Apache HTTP Server Version 1.3

Module mod_log_config

This module is contained in the mod_log_config.c file,and is compiled in by default in Apache 1.2. mod_log_config replacesmod_log_common in Apache 1.2. Prior to version 1.2, mod_log_config wasan optional module. It provides for logging of the requests made tothe server, using the Common Log Format or a user-specified format.

Summary

Three directives are provided by this module: TransferLogto create a log file, LogFormat to set a custom format,and CustomLog to define a log file and format in one go.The TransferLog and CustomLog directives canbe used multiple times in each server to cause each request to belogged to multiple files.

Compatibility notes

This module is based on mod_log_config distributed withprevious Apache releases, now updated to handle multiple logs.There is now no need to re-configure Apache to use configuration logformats.
The module also implements the CookieLog directive,used to log user-tracking information created by mod_usertrackERROR MSG. The use ofCookieLogERROR MSG is deprecated, and a CustomLogshould be defined to log user-tracking information instead.

Log File Formats

Unless told otherwise with LogFormat the log files created byTransferLog will be in standard "Common Log Format"(CLF). The contents of each line in a CLF file are explainedbelow. Alternatively, the log file can be customized (and if multiplelog files are used, each can have a different format). Custom formatsare set with LogFormat and CustomLog.

Common Log Format

The Common Log Format (CLF) file contains a separate line for eachrequest. A line is composed of several tokens separated by spaces:

host ident authuser date request status bytes

If a token does not have a value then it is represented by a hyphen (-).The meanings and values of these tokens are as follows:

host

The fully-qualified domain name of the client, or its IP number if thename is not available.

ident

If IdentityCheck is enabled and theclient machine runs identd, then this is the identity information reportedby the client.

authuser

If the request was for an password protected document, then this isthe userid used in the request.

date

The date and time of the request, in the following format:

date = [day/month/year:hour:minute:second zone] day = 2*digit month = 3*letter year = 4*digit hour = 2*digit minute = 2*digit second = 2*digit zone = (`+' | `-') 4*digit

request

The request line from the client, enclosed in double quotes(").

status

The three digit status code returned to the client.

bytes

The number of bytes in the object returned to the client, not includingany headers.

Custom Log Formats

The format argument to the LogFormat andCustomLog is a string. This string is logged to the logfile for each request. It can contain literal characters copied intothe log files, and `%' directives which are replaced in the log fileby the values as follows:

%...b:          Bytes sent, excluding HTTP headers.%...f:          Filename%...{FOOBAR}e:  The contents of the environment variable FOOBAR%...h:          Remote host%...a:          Remote IP-address%...{Foobar}i:  The contents of Foobar: header line(s) in the request                sent to the server.%...l:          Remote logname (from identd, if supplied)%...{Foobar}n:  The contents of note "Foobar" from another module.%...{Foobar}o:  The contents of Foobar: header line(s) in the reply.%...p:          The canonical Port of the server serving the request%...P:          The process ID of the child that serviced the request.%...r:          First line of request%...s:          Status.  For requests that got internally redirected, this                is status of the *original* request --- %...>s for the last.%...t:          Time, in common log format time format%...{format}t:  The time, in the form given by format, which should                be in strftime(3) format.%...T:          The time taken to serve the request, in seconds.%...u:          Remote user (from auth; may be bogus if return status (%s) is 401)%...U:          The URL path requested.%...v:          The canonical ServerName of the server serving the request.

The `...' can be nothing at all (e.g., "%h %u %r %s %b"), or it canindicate conditions for inclusion of the item (which will cause itto be replaced with `-' if the condition is not met). Note thatthere is no escaping performed on the strings from %r, %...i and%...o; some with long memories may remember that I thought this wasa bad idea, once upon a time, and I'm still not comfortable withit, but it is difficult to see how to `do the right thing' with allof `%..i', unless we URL-escape everything and break with CLF.

The forms of condition are a list of HTTP status codes, which mayor may not be preceded by `!'. Thus, `%400,501{User-agent}i' logsUser-agent: on 400 errors and 501 errors (Bad Request, NotImplemented) only; `%!200,304,302{Referer}i' logs Referer: on allrequests which did not return some sort of normal status.

Note that the common log format is defined by the string "%h %l%u %t \"%r\" %s %b", which can be used as the basis forextending for format if desired (e.g., to add extra fields at the end).NCSA's extended/combined log format would be "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"".

Note that the canonical ServerNameand Port of the server serving the requestare used for %v and %p respectively. Thishappens regardless of theUseCanonicalName setting becauseotherwise log analysis programs would have to duplicate the entirevhost matching algorithm in order to decide what host really servedthe request.

Using Multiple Log Files

The TransferLog and CustomLog directives canbe given more than once to log requests to multiple log files. Eachrequest will be logged to all the log files defined by either of thesedirectives.

Use with Virtual Hosts

hotel rooms CopenhagenIf a <VirtualHost> section does not contain anyTransferLog or CustomLog directives, thelogs defined for the main server will be used. If it doescontain one or more of these directives, requests serviced bythis virtual host will only be logged in the log files definedwithin its definition, not in any of the main server's log files.See the examples below.

Security Considerations

See the security tipsdocument for details on why your security could be compromised if thedirectory where logfiles are stored is writable by anyone other thanthe user that starts the server.

Directives

CookieLog

Syntax: CookieLog filename
Context: server config, virtual host
Module: mod_cookies
Compatibility: Only available in Apache 1.2 and above

The CookieLog directive sets the filename for logging of cookies.The filename is relative to the ServerRoot. This directive is includedonly for compatibility with mod_cookies, and is deprecated.

CustomLog

Syntax: CustomLog file-pipe format-or-nickname
Context: server config, virtual host
Status: Base
Compatibility: Nickname only available in Apache 1.3 or later
Module: mod_log_config

The first argument is the filename to which log records should bewritten. This is usedexactly like the argument toTransferLog;that is, it is either a full path or relative to the currentserver root.

The format argument specifies a format for each line of the log file.The options available for the format are exactly the same as forthe argument of the LogFormatbed and breakfast inns Wroclaw directive. If the formatincludes any spaces (which it will do in almost all cases) itshould be enclosed in double quotes.

Instead of an actual format string, you can use a format nickname defined withtheLogFormatdirective.

LogFormat

Syntax: LogFormat format [nickname]
Default: LogFormat "%h %l %u %t \"%r\"%s %b"
Context: server config, virtual host
Status: Base
Compatibility: Nickname only available in Apache 1.3 or later
Module: mod_log_config

This sets the format of the default logfile named by theTransferLogdirective . See the section onCustom Log Formats for details on the formatarguments.

If you include a nickname for the format on the directive line, you canuse it in other LogFormat andCustomLogdirectives rather than repeating the entire format string.

ALogFormat directive which defines a nickname doesnothing else -- that is, it only defines the nickname,it doesn't actually apply the format and make it the default.

TransferLog

Syntax: TransferLog file-pipe
Default: none
Context: server config, virtual host
Status: Base
Module: mod_log_config

The TransferLog directive adds a log file in the format defined by themost recentLogFormatdirective, or Common Log Format if no other default format has beenspecified.File-pipe is oneof

A filename: A filename relative to the ServerRoot.
`|' followed by a command: A program to receive the agent log information on its standard input.Note the a new program will not be started for a VirtualHost if it inheritsthe TransferLog from the main server.

Security: if a program is used, then it will berun under the user who started httpd. This will be root if the serverwas started by root; be sure that the program is secure.

Apache HTTP Server Version 1.3

- | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - |