security tool.</p>
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder <p>On startup, Apache httpd saves the process id of the parent
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder httpd process to the file <code>logs/httpd.pid</code>. This
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder filename can be changed with the <directive
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder module="mpm_common">PidFile</directive> directive. The
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder process-id is for use by the administrator in restarting and
5a89ec196dfd3e342f6d4ef3a318bc9992190bbaChristian Maeder terminating the daemon by sending signals to the parent
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder process; on Windows, use the -k command line option instead.
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder For more information see the <a href="stopping.html">Stopping
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder <p>In order to aid in debugging, the
5727dbcb926ede2e7b05f43685476ce656ce01e4Christian Maeder <directive module="mod_cgi">ScriptLog</directive> directive
e80bbb632bd22010c079852e652d843a15bb133dChristian Maeder allows you to record the input to and output from CGI scripts.
92b34c379207fb8752258be174cb8ef4162dc865Simon Ulbricht This should only be used in testing - not for live servers.
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder More information is available in the <a
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder href="mod/mod_cgi.html">mod_cgi</a> documentation.</p>
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder <p>When using the powerful and complex features of <a
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder href="mod/mod_rewrite.html">mod_rewrite</a>, it is almost
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder always necessary to use the <directive
df67ddf64192bfcae6ece65255ad796a17cbe532Christian Maeder module="mod_rewrite">RewriteLog</directive> to help
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder in debugging. This log file produces a detailed analysis of how
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder the rewriting engine transforms requests. The level of detail
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder is controlled by the <directive
29d783ee57c3d959b74fea330bb21ff7e5b8e185Christian Maeder module="mod_rewrite">RewriteLogLevel</directive> directive.</p>