Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Message
<blockquote data-quote="Cupper" data-source="post: 572" data-attributes="member: 22"><p><strong>Format Notes</strong></p><p>For security reasons, since version 2.0.46, non-printable and other special characters in <strong>% r</strong>, <strong>% i,</strong> and <strong>% o are</strong> escaped using <strong>\ xhh</strong> sequences, where <strong>hh</strong> denotes the hexadecimal representation of the raw byte. The exceptions to this rule are <strong>"</strong> and <strong>\</strong>, which are escaped by adding a backslash and any whitespace characters that are written using C-style notation (\ n, \ t, etc.). In versions prior to 2.0.46, no escaping has been done for these lines, so you have to be careful enough when working with raw log files in these versions.</p><p></p><p>Because in httpd 2.0, unlike 1.3, the <strong>% b</strong> and <strong>% B</strong> format strings do not represent the number of bytes sent to the client, but simply the size in bytes of the HTTP response (which will differ, for example, if the connection is interrupted) or if SSL is used). The <strong>% O</strong> format provided by mod_logio logs the actual number of bytes sent over the network.</p><p></p><p>Note: mod_cache is implemented as a fast handler, not a standard handler. Therefore, the <strong>% R</strong> format string will not return any handler information when content caching is enabled.</p><p></p><p>Note. The "<strong>^</strong>" at the beginning of 3-character formats is irrelevant, but must be the first character of any newly added 3-character format to avoid potential conflicts with log formats that use literal strings adjacent to the format specifier, such as "<strong>% Dus</strong>".</p><p></p><p><strong>Examples of</strong></p><p></p><p>Some commonly used log format strings:</p><ul> <li data-xf-list-type="ul">Common Log Format (CLF) - common log format</li> </ul><p>Code:</p><p>"% h% l% u% t \"% r \ "%> s% b"</p><ul> <li data-xf-list-type="ul">Common Log Format with Virtual Host - common log format with virtual hosts</li> </ul><p>Code:</p><p>"% v% h% l% u% t \"% r \ "%> s% b"</p><ul> <li data-xf-list-type="ul">NCSA extended / combined log format - NCSA extended / combined log format</li> </ul><p>Code:</p><p>"% h% l% u% t \"% r \ "%> s% b \"% {Referer} i \ "\"% {User-agent} i \ ""</p><ul> <li data-xf-list-type="ul">Referer log format - Referer record format</li> </ul><p>Code:</p><p>"% {Referer} i ->% U"</p><ul> <li data-xf-list-type="ul">Agent (Browser) log format - the format of the user agent (browser) log</li> </ul><p>Code:</p><p>"% {User-agent} i"</p><p></p><p>You can use the <strong>% {format} t</strong> directive multiple times to build the time format using extended format markers such as <strong>msec_frac</strong>:</p><ul> <li data-xf-list-type="ul">Timestamp including milliseconds:</li> </ul><p>Code:</p><p>1"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"</p><p></p><p><strong>BufferedLogs directive</strong></p><p>Description: Preserves log entries in memory before writing them to disk.</p><p></p><p>Syntax:</p><p>Code:</p><p>BufferedLogs On | Off</p><p>Default value:</p><p></p><p>BufferedLogs Off</p><p>Context: server config</p><p></p><p>The BufferedLogs directive forces mod_log_config to keep multiple log entries in memory and write them together to disk rather than writing them after each request. On some systems, this can lead to more efficient disk access and therefore higher performance. It can only be installed once for the entire server; it cannot be configured for every virtual host.</p><p></p><p>This directive should be used with caution because a failure can result in loss of log data.</p><p></p><p><strong>CustomLog directive</strong></p><p>Description: Sets the file name and format of the log file.</p><p></p><p>Syntax:</p><p>Code:</p><p>CustomLog file | pipe | provider format | nickname [env = [!] Environment-variable | expr = expression]</p><p>Context: server config, virtual hosts</p><p></p><p>The CustomLog directive is used to register requests to the server. The format of the log, the method of logging is indicated, here you can also specify a condition based on the characteristics of the query using environment variables at which the log will be written.</p><p></p><p>The first argument, which specifies the location where the logs will be written, can take one of the following three value types:</p><p></p><p><strong>file</strong></p><p>The file name is relative to ServerRoot.</p><p></p><p><strong>pipe</strong></p><p>The pipe symbol "|" followed by the path to the program that will receive the log entries on its standard input. See the <strong>Piped Logs</strong> section below for more information.</p><p></p><p><strong>Security</strong>: if the program is used, it will be run as the user who launched httpd. This will be root if the server was started as root; make sure the program is safe.</p><p></p><p><strong>Note</strong>: When entering a file path on non-Unix platforms, be careful to only use forward slashes, even though the platform may allow backslashes. As a general rule, it is recommended to always use forward slashes in configuration files.</p><p></p><p><strong>provider</strong></p><p></p><p>Modules that implement ErrorLog providers can also be used as targets for CustomLog messages. To use the ErrorLog provider as a target, you must use the "provider: argument" syntax. For example, you can use mod_journald or mod_syslog as the provider:</p><p></p><p>Code:</p><p># Logging CustomLog to journald</p><p>CustomLog "journald" "% h% l% u% t \"% r \ "%> s% b"</p><p></p><p># Log CustomLog to syslog with "user" object</p><p>CustomLog "syslog: user" "% h% l% u% t \"% r \ "%> s% b"</p><p></p><p>The second argument specifies what will be written to the log file. It can either specify an alias defined by the previous LogFormat directive, or it can be an explicit format string, as described in the section How to customize the Apache log format. Custom log formats”.</p><p></p><p>For example, the following two sets of directives have exactly the same effect:</p><p></p><p>1.</p><p>Code:</p><p># CustomLog specifying the format alias</p><p>LogFormat "% h% l% u% t \"% r \ "%> s% b" common</p><p>CustomLog "logs / access_log" common</p><p></p><p>2.</p><p>Code:</p><p># CustomLog with explicit format string</p><p>CustomLog "logs / access_log" "% h% l% u% t \"% r \ "%> s% b"</p><p></p><p></p><p>The third argument is optional and determines whether or not to log a specific request. The condition can be the presence or absence (in the case of the '<strong>env =! Name</strong>' clause ) of a certain variable in the server environment. Alternatively, the condition can be expressed as an arbitrary boolean expression. If the condition is not met, the request will not be registered. References to HTTP headers in an expression do not result in header names being added to the Vary header.</p><p></p><p>Environment variables can be set on a per-request basis using the mod_setenvif and / or mod_rewrite modules. For example, if you want to log requests for all GIF images on your server to a separate log file, but not to your main log, you can use:</p><p>Code:</p><p>SetEnvIf Request_URI \ .gif $ gif-image</p><p>CustomLog "gif-requests.log" common env = gif-image</p><p>CustomLog "nongif-requests.log" common env =! Gif-image</p><p></p><p>Or, to reproduce the behavior of the old RefererIgnore directive, you can use the following:</p><p>Code:</p><p>SetEnvIf Referer example \ .com localreferer</p><p>CustomLog "referer.log" referer env =! Localreferer</p><p><strong>GlobalLog directive</strong></p><p>Description: Sets the file name and format of the log file.</p><p></p><p>Syntax:</p><p>Code:</p><p>GlobalLog file | pipe | provider format | nickname [env = [!] Environment-variable | expr = expression]</p><p>Context: server config</p><p></p><p>Compatibility: Available in Apache HTTP Server 2.4.19 and later.</p><p></p><p>The GlobalLog directive defines a log that is common to the configuration of the main server and all configured virtual hosts.</p><p></p><p>The GlobalLog directive is identical to the CustomLog directive, with the following differences:</p><ul> <li data-xf-list-type="ul">GlobalLog is not valid in the context of a virtual host.</li> <li data-xf-list-type="ul">GlobalLog is used by virtual hosts that define their own CustomLog, not a globally defined CustomLog</li> </ul></blockquote><p></p>
[QUOTE="Cupper, post: 572, member: 22"] [B]Format Notes[/B] For security reasons, since version 2.0.46, non-printable and other special characters in [B]% r[/B], [B]% i,[/B] and [B]% o are[/B] escaped using [B]\ xhh[/B] sequences, where [B]hh[/B] denotes the hexadecimal representation of the raw byte. The exceptions to this rule are [B]"[/B] and [B]\[/B], which are escaped by adding a backslash and any whitespace characters that are written using C-style notation (\ n, \ t, etc.). In versions prior to 2.0.46, no escaping has been done for these lines, so you have to be careful enough when working with raw log files in these versions. Because in httpd 2.0, unlike 1.3, the [B]% b[/B] and [B]% B[/B] format strings do not represent the number of bytes sent to the client, but simply the size in bytes of the HTTP response (which will differ, for example, if the connection is interrupted) or if SSL is used). The [B]% O[/B] format provided by mod_logio logs the actual number of bytes sent over the network. Note: mod_cache is implemented as a fast handler, not a standard handler. Therefore, the [B]% R[/B] format string will not return any handler information when content caching is enabled. Note. The "[B]^[/B]" at the beginning of 3-character formats is irrelevant, but must be the first character of any newly added 3-character format to avoid potential conflicts with log formats that use literal strings adjacent to the format specifier, such as "[B]% Dus[/B]". [B]Examples of[/B] Some commonly used log format strings: [LIST] [*]Common Log Format (CLF) - common log format [/LIST] Code: "% h% l% u% t \"% r \ "%> s% b" [LIST] [*]Common Log Format with Virtual Host - common log format with virtual hosts [/LIST] Code: "% v% h% l% u% t \"% r \ "%> s% b" [LIST] [*]NCSA extended / combined log format - NCSA extended / combined log format [/LIST] Code: "% h% l% u% t \"% r \ "%> s% b \"% {Referer} i \ "\"% {User-agent} i \ "" [LIST] [*]Referer log format - Referer record format [/LIST] Code: "% {Referer} i ->% U" [LIST] [*]Agent (Browser) log format - the format of the user agent (browser) log [/LIST] Code: "% {User-agent} i" You can use the [B]% {format} t[/B] directive multiple times to build the time format using extended format markers such as [B]msec_frac[/B]: [LIST] [*]Timestamp including milliseconds: [/LIST] Code: 1"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t" [B]BufferedLogs directive[/B] Description: Preserves log entries in memory before writing them to disk. Syntax: Code: BufferedLogs On | Off Default value: BufferedLogs Off Context: server config The BufferedLogs directive forces mod_log_config to keep multiple log entries in memory and write them together to disk rather than writing them after each request. On some systems, this can lead to more efficient disk access and therefore higher performance. It can only be installed once for the entire server; it cannot be configured for every virtual host. This directive should be used with caution because a failure can result in loss of log data. [B]CustomLog directive[/B] Description: Sets the file name and format of the log file. Syntax: Code: CustomLog file | pipe | provider format | nickname [env = [!] Environment-variable | expr = expression] Context: server config, virtual hosts The CustomLog directive is used to register requests to the server. The format of the log, the method of logging is indicated, here you can also specify a condition based on the characteristics of the query using environment variables at which the log will be written. The first argument, which specifies the location where the logs will be written, can take one of the following three value types: [B]file[/B] The file name is relative to ServerRoot. [B]pipe[/B] The pipe symbol "|" followed by the path to the program that will receive the log entries on its standard input. See the [B]Piped Logs[/B] section below for more information. [B]Security[/B]: if the program is used, it will be run as the user who launched httpd. This will be root if the server was started as root; make sure the program is safe. [B]Note[/B]: When entering a file path on non-Unix platforms, be careful to only use forward slashes, even though the platform may allow backslashes. As a general rule, it is recommended to always use forward slashes in configuration files. [B]provider[/B] Modules that implement ErrorLog providers can also be used as targets for CustomLog messages. To use the ErrorLog provider as a target, you must use the "provider: argument" syntax. For example, you can use mod_journald or mod_syslog as the provider: Code: # Logging CustomLog to journald CustomLog "journald" "% h% l% u% t \"% r \ "%> s% b" # Log CustomLog to syslog with "user" object CustomLog "syslog: user" "% h% l% u% t \"% r \ "%> s% b" The second argument specifies what will be written to the log file. It can either specify an alias defined by the previous LogFormat directive, or it can be an explicit format string, as described in the section How to customize the Apache log format. Custom log formats”. For example, the following two sets of directives have exactly the same effect: 1. Code: # CustomLog specifying the format alias LogFormat "% h% l% u% t \"% r \ "%> s% b" common CustomLog "logs / access_log" common 2. Code: # CustomLog with explicit format string CustomLog "logs / access_log" "% h% l% u% t \"% r \ "%> s% b" The third argument is optional and determines whether or not to log a specific request. The condition can be the presence or absence (in the case of the '[B]env =! Name[/B]' clause ) of a certain variable in the server environment. Alternatively, the condition can be expressed as an arbitrary boolean expression. If the condition is not met, the request will not be registered. References to HTTP headers in an expression do not result in header names being added to the Vary header. Environment variables can be set on a per-request basis using the mod_setenvif and / or mod_rewrite modules. For example, if you want to log requests for all GIF images on your server to a separate log file, but not to your main log, you can use: Code: SetEnvIf Request_URI \ .gif $ gif-image CustomLog "gif-requests.log" common env = gif-image CustomLog "nongif-requests.log" common env =! Gif-image Or, to reproduce the behavior of the old RefererIgnore directive, you can use the following: Code: SetEnvIf Referer example \ .com localreferer CustomLog "referer.log" referer env =! Localreferer [B]GlobalLog directive[/B] Description: Sets the file name and format of the log file. Syntax: Code: GlobalLog file | pipe | provider format | nickname [env = [!] Environment-variable | expr = expression] Context: server config Compatibility: Available in Apache HTTP Server 2.4.19 and later. The GlobalLog directive defines a log that is common to the configuration of the main server and all configured virtual hosts. The GlobalLog directive is identical to the CustomLog directive, with the following differences: [LIST] [*]GlobalLog is not valid in the context of a virtual host. [*]GlobalLog is used by virtual hosts that define their own CustomLog, not a globally defined CustomLog [/LIST] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Top