本篇属于科普问,LG一直说我的博客写的像学生笔记,毫无可读性,的确是这样,我爱cheatsheet的格式,资料库强迫症患者^-^
测试环境为debian
一、 Apache
参考: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html
第一步:定义日志格式
vim /etc/apache2/apache2.conf
添加
LogFormat "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" tanjiti
第二步:启用该格式
vim /etc/apache2/sites-available/default
添加
CustomLog ${APACHE_LOG_DIR}/access.log tanjiti
日志样例如下
211.138.23.98 www.tanjiti.com - [22/Oct/2013:05:15:20 -0700] "GET /hellp.php?id=4 HTTP/1.1" 200 57 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
注意LogFormat部分,具体意思如下
LogFormat "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" tanjiti
%h Remote host --示例中的211.138.23.98
%V The server name according to the UseCanonicalName setting. --示例中的 www.tanjiti.com %u Remote user (from auth; may be bogus if return status (%s) is 401) --示例中的-
%t Time the request was received (standard english format) --示例中的[22/Oct/2013:05:15:20 -0700]
%r First line of request --示例中的GET /hellp.php?id=4 HTTP/1.1
%s Status. For requests that got internally redirected, this is the status of the *original* request --- %>s for the last. --示例中的200
%b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent. --示例中的57
%{Referer}i HTTP Referer --示例中的http://www.baidu.com
%{User-Agent}i HTTP UserAgent --示例中的Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
二、Nginx
参考 http://wiki.nginx.org/HttpLogModule
vim /usr/local/nginx/conf/nginx.conf
log_format tanjiti '$remote_addr $host $remote_user [$time_local] '
' "$request" $status $body_bytes_sent '
' "$http_referer" "$http_user_agent" ';
access_log logs/kokcc.access.log tanjiti;
日志样例如下
211.138.23.98 www.tanjiti.com - [22/Oct/2013:06:04:07 -0700] "GET /SQLi.php?id=2 HTTP/1.1" 404 36 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
注意log_format部分,具体意思如下
$remote_addr Remote host --示例中的211.138.23.98
$host --示例中的 www.tanjiti.com
$remote_user --示例中的-
$time_local --示例中的[22/Oct/2013:06:04:07 -0700]
$request --示例中的GET /SQLi.php?id=2 HTTP/1.1
$status --示例中的404
$body_bytes_sent--示例中的36
$http_referer --示例中的http://www.baidu.com
$http_user_agent--示例中的Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
三、Lighttpd
vim /etc/lighttpd/conf-available/10-accesslog.conf
accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
日志样例如下211.138.23.98 www.tanjiti.com - [22/Oct/2013:04:05:47 -0700] "GET /s/jquery-migrate.min.js?ver=1 HTTP/1.1" 200 3068 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0“
注意accesslog.format部分,具体意思如下accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
%h name or address of remote-host --示例中的211.138.23.98
%V HTTP request host name --示例中的 www.tanjiti.com
%u authenticated user --示例中的-
%t timestamp of the end-time of the request --示例中的[22/Oct/2013:04:05:47 -0700]
%r request-line --示例中的GET /s/jquery-migrate.min.js?ver=1 HTTP/1.1
%s status-code --示例中的200
%b bytes sent for the body --示例中的3068
%{Referer}i HTTP Referer --示例中的http://www.baidu.com
%{User-Agent}i HTTP UserAgent --示例中的Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
四、tomcat
vim /etc/tomcat7/server.xml
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %v %u %t "%r" %s %b "%{Referer}i" "%{User-Ag
ent}i"" resolveHosts="true"/>
日志样例如下
211.138.23.98 www.tanjiti.com - [22/Oct/2013:05:46:34 -0700] "GET /index.jsp HTTP/1.1" 200 129 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
注意pattern部分,具体意思如下
%h Remote host name (or IP address if resolveHosts is false) --示例中的211.138.23.98
%v Local server name --示例中的 www.tanjiti.com
%u Remote user that was authenticated (if any), else '-' --示例中的-
%t Date and time, in Common Log Format --示例中的[22/Oct/2013:05:46:34 -0700]
%r First line of the request (method and request URI) --示例中的GET /index.jsp HTTP/1.1
%s HTTP status code of the response --示例中的200
%b Bytes sent, excluding HTTP headers, or '-' if zero --示例中的129
%{Referer}i HTTP Referer --示例中的http://www.baidu.com
%{User-Agent}i HTTP UserAgent --示例中的Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
个人比较喜欢Nginx的格式定义方式,而apache2、lighttpd、tomcat的日志格式几乎一样,只是在标点符号上有些不同而已。