2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_log_config.xml.meta">
25 <name>mod_log_config</name>
26 <description>Logging of the requests made to the server</description>
28 <sourcefile>mod_log_config.c</sourcefile>
29 <identifier>log_config_module</identifier>
32 <p>This module provides for flexible logging of client
33 requests. Logs are written in a customizable format, and may be
34 written directly to a file, or to an external program.
35 Conditional logging is provided so that individual requests may
36 be included or excluded from the logs based on characteristics
39 <p>Three directives are provided by this module:
40 <directive module="mod_log_config">TransferLog</directive> to create
41 a log file, <directive module="mod_log_config">LogFormat</directive>
42 to set a custom format, and <directive module="mod_log_config"
43 >CustomLog</directive> to define a log file and format in one
44 step. The <directive>TransferLog</directive> and <directive
45 >CustomLog</directive> directives can be used multiple times in each
46 server to cause each request to be logged to multiple files.</p>
48 <seealso><a href="../logs.html">Apache Log Files</a></seealso>
50 <section id="formats"><title>Custom Log Formats</title>
52 <p>The format argument to the <directive module="mod_log_config"
53 >LogFormat</directive> and <directive module="mod_log_config"
54 >CustomLog</directive> directives is a string. This string is
55 used to log each request to the log file. It can contain literal
56 characters copied into the log files and the C-style control
57 characters "\n" and "\t" to represent new-lines and tabs.
58 Literal quotes and backslashes should be escaped with
61 <p>The characteristics of the request itself are logged by
62 placing "<code>%</code>" directives in the format string, which are
63 replaced in the log file by the values as follows:</p>
65 <table border="1" style="zebra">
66 <columnspec><column width=".2"/><column width=".8"/></columnspec>
67 <tr><th>Format String</th>
68 <th>Description</th></tr>
70 <tr><td><code>%%</code></td>
71 <td>The percent sign.</td></tr>
73 <tr><td><code>%a</code></td>
74 <td>Client IP address of the request (see the
75 <module>mod_remoteip</module> module).</td></tr>
77 <tr><td><code>%{c}a</code></td>
78 <td>Underlying peer IP address of the connection (see the
79 <module>mod_remoteip</module> module).</td></tr>
81 <tr><td><code>%A</code></td>
82 <td>Local IP-address.</td></tr>
84 <tr><td><code>%B</code></td>
85 <td>Size of response in bytes, excluding HTTP headers.</td></tr>
87 <tr><td><code>%b</code></td>
88 <td>Size of response in bytes, excluding HTTP headers. In CLF format, <em>i.e.</em>
89 a '<code>-</code>' rather than a 0 when no bytes are sent.</td></tr>
91 <tr><td><code>%{<var>VARNAME</var>}C</code></td>
92 <td>The contents of cookie <var>VARNAME</var> in the request sent
93 to the server. Only version 0 cookies are fully supported.</td></tr>
95 <tr><td><code>%D</code></td>
96 <td>The time taken to serve the request, in microseconds.</td></tr>
98 <tr><td><code>%{<var>VARNAME</var>}e</code></td>
99 <td>The contents of the environment variable
100 <var>VARNAME</var>.</td></tr>
102 <tr><td><code>%f</code></td>
103 <td>Filename.</td></tr>
105 <tr><td><code>%h</code></td>
106 <td>Remote hostname. Will log the IP address if <directive
107 module="core">HostnameLookups</directive> is set to
108 <code>Off</code>, which is the default. If it logs the hostname
109 for only a few hosts, you probably have access control
110 directives mentioning them by name. See <a
111 href="mod_authz_host.html#reqhost">the Require host
112 documentation</a>.</td></tr>
114 <tr><td><code>%H</code></td>
115 <td>The request protocol.</td></tr>
117 <tr><td><code>%{<var>VARNAME</var>}i</code></td>
118 <td>The contents of <code><var>VARNAME</var>:</code> header line(s)
119 in the request sent to the server. Changes made by other
120 modules (e.g. <module>mod_headers</module>) affect this. If you're
121 interested in what the request header was prior to when most
122 modules would have modified it, use <module>mod_setenvif</module>
123 to copy the header into an internal environment variable and log
124 that value with the <code>%{<var>VARNAME</var>}e</code> described
128 <tr><td><code>%k</code></td>
129 <td>Number of keepalive requests handled on this connection. Interesting if
130 <directive module="core">KeepAlive</directive> is being used, so that,
131 for example, a '1' means the first keepalive request after the initial
132 one, '2' the second, etc...;
133 otherwise this is always 0 (indicating the initial request).</td></tr>
135 <tr><td><code>%l</code></td>
136 <td>Remote logname (from identd, if supplied). This will return a
137 dash unless <module>mod_ident</module> is present and <directive
138 module="mod_ident">IdentityCheck</directive> is set
139 <code>On</code>.</td></tr>
141 <tr><td><code>%L</code></td>
142 <td>The request log ID from the error log (or '-' if nothing has been
143 logged to the error log for this request). Look for the
144 matching error log line to see what request caused what error.</td></tr>
146 <tr><td><code>%m</code></td>
147 <td>The request method.</td></tr>
149 <tr><td><code>%{<var>VARNAME</var>}n</code></td>
150 <td>The contents of note <var>VARNAME</var> from another
153 <tr><td><code>%{<var>VARNAME</var>}o</code></td>
154 <td>The contents of <code><var>VARNAME</var>:</code> header line(s)
155 in the reply.</td></tr>
157 <tr><td><code>%p</code></td>
158 <td>The canonical port of the server serving the request.</td></tr>
160 <tr><td><code>%{<var>format</var>}p</code></td>
161 <td>The canonical port of the server serving the request, or the
162 server's actual port, or the client's actual port. Valid formats
163 are <code>canonical</code>, <code>local</code>, or <code>remote</code>.
166 <tr><td><code>%P</code></td>
167 <td>The process ID of the child that serviced the request.</td></tr>
169 <tr><td><code>%{<var>format</var>}P</code></td>
170 <td>The process ID or thread ID of the child that serviced the
171 request. Valid formats are <code>pid</code>, <code>tid</code>,
172 and <code>hextid</code>. <code>hextid</code> requires APR 1.2.0 or
176 <tr><td><code>%q</code></td>
177 <td>The query string (prepended with a <code>?</code> if a query
178 string exists, otherwise an empty string).</td></tr>
180 <tr><td><code>%r</code></td>
181 <td>First line of request.</td></tr>
183 <tr><td><code>%R</code></td>
184 <td>The handler generating the response (if any).</td></tr>
186 <tr><td><code>%s</code></td>
187 <td>Status. For requests that have been internally redirected, this is
188 the status of the <em>original</em> request. Use <code>%>s</code>
189 for the final status.</td></tr>
191 <tr><td><code>%t</code></td>
192 <td>Time the request was received, in the format <code>[18/Sep/2011:19:18:28 -0400]</code>.
193 The last number indicates the timezone offset from GMT</td></tr>
195 <tr><td><code>%{<var>format</var>}t</code></td>
196 <td>The time, in the form given by format, which should be in
197 an extended <code>strftime(3)</code> format (potentially localized).
198 If the format starts with <code>begin:</code> (default) the time is taken
199 at the beginning of the request processing. If it starts with
200 <code>end:</code> it is the time when the log entry gets written,
201 close to the end of the request processing. In addition to the formats
202 supported by <code>strftime(3)</code>, the following format tokens are
205 <tr><td><code>sec</code></td><td>number of seconds since the Epoch</td></tr>
206 <tr><td><code>msec</code></td><td>number of milliseconds since the Epoch</td></tr>
207 <tr><td><code>usec</code></td><td>number of microseconds since the Epoch</td></tr>
208 <tr><td><code>msec_frac</code></td><td>millisecond fraction</td></tr>
209 <tr><td><code>usec_frac</code></td><td>microsecond fraction</td></tr>
211 These tokens can not be combined with each other or <code>strftime(3)</code>
212 formatting in the same format string. You can use multiple
213 <code>%{<var>format</var>}t</code> tokens instead.
216 <tr><td><code>%T</code></td>
217 <td>The time taken to serve the request, in seconds.</td></tr>
219 <tr><td><code>%{<var>UNIT</var>}T</code></td>
220 <td>The time taken to serve the request, in a time unit given by
221 <code>UNIT</code>. Valid units are <code>ms</code> for milliseconds,
222 <code>us</code> for microseconds, and <code>s</code> for seconds.
223 Using <code>s</code> gives the same result as <code>%T</code>
224 without any format; using <code>us</code> gives the same result
225 as <code>%D</code>. Combining <code>%T</code> with a unit is
226 available in 2.4.13 and later.</td></tr>
228 <tr><td><code>%u</code></td>
229 <td>Remote user if the request was authenticated. May be bogus if return status
230 (<code>%s</code>) is 401 (unauthorized).</td></tr>
232 <tr><td><code>%U</code></td>
233 <td>The URL path requested, not including any query string.</td></tr>
235 <tr><td><code>%v</code></td>
236 <td>The canonical <directive module="core">ServerName</directive>
237 of the server serving the request.</td></tr>
239 <tr><td><code>%V</code></td>
240 <td>The server name according to the <directive module="core"
241 >UseCanonicalName</directive> setting.</td></tr>
243 <tr><td><code>%X</code></td>
244 <td>Connection status when response is completed:
247 <columnspec><column width=".2"/><column width=".6"/></columnspec>
248 <tr><td><code>X</code> =</td>
249 <td>Connection aborted before the response completed.</td></tr>
250 <tr><td><code>+</code> =</td>
251 <td>Connection may be kept alive after the response is
253 <tr><td><code>-</code> = </td>
254 <td>Connection will be closed after the response is
260 <tr><td><code>%I</code></td>
261 <td>Bytes received, including request and headers. Cannot be zero.
262 You need to enable <module>mod_logio</module> to use this.</td></tr>
264 <tr><td><code>%O</code></td>
265 <td>Bytes sent, including headers. May be zero in rare cases
266 such as when a request is aborted before a response is sent.
267 You need to enable <module>mod_logio</module> to use this.</td></tr>
269 <tr><td><code>%S</code></td>
270 <td>Bytes transferred (received and sent), including request and headers,
271 cannot be zero. This is the combination of %I and %O. You need to
272 enable <module>mod_logio</module> to use this.</td></tr>
274 <tr><td><code>%{<var>VARNAME</var>}^ti</code></td>
275 <td>The contents of <code><var>VARNAME</var>:</code> trailer line(s)
276 in the request sent to the server. </td></tr>
278 <tr><td><code>%{<var>VARNAME</var>}^to</code></td>
279 <td>The contents of <code><var>VARNAME</var>:</code> trailer line(s)
280 in the response sent from the server. </td></tr>
284 <section id="modifiers"><title>Modifiers</title>
286 <p>Particular items can be restricted to print only for
287 responses with specific HTTP status codes by placing a
288 comma-separated list of status codes immediately following the
289 "%". The status code list may be preceded by a "<code>!</code>" to
290 indicate negation.</p>
292 <table border="1" style="zebra">
293 <columnspec><column width=".2"/><column width=".8"/></columnspec>
295 <tr><th>Format String</th>
296 <th>Meaning</th></tr>
299 <td><code>%400,501{User-agent}i</code></td>
300 <td>Logs <code>User-agent</code> on 400 errors and 501 errors only. For
301 other status codes, the literal string <code>"-"</code> will be
304 <tr><td><code>%!200,304,302{Referer}i</code></td>
305 <td>Logs <code>Referer</code> on all requests that do
306 <em>not</em> return one of the three specified codes,
307 "<code>-</code>" otherwise.
312 <p>The modifiers "<" and ">" can be used for requests that
313 have been internally redirected to choose whether the original
314 or final (respectively) request should be consulted. By
315 default, the <code>%</code> directives <code>%s, %U, %T,
316 %D,</code> and <code>%r</code> look at the original request
317 while all others look at the final request. So for example,
318 <code>%>s</code> can be used to record the final status of
319 the request and <code>%<u</code> can be used to record the
320 original authenticated user on a request that is internally
321 redirected to an unauthenticated resource.</p>
325 <section id="format-notes"><title>Format Notes</title>
327 <p>For security reasons, starting with version 2.0.46,
328 non-printable and other special characters in <code>%r</code>,
329 <code>%i</code> and <code>%o</code> are escaped using
330 <code>\x<var>hh</var></code> sequences, where <var>hh</var>
331 stands for the hexadecimal representation of the raw
332 byte. Exceptions from this rule are <code>"</code> and
333 <code>\</code>, which are escaped by prepending a backslash, and
334 all whitespace characters, which are written in their C-style
335 notation (<code>\n</code>, <code>\t</code>, etc). In versions
336 prior to 2.0.46, no escaping was performed on these strings so
337 you had to be quite careful when dealing with raw log files.</p>
339 <p>Since httpd 2.0, unlike 1.3, the <code>%b</code> and
340 <code>%B</code> format strings do not represent the number of
341 bytes sent to the client, but simply the size in bytes of the
342 HTTP response (which will differ, for instance, if the
343 connection is aborted, or if SSL is used). The <code>%O</code>
344 format provided by <module>mod_logio</module> will log the
345 actual number of bytes sent over the network.</p>
348 <p>Note: <module>mod_cache</module> is implemented as a
349 quick-handler and not as a standard handler. Therefore, the
350 <code>%R</code> format string will not return any handler
351 information when content caching is involved.</p>
355 <p>Note: The '^' character at the start of three-character formats
356 has no significance, but it must be the first character of any newly
357 added three-character format to avoid potential conflicts with log
358 formats that use literals adjacent to a format specifier, such as
364 <section id="examples"><title>Examples</title>
366 <p>Some commonly used log format strings are:</p>
369 <dt>Common Log Format (CLF)</dt>
370 <dd><code>"%h %l %u %t \"%r\" %>s %b"</code></dd>
372 <dt>Common Log Format with Virtual Host</dt>
373 <dd><code>"%v %h %l %u %t \"%r\" %>s %b"</code></dd>
375 <dt>NCSA extended/combined log format</dt>
376 <dd><code>"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
377 \"%{User-agent}i\""</code></dd>
379 <dt>Referer log format</dt>
380 <dd><code>"%{Referer}i -> %U"</code></dd>
382 <dt>Agent (Browser) log format</dt>
383 <dd><code>"%{User-agent}i"</code></dd>
386 <p>You can use the <code>%{format}t</code> directive multiple
387 times to build up a time format using the extended format tokens
388 like <code>msec_frac</code>:</p>
390 <dt>Timestamp including milliseconds</dt>
391 <dd><code>"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"</code></dd>
398 <section id="security"><title>Security Considerations</title>
400 href="../misc/security_tips.html#serverroot">security tips</a>
401 document for details on why your security could be compromised
402 if the directory where logfiles are stored is writable by
403 anyone other than the user that starts the server.</p>
407 <name>BufferedLogs</name>
408 <description>Buffer log entries in memory before writing to disk</description>
409 <syntax>BufferedLogs On|Off</syntax>
410 <default>BufferedLogs Off</default>
411 <contextlist><context>server config</context></contextlist>
414 <p>The <directive>BufferedLogs</directive> directive causes
415 <module>mod_log_config</module> to store several log entries in
416 memory and write them together to disk, rather than writing them
417 after each request. On some systems, this may result in more
418 efficient disk access and hence higher performance. It may be
419 set only once for the entire server; it cannot be configured
420 per virtual-host.</p>
422 <note>This directive should be used with caution as a crash might
423 cause loss of logging data.</note>
428 <name>CustomLog</name>
429 <description>Sets filename and format of log file</description>
430 <syntax>CustomLog <var>file</var>|<var>pipe</var>|<var>provider</var>
431 <var>format</var>|<var>nickname</var>
432 [env=[!]<var>environment-variable</var>|
433 expr=<var>expression</var>]</syntax>
434 <contextlist><context>server config</context><context>virtual host</context>
438 <p>The <directive>CustomLog</directive> directive is used to
439 log requests to the server. A log format is specified, and the
440 logging can optionally be made conditional on request
441 characteristics using environment variables.</p>
443 <p>The first argument, which specifies the location to which
444 the logs will be written, can take one of the following two
448 <dt><var>file</var></dt>
449 <dd>A filename, relative to the <directive module="core"
450 >ServerRoot</directive>.</dd>
452 <dt><var>pipe</var></dt>
453 <dd>The pipe character "<code>|</code>", followed by the path
454 to a program to receive the log information on its standard
455 input. See the notes on <a href="../logs.html#piped">piped logs</a>
456 for more information.
458 <note type="warning"><title>Security:</title>
459 <p>If a program is used, then it will be run as the user who
460 started <program>httpd</program>. This will be root if the server was
461 started by root; be sure that the program is secure.</p>
463 <note type="warning"><title>Note</title>
464 <p>When entering a file path on non-Unix platforms, care should be taken
465 to make sure that only forward slashed are used even though the platform
466 may allow the use of back slashes. In general it is a good idea to always
467 use forward slashes throughout the configuration files.</p>
469 <dt><var>provider</var></dt>
470 <dd>Modules implementing ErrorLog providers can also be used as a target
471 for CustomLog messages. To use ErrorLog provider as a target,
472 "provider:argument" syntax must be used. You can for example use
473 <module>mod_journald</module> or <module>mod_syslog</module>
475 <highlight language="config">
476 # CustomLog logging to journald
477 CustomLog "journald" "%h %l %u %t \"%r\" %>s %b"
479 # CustomLog logging to syslog with "user" facility
480 CustomLog "syslog:user" "%h %l %u %t \"%r\" %>s %b"
485 <p>The second argument specifies what will be written to the
486 log file. It can specify either a <var>nickname</var> defined by
487 a previous <directive module="mod_log_config">LogFormat</directive>
488 directive, or it can be an explicit <var>format</var> string as
489 described in the <a href="#formats">log formats</a> section.</p>
491 <p>For example, the following two sets of directives have
492 exactly the same effect:</p>
494 <highlight language="config">
495 # CustomLog with format nickname
496 LogFormat "%h %l %u %t \"%r\" %>s %b" common
497 CustomLog "logs/access_log" common
499 # CustomLog with explicit format string
500 CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"
503 <p>The third argument is optional and controls whether or
504 not to log a particular request. The condition can be the
505 presence or absence (in the case of a '<code>env=!<var>name</var></code>'
506 clause) of a particular variable in the server
507 <a href="../env.html">environment</a>. Alternatively, the condition
508 can be expressed as arbitrary boolean <a href="../expr.html"
509 >expression</a>. If the condition is not satisfied, the request
510 will not be logged. References to HTTP headers in the expression
511 will not cause the header names to be added to the Vary header.</p>
513 <p>Environment variables can be set on a per-request
514 basis using the <module>mod_setenvif</module>
515 and/or <module>mod_rewrite</module> modules. For
516 example, if you want to record requests for all GIF
517 images on your server in a separate logfile but not in your main
518 log, you can use:</p>
520 <highlight language="config">
521 SetEnvIf Request_URI \.gif$ gif-image
522 CustomLog "gif-requests.log" common env=gif-image
523 CustomLog "nongif-requests.log" common env=!gif-image
526 <p>Or, to reproduce the behavior of the old RefererIgnore
527 directive, you might use the following:</p>
529 <highlight language="config">
530 SetEnvIf Referer example\.com localreferer
531 CustomLog "referer.log" referer env=!localreferer
537 <name>LogFormat</name>
538 <description>Describes a format for use in a log file</description>
539 <syntax>LogFormat <var>format</var>|<var>nickname</var>
540 [<var>nickname</var>]</syntax>
541 <default>LogFormat "%h %l %u %t \"%r\" %>s %b"</default>
542 <contextlist><context>server config</context><context>virtual host</context>
546 <p>This directive specifies the format of the access log
549 <p>The <directive>LogFormat</directive> directive can take one of two
550 forms. In the first form, where only one argument is specified,
551 this directive sets the log format which will be used by logs
552 specified in subsequent <directive>TransferLog</directive>
553 directives. The single argument can specify an explicit
554 <var>format</var> as discussed in the <a href="#formats">custom log
555 formats</a> section above. Alternatively, it can use a
556 <var>nickname</var> to refer to a log format defined in a
557 previous <directive>LogFormat</directive> directive as described
560 <p>The second form of the <directive>LogFormat</directive>
561 directive associates an explicit <var>format</var> with a
562 <var>nickname</var>. This <var>nickname</var> can then be used in
563 subsequent <directive>LogFormat</directive> or
564 <directive module="mod_log_config">CustomLog</directive> directives
565 rather than repeating the entire format string. A
566 <directive>LogFormat</directive> directive that defines a nickname
567 <strong>does nothing else</strong> -- that is, it <em>only</em>
568 defines the nickname, it doesn't actually apply the format and make
569 it the default. Therefore, it will not affect subsequent
570 <directive module="mod_log_config">TransferLog</directive> directives.
571 In addition, <directive>LogFormat</directive> cannot use one nickname
572 to define another nickname. Note that the nickname should not contain
573 percent signs (<code>%</code>).</p>
575 <example><title>Example</title>
576 <highlight language="config">
577 LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
585 <name>TransferLog</name>
586 <description>Specify location of a log file</description>
587 <syntax>TransferLog <var>file</var>|<var>pipe</var></syntax>
588 <contextlist><context>server config</context><context>virtual host</context>
592 <p>This directive has exactly the same arguments and effect as
593 the <directive module="mod_log_config">CustomLog</directive>
594 directive, with the exception that it does not allow the log format
595 to be specified explicitly or for conditional logging of requests.
596 Instead, the log format is determined by the most recently specified
597 <directive module="mod_log_config">LogFormat</directive> directive
598 which does not define a nickname. Common Log Format is used if no
599 other format has been specified.</p>
601 <example><title>Example</title>
602 <highlight language="config">
603 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
604 TransferLog "logs/access_log"
611 <name>GlobalLog</name>
612 <description>Sets filename and format of log file</description>
613 <syntax>GlobalLog <var>file</var>|<var>pipe</var>|<var>provider</var>
614 <var>format</var>|<var>nickname</var>
615 [env=[!]<var>environment-variable</var>|
616 expr=<var>expression</var>]</syntax>
617 <contextlist><context>server config</context>
619 <compatibility>Available in Apache HTTP Server 2.4.19 and later</compatibility>
623 <p>The <directive>GlobalLog</directive> directive defines a log shared
624 by the main server configuration and all defined virtual hosts.</p>
626 <p>The <directive>GlobalLog</directive> directive is identical to
627 the <directive>CustomLog</directive> directive, apart from the following
630 <li><directive>GlobalLog</directive> is not valid in virtual host
632 <li><directive>GlobalLog</directive> is used by virtual hosts that
633 define their own <directive>CustomLog</directive>, unlike a
634 globally specified <directive>CustomLog</directive>.</li>