Web server logs provide a lot of information about the web application and user. Apache is a very popular web server used by millions of web sites. Apache provides different types of logs like access , error etc. In this tutorial, we will look at how Apache Access Log configured and try to understand log format.
Web服务器日志提供了大量有关Web应用程序和用户的信息。 Apache是数百万个网站使用的非常流行的Web服务器。 Apache提供了不同类型的日志,例如access , error等。在本教程中,我们将研究Apache Access Log的配置方式,并尝试理解日志格式。
Apache访问日志 (Apache Access Log)
Apache Access Log provides information about access to the Apache webserver. When someone visits the web site or open web application through the browser Apache web server will create some log about the request.
Apache访问日志提供有关访问Apache Web服务器的信息。 当有人通过浏览器访问该网站或打开Web应用程序时,Apache Web服务器将创建有关该请求的一些日志。
Apache访问日志位置 (Apache Access Log Location)
Apache Access Log is stored by default in the following directories. The access log can be opened with a simple text editor like kwrite, gedit, etc. or simply cat in the command line.
默认情况下,Apache访问日志存储在以下目录中。 可以使用简单的文本编辑器(如kwrite,gedit等)打开访问日志,也可以在命令行中简单地打开cat 。
Ubuntu, Debian,Mint:
Ubuntu,Debian,Mint:
/var/log/apache2/access.log
/var/log/apache2/access.log
CentOS, Fedora, RedHat:
CentOS,Fedora,RedHat:
/var/log/httpd/access.log
/var/log/httpd/access.log
We can open the Apache Access log with the less command in Ubuntu operating system like below.
我们可以在Ubuntu操作系统中使用less命令打开Apache Access日志,如下所示。
$ less /var/log/apache/access.log
列出访问日志文件(List Access Log Files)
Writing access log into a single file in all time is not a feasible way. In a standard web server over time there will be a lot of access log files where they are named in a structured way. We can list access log files with the ls command like below.
始终将访问日志写入单个文件不是可行的方法。 随着时间的流逝,在标准的Web服务器中,将有许多访问日志文件,它们以结构化的方式命名。 我们可以使用ls命令列出访问日志文件,如下所示。
$ ls -lh /var/log/apache2/access.*
The old access log file names are added 1 to the end of file names and after 2 last recent access log files older ones will be compressed in order to save space. By default, gzip or gz compression is used and the compressed files are named like access.log.2.gz in order to express it is compressed with gzip.
将旧的访问日志文件名加1到文件名的末尾,最后2个最近的访问日志文件后将压缩较旧的访问日志文件,以节省空间。 默认情况下,使用gzip或gz压缩,并且压缩文件的名称类似于access.log.2.gz ,以表示使用gzip压缩了该文件。
读取压缩的访问日志(Read Compressed Access Log)
Over time there will be a lot of access log where most of them will be compressed with different compression algorithms like gzip, bzip, etc. We may need to read these compressed access log files in a hurry and a practical way. We can read these compressed access logs without decompressing or extracting with the zless command like below.
随着时间的流逝,将会有很多访问日志,其中大多数日志将使用不同的压缩算法(例如gzip,bzip等)进行压缩。我们可能需要急于实用地读取这些压缩的访问日志文件。 我们可以读取这些压缩的访问日志,而无需使用zless命令解压缩或提取,如下所示。
$ zless /var/log/apache2/access.log.2.gz搜索,过滤和Grep压缩访问日志 (Search, Filter and Grep Compressed Access Log)
If we need more than reading a compressed access log file we can use other tools like zgrep which will grep a gzip compressed file. In this example, we will filter or grep WebDAV in our compressed log file named access.log.2.gz.
如果除了读取压缩的访问日志文件之外,我们还可以使用其他工具,例如zgrep,它将grep一个gzip压缩文件。 在此示例中,我们将在名为access.log.2.gz压缩日志文件中过滤或grep WebDAV 。
$ zgrep WebDAV /var/log/apache2/access.log.2.gz
We can also search and filter in all compressed files with single command execution. We will use glob * in order to specify all given compressed access logs like below. In this example, we will search for Nmap in compressed access log files.
我们还可以通过单个命令执行来搜索和过滤所有压缩文件。 我们将使用glob *来指定所有给定的压缩访问日志,如下所示。 在此示例中,我们将在压缩的访问日志文件中搜索Nmap 。
$ zgrep Nmap /var/log/apache2/access.log.*.gz
Apache访问日志格式(Apache Access Log Formatting)
Apache Access Log provides a lot of useful information about the request and responses to those requests. Apache configuration uses directiveLogFormat to define access log format. The default log format is like below.
Apache Access Log提供了许多有关请求以及对这些请求的响应的有用信息。 Apache配置使用指令LogFormat定义访问日志格式。 默认的日志格式如下。
LogFormat "%h %l %u %t \"%r\" %>s %b" common
Here are the meanings of shortcuts.
这是快捷方式的含义。
%hIP address of the client客户端的
%hIP地址%lif exist identity of the client%l如果存在客户端身份)%uuserid of the client if the user is authenticated客户端的
%uuserid(如果用户已通过身份验证)%tdate time the request has arrived请求到达的
%t日期时间\"%r\"is the HTTP method the client requested which includes the HTTP verb the URI and HTTP version\"%r\"是客户端请求的HTTP方法,其中包括HTTP动词,URI和HTTP版本%>sis the response code the server sends back to the client%>s是服务器发送回客户端的响应代码%bthe size of the object returned to the client%b返回给客户端的对象的大小
Here is an example log for Apache access
这是用于Apache访问的示例日志
127.0.0.1 - - [16/Aug/2017:07:03:45 +0300] "GET / HTTP/1.0" 200 11192 "-" "check_http/v2.2 (monitoring-plugins 2.2)"
Non-existing columns will be presented with - .
不存在的列将带有- 。
列出当前访问日志格式 (List Current Access Log Formatting)
The access Log format is defined in /etc/apache2/apache2.conf Ubuntu, Debian or /etc/httpd/httpd.conf in CentOS or RedHat systems. We can list the current directiveLogFormat with the following command.
访问日志格式在CentOS或RedHat系统中的Ubuntu,Debian或/etc/httpd/httpd.conf中定义在/etc/apache2/apache2.conf中。 我们可以使用以下命令列出当前指令LogFormat 。
$ cat /etc/apache2/apache2.conf | grep Log
交互式读取Apache访问日志(Interactively Reading Apache Access Log)
System administrators generally need to read Apache access log interactively in order to troubleshoot. We can use tailthe command in order to see Apace access log in real time. We will use the following command. We assume access.log resides in /var/log/apache2/access.log
系统管理员通常需要以交互方式读取Apache访问日志以进行故障排除。 我们可以使用tail命令来实时查看Apace访问日志。 我们将使用以下命令。 我们假设access.log位于/var/log/apache2/access.log
$ tail -f /var/log/apache2/access.log翻译自: https://www.poftut.com/understanding-configuring-apache-access-log/
扫一扫
1297
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
