<
td>The contents of cookie <
var>VARNAME</
var> in the request sent
to the server. Only version 0 cookies are fully supported.</
td></
tr>
<
tr><
td><
code>%D</
code></
td>
<
td>The time taken to serve the request, in microseconds.</
td></
tr>
<
tr><
td><
code>%{<
var>VARNAME</
var>}e</
code></
td>
<
td>The contents of the environment variable
<
var>VARNAME</
var>.</
td></
tr>
<
tr><
td><
code>%f</
code></
td>
<
tr><
td><
code>%h</
code></
td>
<
td>Remote hostname. Will log the IP address if <
directive module="core">HostnameLookups</
directive> is set to
<
code>Off</
code>, which is the default. If it logs the hostname
for only a few hosts, you probably have access control
directives mentioning them by name. See <
a documentation</
a>.</
td></
tr>
<
tr><
td><
code>%H</
code></
td>
<
td>The request protocol.</
td></
tr>
<
tr><
td><
code>%{<
var>VARNAME</
var>}i</
code></
td>
<
td>The contents of <
code><
var>VARNAME</
var>:</
code> header line(s)
in the request sent to the server. Changes made by other
modules (
e.g. <
module>mod_headers</
module>) affect this.
<
tr><
td><
code>%k</
code></
td>
<
td>Number of keepalive requests handled on this connection. Interesting if
<
directive module="core">KeepAlive</
directive> is being used, so that,
for example, a '1' means the first keepalive request after the initial
one, '2' the second, etc...;
otherwise this is always 0 (indicating the initial request).</
td></
tr>
<
tr><
td><
code>%l</
code></
td>
<
td>Remote logname (from identd, if supplied). This will return a
dash unless <
module>mod_ident</
module> is present and <
directive module="mod_ident">IdentityCheck</
directive> is set
<
code>On</
code>.</
td></
tr>
<
tr><
td><
code>%L</
code></
td>
<
td>The request log ID from the error log (or '-' if nothing has been
logged to the error log for this request). Look for the
matching error log line to see what request caused what error.</
td></
tr>
<
tr><
td><
code>%m</
code></
td>
<
td>The request method.</
td></
tr>
<
tr><
td><
code>%{<
var>VARNAME</
var>}n</
code></
td>
<
td>The contents of note <
var>VARNAME</
var> from another
<
tr><
td><
code>%{<
var>VARNAME</
var>}o</
code></
td>
<
td>The contents of <
code><
var>VARNAME</
var>:</
code> header line(s)
<
tr><
td><
code>%p</
code></
td>
<
td>The canonical port of the server serving the request.</
td></
tr>
<
tr><
td><
code>%{<
var>format</
var>}p</
code></
td>
<
td>The canonical port of the server serving the request, or the
server's actual port, or the client's actual port. Valid formats
are <
code>canonical</
code>, <
code>local</
code>, or <
code>remote</
code>.
<
tr><
td><
code>%P</
code></
td>
<
td>The process ID of the child that serviced the request.</
td></
tr>
<
tr><
td><
code>%{<
var>format</
var>}P</
code></
td>
<
td>The process ID or thread ID of the child that serviced the
request. Valid formats are <
code>pid</
code>, <
code>tid</
code>,
and <
code>hextid</
code>. <
code>hextid</
code> requires APR 1.2.0 or
<
tr><
td><
code>%q</
code></
td>
<
td>The query string (prepended with a <
code>?</
code> if a query
string exists, otherwise an empty string).</
td></
tr>
<
tr><
td><
code>%r</
code></
td>
<
td>First line of request.</
td></
tr>
<
tr><
td><
code>%R</
code></
td>
<
td>The handler generating the response (if any).</
td></
tr>
<
tr><
td><
code>%s</
code></
td>
<
td>Status. For requests that have been internally redirected, this is
the status of the <
em>original</
em> request. Use <
code>%>s</
code>
for the final status.</
td></
tr>
<
tr><
td><
code>%t</
code></
td>
<
td>Time the request was received, in the format <
code>[
18/
Sep/
2011:19:18:28 -0400]</
code>.
The last number indicates the timezone offset from GMT</
td></
tr>
<
tr><
td><
code>%{<
var>format</
var>}t</
code></
td>
<
td>The time, in the form given by format, which should be in
an extended <
code>strftime(3)</
code> format (potentially localized).
If the format starts with <
code>begin:</
code> (default) the time is taken
at the beginning of the request processing. If it starts with
<
code>end:</
code> it is the time when the log entry gets written,
close to the end of the request processing. In addition to the formats
supported by <
code>strftime(3)</
code>, the following format tokens are
<
tr><
td><
code>sec</
code></
td><
td>number of seconds since the Epoch</
td></
tr>
<
tr><
td><
code>msec</
code></
td><
td>number of milliseconds since the Epoch</
td></
tr>
<
tr><
td><
code>usec</
code></
td><
td>number of microseconds since the Epoch</
td></
tr>
<
tr><
td><
code>msec_frac</
code></
td><
td>millisecond fraction</
td></
tr>
<
tr><
td><
code>usec_frac</
code></
td><
td>microsecond fraction</
td></
tr>
These tokens can not be combined with each other or <
code>strftime(3)</
code>
formatting in the same format string. You can use multiple
<
code>%{<
var>format</
var>}t</
code> tokens instead.
<
tr><
td><
code>%T</
code></
td>
<
td>The time taken to serve the request, in seconds.</
td></
tr>
<
tr><
td><
code>%u</
code></
td>
<
td>Remote user if the request was authenticated. May be bogus if return status
(<
code>%s</
code>) is 401 (unauthorized).</
td></
tr>
<
tr><
td><
code>%U</
code></
td>
<
td>The URL path requested, not including any query string.</
td></
tr>
<
tr><
td><
code>%v</
code></
td>
<
td>The canonical <
directive module="core">ServerName</
directive>
of the server serving the request.</
td></
tr>
<
tr><
td><
code>%V</
code></
td>
<
td>The server name according to the <
directive module="core" >UseCanonicalName</
directive> setting.</
td></
tr>
<
tr><
td><
code>%X</
code></
td>
<
td>Connection status when response is completed:
<
columnspec><
column width=".2"/><
column width=".6"/></
columnspec>
<
tr><
td><
code>X</
code> =</
td>
<
td>Connection aborted before the response completed.</
td></
tr>
<
tr><
td><
code>+</
code> =</
td>
<
td>Connection may be kept alive after the response is
<
tr><
td><
code>-</
code> = </
td>
<
td>Connection will be closed after the response is
<
tr><
td><
code>%I</
code></
td>
<
td>Bytes received, including request and headers. Cannot be zero.
You need to enable <
module>mod_logio</
module> to use this.</
td></
tr>
<
tr><
td><
code>%O</
code></
td>
<
td>Bytes sent, including headers. Cannot be zero. You need to
enable <
module>mod_logio</
module> to use this.</
td></
tr>
<
section id="modifiers"><
title>Modifiers</
title>
<
p>Particular items can be restricted to print only for
responses with specific HTTP status codes by placing a
comma-separated list of status codes immediately following the
"%". The status code list may be peceded by a "<
code>!</
code>" to
<
table border="1" style="zebra">
<
columnspec><
column width=".2"/><
column width=".8"/></
columnspec>
<
tr><
th>Format String</
th>
<
td><
code>%400,501{User-agent}i</
code></
td>
<
td>Logs <
code>User-agent</
code> on 400 errors and 501 errors only. For
other status codes, the literal string <
code>"-"</
code> will be
<
tr><
td><
code>%!200,304,302{Referer}i</
code></
td>
<
td>Logs <
code>Referer</
code> on all requests that do
<
em>not</
em> return one of the three specified codes,
"<
code>-</
code>" otherwise.
<
p>The modifiers "<" and ">" can be used for requests that
have been internally redirected to choose whether the original
or final (respectively) request should be consulted. By
default, the <
code>%</
code> directives <
code>%s, %U, %T,
%D,</
code> and <
code>%r</
code> look at the original request
while all others look at the final request. So for example,
<
code>%>s</
code> can be used to record the final status of
the request and <
code>%<u</
code> can be used to record the
original authenticated user on a request that is internally
redirected to an unauthenticated resource.</
p>
<
section id="format-notes"><
title>Format Notes</
title>
<
p>For security reasons, starting with version 2.0.46,
non-printable and other special characters in <
code>%r</
code>,
<
code>%i</
code> and <
code>%o</
code> are escaped using
<
code>\x<
var>hh</
var></
code> sequences, where <
var>hh</
var>
stands for the hexadecimal representation of the raw
byte. Exceptions from this rule are <
code>"</
code> and
<
code>\</
code>, which are escaped by prepending a backslash, and
all whitespace characters, which are written in their C-style
notation (<
code>\n</
code>, <
code>\t</
code>, etc). In versions
prior to 2.0.46, no escaping was performed on these strings so
you had to be quite careful when dealing with raw log files.</
p>
<
p>In httpd 2.0, unlike 1.3, the <
code>%b</
code> and
<
code>%B</
code> format strings do not represent the number of
bytes sent to the client, but simply the size in bytes of the
HTTP response (which will differ, for instance, if the
connection is aborted, or if SSL is used). The <
code>%O</
code>
format provided by <
module>mod_logio</
module> will log the
actual number of bytes sent over the network.</
p>
<
p>Note: <
module>mod_cache</
module> is implemented as a
quick-handler and not as a standard handler. Therefore, the
<
code>%R</
code> format string will not return any handler
information when content caching is involved.</
p>
<
section id="examples"><
title>Examples</
title>
<
p>Some commonly used log format strings are:</
p>
<
dt>Common Log Format (CLF)</
dt>
<
dd><
code>"%h %l %u %t \"%r\" %>s %b"</
code></
dd>
<
dt>Common Log Format with Virtual Host</
dt>
<
dd><
code>"%v %h %l %u %t \"%r\" %>s %b"</
code></
dd>
<
dd><
code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""</
code></
dd>
<
dt>Referer log format</
dt>
<
dd><
code>"%{Referer}i -> %U"</
code></
dd>
<
dt>Agent (Browser) log format</
dt>
<
dd><
code>"%{User-agent}i"</
code></
dd>
<
p>You can use the <
code>%{format}t</
code> directive multiple
times to build up a time format using the extended format tokens
like <
code>msec_frac</
code>:</
p>
<
dt>Timestamp including milliseconds</
dt>
<
dd><
code>"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"</
code></
dd>
<
section id="security"><
title>Security Considerations</
title>
document for details on why your security could be compromised
if the directory where logfiles are stored is writable by
anyone other than the user that starts the server.</
p>
<
name>BufferedLogs</
name>
<
description>Buffer log entries in memory before writing to disk</
description>
<
syntax>BufferedLogs On|Off</
syntax>
<
default>BufferedLogs Off</
default>
<
contextlist><
context>server config</
context></
contextlist>
<
compatibility>Available in versions 2.0.41 and later.</
compatibility>
<
p>The <
directive>BufferedLogs</
directive> directive causes
<
module>mod_log_config</
module> to store several log entries in
memory and write them together to disk, rather than writing them
after each request. On some systems, this may result in more
efficient disk access and hence higher performance. It may be
set only once for the entire server; it cannot be configured
<
note>This directive should be used with caution as a crash might
cause loss of logging data.</
note>
<
description>Sets filename and format of log file</
description>
<
syntax>CustomLog <
var>file</
var>|<
var>pipe</
var>
<
var>format</
var>|<
var>nickname</
var>
[env=[!]<
var>environment-variable</
var>|
expr=<
var>expression</
var>]</
syntax>
<
contextlist><
context>server config</
context><
context>virtual host</
context>
<
p>The <
directive>CustomLog</
directive> directive is used to
log requests to the server. A log format is specified, and the
logging can optionally be made conditional on request
characteristics using environment variables.</
p>
<
p>The first argument, which specifies the location to which
the logs will be written, can take one of the following two
<
dd>A filename, relative to the <
directive module="core" >ServerRoot</
directive>.</
dd>
<
dd>The pipe character "<
code>|</
code>", followed by the path
to a program to receive the log information on its standard
input. See the notes on <
a href="/logs.html#piped">piped logs</
a>
<
note type="warning"><
title>Security:</
title>
<
p>If a program is used, then it will be run as the user who
started <
program>httpd</
program>. This will be root if the server was
started by root; be sure that the program is secure.</
p>
<
note type="warning"><
title>Note</
title>
<
p>When entering a file path on non-Unix platforms, care should be taken
to make sure that only forward slashed are used even though the platform
may allow the use of back slashes. In general it is a good idea to always
use forward slashes throughout the configuration files.</
p>
<
p>The second argument specifies what will be written to the
log file. It can specify either a <
var>nickname</
var> defined by
a previous <
directive module="mod_log_config">LogFormat</
directive>
directive, or it can be an explicit <
var>format</
var> string as
described in the <
a href="#formats">log formats</
a> section.</
p>
<
p>For example, the following two sets of directives have
exactly the same effect:</
p>
# CustomLog with format nickname<
br />
LogFormat "%h %l %u %t \"%r\" %>s %b" common<
br />
# CustomLog with explicit format string<
br />
<
p>The third argument is optional and controls whether or
not to log a particular request. The condition can be the
presence or absence (in the case of a '<
code>env=!<
var>name</
var></
code>'
clause) of a particular variable in the server
<
a href="/env.html">environment</
a>. Alternatively, the condition
can be expressed as arbitrary boolean <
a href="/expr.html" >expression</
a>. If the condition is not satisfied, the request
<
p>Environment variables can be set on a per-request
basis using the <
module>mod_setenvif</
module>
and/
or <
module>mod_rewrite</
module> modules. For
example, if you want to record requests for all GIF
images on your server in a separate logfile but not in your main
SetEnvIf Request_URI \.gif$ gif-image<
br />
<
p>Or, to reproduce the behavior of the old RefererIgnore
directive, you might use the following:</
p>
SetEnvIf Referer example\.com localreferer<
br />
<
description>Describes a format for use in a log file</
description>
<
syntax>LogFormat <
var>format</
var>|<
var>nickname</
var>
[<
var>nickname</
var>]</
syntax>
<
default>LogFormat "%h %l %u %t \"%r\" %>s %b"</
default>
<
contextlist><
context>server config</
context><
context>virtual host</
context>
<
p>This directive specifies the format of the access log
<
p>The <
directive>LogFormat</
directive> directive can take one of two
forms. In the first form, where only one argument is specified,
this directive sets the log format which will be used by logs
specified in subsequent <
directive>TransferLog</
directive>
directives. The single argument can specify an explicit
<
var>format</
var> as discussed in the <
a href="#formats">custom log
formats</
a> section above. Alternatively, it can use a
<
var>nickname</
var> to refer to a log format defined in a
previous <
directive>LogFormat</
directive> directive as described
<
p>The second form of the <
directive>LogFormat</
directive>
directive associates an explicit <
var>format</
var> with a
<
var>nickname</
var>. This <
var>nickname</
var> can then be used in
subsequent <
directive>LogFormat</
directive> or
<
directive module="mod_log_config">CustomLog</
directive> directives
rather than repeating the entire format string. A
<
directive>LogFormat</
directive> directive that defines a nickname
<
strong>does nothing else</
strong> -- that is, it <
em>only</
em>
defines the nickname, it doesn't actually apply the format and make
it the default. Therefore, it will not affect subsequent
<
directive module="mod_log_config">TransferLog</
directive> directives.
In addition, <
directive>LogFormat</
directive> cannot use one nickname
to define another nickname. Note that the nickname should not contain
percent signs (<
code>%</
code>).</
p>
<
example><
title>Example</
title>
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
<
description>Specify location of a log file</
description>
<
syntax>TransferLog <
var>file</
var>|<
var>pipe</
var></
syntax>
<
contextlist><
context>server config</
context><
context>virtual host</
context>
<
p>This directive has exactly the same arguments and effect as
the <
directive module="mod_log_config">CustomLog</
directive>
directive, with the exception that it does not allow the log format
to be specified explicitly or for conditional logging of requests.
Instead, the log format is determined by the most recently specified
<
directive module="mod_log_config">LogFormat</
directive> directive
which does not define a nickname. Common Log Format is used if no
other format has been specified.</
p>
<
example><
title>Example</
title>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<
br />