2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_log_config.xml.meta">
25 <name>mod_log_config</name>
26 <description>Logging of the requests made to the server</description>
28 <sourcefile>mod_log_config.c</sourcefile>
29 <identifier>log_config_module</identifier>
32 <p>This module provides for flexible logging of client
33 requests. Logs are written in a customizable format, and may be
34 written directly to a file, or to an external program.
35 Conditional logging is provided so that individual requests may
36 be included or excluded from the logs based on characteristics
39 <p>Three directives are provided by this module:
40 <directive module="mod_log_config">TransferLog</directive> to create
41 a log file, <directive module="mod_log_config">LogFormat</directive>
42 to set a custom format, and <directive module="mod_log_config"
43 >CustomLog</directive> to define a log file and format in one
44 step. The <directive>TransferLog</directive> and <directive
45 >CustomLog</directive> directives can be used multiple times in each
46 server to cause each request to be logged to multiple files.</p>
48 <seealso><a href="../logs.html">Apache Log Files</a></seealso>
50 <section id="formats"><title>Custom Log Formats</title>
52 <p>The format argument to the <directive module="mod_log_config"
53 >LogFormat</directive> and <directive module="mod_log_config"
54 >CustomLog</directive> directives is a string. This string is
55 used to log each request to the log file. It can contain literal
56 characters copied into the log files and the C-style control
57 characters "\n" and "\t" to represent new-lines and tabs.
58 Literal quotes and backslashes should be escaped with
61 <p>The characteristics of the request itself are logged by
62 placing "<code>%</code>" directives in the format string, which are
63 replaced in the log file by the values as follows:</p>
65 <table border="1" style="zebra">
66 <columnspec><column width=".2"/><column width=".8"/></columnspec>
67 <tr><th>Format String</th>
68 <th>Description</th></tr>
70 <tr><td><code>%%</code></td>
71 <td>The percent sign</td></tr>
73 <tr><td><code>%a</code></td>
74 <td>Remote IP-address</td></tr>
76 <tr><td><code>%A</code></td>
77 <td>Local IP-address</td></tr>
79 <tr><td><code>%B</code></td>
80 <td>Size of response in bytes, excluding HTTP headers.</td></tr>
82 <tr><td><code>%b</code></td>
83 <td>Size of response in bytes, excluding HTTP headers. In CLF format, <em>i.e.</em>
84 a '<code>-</code>' rather than a 0 when no bytes are sent.</td></tr>
86 <tr><td><code>%{<var>VARNAME</var>}C</code></td>
87 <td>The contents of cookie <var>VARNAME</var> in the request sent
88 to the server. Only version 0 cookies are fully supported.</td></tr>
90 <tr><td><code>%D</code></td>
91 <td>The time taken to serve the request, in microseconds.</td></tr>
93 <tr><td><code>%{<var>VARNAME</var>}e</code></td>
94 <td>The contents of the environment variable
95 <var>VARNAME</var></td></tr>
97 <tr><td><code>%f</code></td>
98 <td>Filename</td></tr>
100 <tr><td><code>%h</code></td>
101 <td>Remote host</td></tr>
103 <tr><td><code>%H</code></td>
104 <td>The request protocol</td></tr>
106 <tr><td><code>%{<var>VARNAME</var>}i</code></td>
107 <td>The contents of <code><var>VARNAME</var>:</code> header line(s)
108 in the request sent to the server. Changes made by other
109 modules (e.g. <module>mod_headers</module>) affect this.
112 <tr><td><code>%k</code></td>
113 <td>Number of keepalive requests handled on this connection. Interesting if
114 <directive module="core">KeepAlive</directive> is being used, so that,
115 for example, a '1' means the first keepalive request after the initial
116 one, '2' the second, etc...;
117 otherwise this is always 0 (indicating the initial request).</td></tr>
119 <tr><td><code>%l</code></td>
120 <td>Remote logname (from identd, if supplied). This will return a
121 dash unless <module>mod_ident</module> is present and <directive
122 module="mod_ident">IdentityCheck</directive> is set
123 <code>On</code>.</td></tr>
125 <tr><td><code>%L</code></td>
126 <td>The request log ID from the error log (or '-' if nothing has been
127 logged to the error log for this request)</td></tr>
129 <tr><td><code>%m</code></td>
130 <td>The request method</td></tr>
132 <tr><td><code>%{<var>VARNAME</var>}n</code></td>
133 <td>The contents of note <var>VARNAME</var> from another
136 <tr><td><code>%{<var>VARNAME</var>}o</code></td>
137 <td>The contents of <code><var>VARNAME</var>:</code> header line(s)
138 in the reply.</td></tr>
140 <tr><td><code>%p</code></td>
141 <td>The canonical port of the server serving the request</td></tr>
143 <tr><td><code>%{<var>format</var>}p</code></td>
144 <td>The canonical port of the server serving the request or the
145 server's actual port or the client's actual port. Valid formats
146 are <code>canonical</code>, <code>local</code>, or <code>remote</code>.
149 <tr><td><code>%P</code></td>
150 <td>The process ID of the child that serviced the request.</td></tr>
152 <tr><td><code>%{<var>format</var>}P</code></td>
153 <td>The process ID or thread id of the child that serviced the
154 request. Valid formats are <code>pid</code>, <code>tid</code>,
155 and <code>hextid</code>. <code>hextid</code> requires APR 1.2.0 or
159 <tr><td><code>%q</code></td>
160 <td>The query string (prepended with a <code>?</code> if a query
161 string exists, otherwise an empty string)</td></tr>
163 <tr><td><code>%r</code></td>
164 <td>First line of request</td></tr>
166 <tr><td><code>%R</code></td>
167 <td>The handler generating the response (if any).</td></tr>
169 <tr><td><code>%s</code></td>
170 <td>Status. For requests that got internally redirected, this is
171 the status of the *original* request --- <code>%>s</code>
172 for the last.</td></tr>
174 <tr><td><code>%t</code></td>
175 <td>Time the request was received (standard english
178 <tr><td><code>%{<var>format</var>}t</code></td>
179 <td>The time, in the form given by format, which should be in
180 an extended <code>strftime(3)</code> format (potentially localized).
181 If the format starts with <code>begin:</code> (default) the time is taken
182 at the beginning of the request processing, if it starts with
183 <code>end:</code> it is the time when the log entry gets written, so
184 close to the end of the request processing. In addition to the formats
185 supported by <code>strftime(3)</code>, the following format tokens are
188 <tr><td><code>sec</code></td><td>number of seconds since the Epoch</td></tr>
189 <tr><td><code>msec</code></td><td>number of milliseconds since the Epoch</td></tr>
190 <tr><td><code>usec</code></td><td>number of microseconds since the Epoch</td></tr>
191 <tr><td><code>msec_frac</code></td><td>millisecond fraction</td></tr>
192 <tr><td><code>usec_frac</code></td><td>microsecond fraction</td></tr>
194 These tokens can not be combined with each other or <code>strftime(3)</code>
195 formatting in the same format string. You can use multiple
196 <code>%{<var>format</var>}t</code> tokens instead.
199 <tr><td><code>%T</code></td>
200 <td>The time taken to serve the request, in seconds.</td></tr>
202 <tr><td><code>%u</code></td>
203 <td>Remote user (from auth; may be bogus if return status
204 (<code>%s</code>) is 401)</td></tr>
206 <tr><td><code>%U</code></td>
207 <td>The URL path requested, not including any query string.</td></tr>
209 <tr><td><code>%v</code></td>
210 <td>The canonical <directive module="core">ServerName</directive>
211 of the server serving the request.</td></tr>
213 <tr><td><code>%V</code></td>
214 <td>The server name according to the <directive module="core"
215 >UseCanonicalName</directive> setting.</td></tr>
217 <tr><td><code>%X</code></td>
218 <td>Connection status when response is completed:
221 <columnspec><column width=".2"/><column width=".6"/></columnspec>
222 <tr><td><code>X</code> =</td>
223 <td>connection aborted before the response completed.</td></tr>
224 <tr><td><code>+</code> =</td>
225 <td>connection may be kept alive after the response is
227 <tr><td><code>-</code> = </td>
228 <td>connection will be closed after the response is
234 <tr><td><code>%I</code></td>
235 <td>Bytes received, including request and headers, cannot be zero.
236 You need to enable <module>mod_logio</module> to use this.</td></tr>
238 <tr><td><code>%O</code></td>
239 <td>Bytes sent, including headers, cannot be zero. You need to
240 enable <module>mod_logio</module> to use this.</td></tr>
243 <section id="modifiers"><title>Modifiers</title>
245 <p>Particular items can be restricted to print only for
246 responses with specific HTTP status codes by placing a
247 comma-separated list of status codes immediately following the
248 "%". For example, <code>"%400,501{User-agent}i"</code> logs
249 <code>User-agent</code> on 400 errors and 501 errors only. For
250 other status codes, the literal string <code>"-"</code> will be
251 logged. The status code list may be preceded by a
252 "<code>!</code>" to indicate negation:
253 <code>"%!200,304,302{Referer}i"</code> logs <code>Referer</code>
254 on all requests that do <em>not</em> return one of the three
257 <p>The modifiers "<" and ">" can be used for requests that
258 have been internally redirected to choose whether the original
259 or final (respectively) request should be consulted. By
260 default, the <code>%</code> directives <code>%s, %U, %T,
261 %D,</code> and <code>%r</code> look at the original request
262 while all others look at the final request. So for example,
263 <code>%>s</code> can be used to record the final status of
264 the request and <code>%<u</code> can be used to record the
265 original authenticated user on a request that is internally
266 redirected to an unauthenticated resource.</p>
270 <section id="format-notes"><title>Some Notes</title>
272 <p>For security reasons, starting with version 2.0.46,
273 non-printable and other special characters in <code>%r</code>,
274 <code>%i</code> and <code>%o</code> are escaped using
275 <code>\x<var>hh</var></code> sequences, where <var>hh</var>
276 stands for the hexadecimal representation of the raw
277 byte. Exceptions from this rule are <code>"</code> and
278 <code>\</code>, which are escaped by prepending a backslash, and
279 all whitespace characters, which are written in their C-style
280 notation (<code>\n</code>, <code>\t</code>, etc). In versions
281 prior to 2.0.46, no escaping was performed on these strings so
282 you had to be quite careful when dealing with raw log files.</p>
284 <p>In httpd 2.0, unlike 1.3, the <code>%b</code> and
285 <code>%B</code> format strings do not represent the number of
286 bytes sent to the client, but simply the size in bytes of the
287 HTTP response (which will differ, for instance, if the
288 connection is aborted, or if SSL is used). The <code>%O</code>
289 format provided by <module>mod_logio</module> will log the
290 actual number of bytes sent over the network.</p>
292 <p>Note: <module>mod_cache</module> is implemented as a
293 quick-handler and not as a standard handler. Therefore, the
294 <code>%R</code> format string will not return any handler
295 information when content caching is involved.</p>
299 <section id="examples"><title>Examples</title>
301 <p>Some commonly used log format strings are:</p>
304 <dt>Common Log Format (CLF)</dt>
305 <dd><code>"%h %l %u %t \"%r\" %>s %b"</code></dd>
307 <dt>Common Log Format with Virtual Host</dt>
308 <dd><code>"%v %h %l %u %t \"%r\" %>s %b"</code></dd>
310 <dt>NCSA extended/combined log format</dt>
311 <dd><code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
312 \"%{User-agent}i\""</code></dd>
314 <dt>Referer log format</dt>
315 <dd><code>"%{Referer}i -> %U"</code></dd>
317 <dt>Agent (Browser) log format</dt>
318 <dd><code>"%{User-agent}i"</code></dd>
321 <p>You can use the <code>%{format}t</code> directive multiple
322 times to build up a time format using the extended format tokens
323 like <code>msec_frac</code>:</p>
325 <dt>Timestamp including milliseconds</dt>
326 <dd><code>"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"</code></dd>
333 <section id="security"><title>Security Considerations</title>
335 href="../misc/security_tips.html#serverroot">security tips</a>
336 document for details on why your security could be compromised
337 if the directory where logfiles are stored is writable by
338 anyone other than the user that starts the server.</p>
342 <name>BufferedLogs</name>
343 <description>Buffer log entries in memory before writing to disk</description>
344 <syntax>BufferedLogs On|Off</syntax>
345 <default>BufferedLogs Off</default>
346 <contextlist><context>server config</context></contextlist>
347 <compatibility>Available in versions 2.0.41 and later.</compatibility>
350 <p>The <directive>BufferedLogs</directive> directive causes
351 <module>mod_log_config</module> to store several log entries in
352 memory and write them together to disk, rather than writing them
353 after each request. On some systems, this may result in more
354 efficient disk access and hence higher performance. It may be
355 set only once for the entire server; it cannot be configured
356 per virtual-host.</p>
358 <note>This directive should be used with caution as a crash might
359 cause loss of logging data.</note>
364 <name>CookieLog</name>
365 <description>Sets filename for the logging of cookies</description>
366 <syntax>CookieLog <var>filename</var></syntax>
367 <contextlist><context>server config</context><context>virtual host</context>
369 <compatibility>This directive is deprecated.</compatibility>
372 <p>The <directive>CookieLog</directive> directive sets the
373 filename for logging of cookies. The filename is relative to the
374 <directive module="core">ServerRoot</directive>. This directive is
375 included only for compatibility with <code>mod_cookies</code>,
376 and is deprecated.</p>
381 <name>CustomLog</name>
382 <description>Sets filename and format of log file</description>
383 <syntax>CustomLog <var>file</var>|<var>pipe</var>
384 <var>format</var>|<var>nickname</var>
385 [env=[!]<var>environment-variable</var>]</syntax>
386 <contextlist><context>server config</context><context>virtual host</context>
390 <p>The <directive>CustomLog</directive> directive is used to
391 log requests to the server. A log format is specified, and the
392 logging can optionally be made conditional on request
393 characteristics using environment variables.</p>
395 <p>The first argument, which specifies the location to which
396 the logs will be written, can take one of the following two
400 <dt><var>file</var></dt>
401 <dd>A filename, relative to the <directive module="core"
402 >ServerRoot</directive>.</dd>
404 <dt><var>pipe</var></dt>
405 <dd>The pipe character "<code>|</code>", followed by the path
406 to a program to receive the log information on its standard
407 input. See the notes on <a href="../logs.html#piped">piped logs</a>
408 for more information.
410 <note type="warning"><title>Security:</title>
411 <p>If a program is used, then it will be run as the user who
412 started <program>httpd</program>. This will be root if the server was
413 started by root; be sure that the program is secure.</p>
415 <note type="warning"><title>Note</title>
416 <p>When entering a file path on non-Unix platforms, care should be taken
417 to make sure that only forward slashed are used even though the platform
418 may allow the use of back slashes. In general it is a good idea to always
419 use forward slashes throughout the configuration files.</p>
423 <p>The second argument specifies what will be written to the
424 log file. It can specify either a <var>nickname</var> defined by
425 a previous <directive module="mod_log_config">LogFormat</directive>
426 directive, or it can be an explicit <var>format</var> string as
427 described in the <a href="#formats">log formats</a> section.</p>
429 <p>For example, the following two sets of directives have
430 exactly the same effect:</p>
433 # CustomLog with format nickname<br />
434 LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
435 CustomLog logs/access_log common<br />
437 # CustomLog with explicit format string<br />
438 CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
441 <p>The third argument is optional and controls whether or
442 not to log a particular request based on the
443 presence or absence of a particular variable in the server
444 environment. If the specified <a href="../env.html">environment
445 variable</a> is set for the request (or is not set, in the case
446 of a '<code>env=!<var>name</var></code>' clause), then the
447 request will be logged.</p>
449 <p>Environment variables can be set on a per-request
450 basis using the <module>mod_setenvif</module>
451 and/or <module>mod_rewrite</module> modules. For
452 example, if you want to record requests for all GIF
453 images on your server in a separate logfile but not in your main
454 log, you can use:</p>
457 SetEnvIf Request_URI \.gif$ gif-image<br />
458 CustomLog gif-requests.log common env=gif-image<br />
459 CustomLog nongif-requests.log common env=!gif-image
462 <p>Or, to reproduce the behavior of the old RefererIgnore
463 directive, you might use the following:</p>
466 SetEnvIf Referer example\.com localreferer<br />
467 CustomLog referer.log referer env=!localreferer
473 <name>LogFormat</name>
474 <description>Describes a format for use in a log file</description>
475 <syntax>LogFormat <var>format</var>|<var>nickname</var>
476 [<var>nickname</var>]</syntax>
477 <default>LogFormat "%h %l %u %t \"%r\" %>s %b"</default>
478 <contextlist><context>server config</context><context>virtual host</context>
482 <p>This directive specifies the format of the access log
485 <p>The <directive>LogFormat</directive> directive can take one of two
486 forms. In the first form, where only one argument is specified,
487 this directive sets the log format which will be used by logs
488 specified in subsequent <directive>TransferLog</directive>
489 directives. The single argument can specify an explicit
490 <var>format</var> as discussed in the <a href="#formats">custom log
491 formats</a> section above. Alternatively, it can use a
492 <var>nickname</var> to refer to a log format defined in a
493 previous <directive>LogFormat</directive> directive as described
496 <p>The second form of the <directive>LogFormat</directive>
497 directive associates an explicit <var>format</var> with a
498 <var>nickname</var>. This <var>nickname</var> can then be used in
499 subsequent <directive>LogFormat</directive> or
500 <directive module="mod_log_config">CustomLog</directive> directives
501 rather than repeating the entire format string. A
502 <directive>LogFormat</directive> directive that defines a nickname
503 <strong>does nothing else</strong> -- that is, it <em>only</em>
504 defines the nickname, it doesn't actually apply the format and make
505 it the default. Therefore, it will not affect subsequent
506 <directive module="mod_log_config">TransferLog</directive> directives.
507 In addition, <directive>LogFormat</directive> cannot use one nickname
508 to define another nickname. Note that the nickname should not contain
509 percent signs (<code>%</code>).</p>
511 <example><title>Example</title>
512 LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
518 <name>TransferLog</name>
519 <description>Specify location of a log file</description>
520 <syntax>TransferLog <var>file</var>|<var>pipe</var></syntax>
521 <contextlist><context>server config</context><context>virtual host</context>
525 <p>This directive has exactly the same arguments and effect as
526 the <directive module="mod_log_config">CustomLog</directive>
527 directive, with the exception that it does not allow the log format
528 to be specified explicitly or for conditional logging of requests.
529 Instead, the log format is determined by the most recently specified
530 <directive module="mod_log_config">LogFormat</directive> directive
531 which does not define a nickname. Common Log Format is used if no
532 other format has been specified.</p>
534 <example><title>Example</title>
535 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""<br />
536 TransferLog logs/access_log