Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Message
<blockquote data-quote="Cupper" data-source="post: 573" data-attributes="member: 22"><p><strong>LogFormat directive</strong></p><p>Description: Describes the format for use in the log file.</p><p></p><p>Syntax:</p><p>Code:</p><p>LogFormat format | alias [alias]</p><p></p><p>Default value:</p><p>Code:</p><p>LogFormat "% h% l% u% t \"% r \ "%> s% b"</p><p>Context: server config, virtual hosts.</p><p></p><p>This directive defines the format of the access log file.</p><p></p><p>The <strong>LogFormat</strong> directive can take one of two forms. In the first form, where only one argument is specified, this directive sets the log format to be used by the logs specified in subsequent <strong>TransferLog</strong> directives. One argument can specify an explicit format, as discussed in the section on custom log formats above. In addition, it can use an alias to refer to the log format defined in the previous <strong>LogFormat</strong> directive, as described below.</p><p></p><p>The second form of the <strong>LogFormat</strong> directive associates an explicit format with an alias. This alias can then be used in subsequent <strong>LogFormat</strong> or <strong>CustomLog</strong> directives rather than repeating the entire format string. The <strong>LogFormat</strong> directive defining the alias does nothing else, that is, it only defines the alias, does not actually apply the format and does not set it by default. Hence, it will not affect subsequent <strong>TransferLog</strong> directives. In addition, LogFormat cannot use one alias to define another alias. Note that the alias must not contain percent signs (<strong>%</strong>).</p><p></p><p>Example:</p><p>Code:</p><p>LogFormat "% v% h% l% u% t \"% r \ "%> s% b" vhost_common</p><p><strong>TransferLog directive</strong></p><p>Description: Specifies the location of the log file.</p><p></p><p>Syntax:</p><p>Code:</p><p>TransferLog file | pipe</p><p>Context: server config, virtual hosts</p><p></p><p>This directive has the same arguments and effect as the <strong>CustomLog</strong> directive, except that it does not allow you to explicitly specify the log format or log queries based on conditions. Instead, the log format is determined by the most recently specified <strong>LogFormat</strong> directive, which does not define an alias. The general log format is used if no other format is specified.</p><p></p><p>Example:</p><p>Code:</p><p>LogFormat "% h% l% u% t \"% r \ "%> s% b \"% {Referer} i \ "\"% {User-agent} i \ ""</p><p>TransferLog "logs / access_log"</p><p></p><p><strong>Apache log formats</strong></p><p><strong>Common Log Format</strong></p><p>A typical configuration for an access log might look like the following.</p><p>Code:</p><p>LogFormat "% h% l% u% t \"% r \ "%> s% b" common</p><p>CustomLog "logs / access_log" common</p><p>It sets an alias to <strong>common</strong> and associates it with a specific log format string. The format string consists of percent-sign directives, each of which tells the server to register a specific piece of information. Literal characters can also be placed in the format string and will be copied directly to the log output. The quote character ( <strong>"</strong> ) must be escaped by placing a backslash in front of it so that it is not interpreted as the end of the format string. The format string can also contain the special control characters" \ n "for newlines and" \ t "for tabs.</p><p></p><p>The CustomLog directive sets up a new log file using a specific alias. The file name for the access log is relative to <strong>ServerRoot</strong> unless it starts with a <strong>forward</strong> slash.</p><p></p><p>The above configuration will write log entries in a format known as the <strong>Common Log Format (CLF)</strong>. This standard format can be generated by many different web servers and read by many log analysis programs. The log file entries generated in CLF will look something like this:</p><p>Code:</p><p>95.152.63.100 - frank [18 / Aug / 2019: 08: 58: 34 +0300] "GET / ru /? Act = myip HTTP / 1.1" 200 25858</p><p>Each part of this log entry is described below.</p><p></p><p><strong>95.152.63.100 (% h)</strong></p><p>This is the IP address of the client (remote host) that made the request to the server. If <strong>HostnameLookups is</strong> set to <strong>On</strong>, the server will try to determine the hostname and write it instead of the IP address. However, this configuration is not recommended because it can significantly slow down the server. Instead, it is best to use a log post processor such as <strong>logresolve</strong> to resolve hostnames. The IP address specified here is not necessarily the address of the machine the user is on. If a proxy server exists between the user and the server, this address will be the proxy address, not the original machine.</p><p></p><p><strong>- (% l)</strong></p><p></p><p>A hyphen in the output indicates that the requested piece of information is not available. In this case, the information that is not available is the RFC 1413 client credential identified using identd on the client computer. This information is highly unreliable and should almost never be used except on tightly controlled internal networks. Apache httpd won't even try to determine this information unless <strong>IdentityCheck</strong> is set to <strong>On</strong> .</p><p></p><p><strong>frank (% u)</strong></p><p></p><p>This is the identifier of the user requesting the document, as determined by HTTP authentication. The same value is usually provided to CGI scripts in the REMOTE_USER environment variable. If the status code for the request is 401, then this value should not be trusted because the user is not yet authenticated. If the document is not password protected, this part will be "-" like the previous one.</p><p></p><p><strong>[18 / Aug / 2019: 08: 58: 34 +0300] (% t)</strong></p><p></p><p>The time the request was received. The format is:</p><p>Code:</p><p>[day / month / year: hour: minute: second zone]</p><p>day = 2 * digits</p><p>month = 3 * letters</p><p>year = 4 * digits</p><p>hour = 2 * digits</p><p>minute = 2 * digits</p><p>second = 2 * digits</p><p>zone = (`+ '|` -') 4 * digits</p><p></p><p>You can display the time in a different format by specifying <strong>% {format} t</strong> in the log format string, where the format is the same as in strftime (3) from the C standard library, or one of the supported special markers. For details, see the section “How to customize the Apache log format. Custom log formats ”.</p><p></p><p><strong>"GET / ru /? Act = myip HTTP / 1.1" (\ "% r \")</strong></p><p></p><p>The request string from the client, specified in double quotes. The query string contains a lot of useful information. First, the client uses the GET method. Second, the client requested the resource / ru /? Act = myip, and third, the client was using the HTTP / 1.1 protocol. It is also possible to register one or more parts of the query string independently. For example, the format string " <strong>% m% U% q% H</strong> " will log the method, path, query string, and protocol, resulting in exactly the same output as " <strong>% r</strong> ".</p></blockquote><p></p>
[QUOTE="Cupper, post: 573, member: 22"] [B]LogFormat directive[/B] Description: Describes the format for use in the log file. Syntax: Code: LogFormat format | alias [alias] Default value: Code: LogFormat "% h% l% u% t \"% r \ "%> s% b" Context: server config, virtual hosts. This directive defines the format of the access log file. The [B]LogFormat[/B] directive can take one of two forms. In the first form, where only one argument is specified, this directive sets the log format to be used by the logs specified in subsequent [B]TransferLog[/B] directives. One argument can specify an explicit format, as discussed in the section on custom log formats above. In addition, it can use an alias to refer to the log format defined in the previous [B]LogFormat[/B] directive, as described below. The second form of the [B]LogFormat[/B] directive associates an explicit format with an alias. This alias can then be used in subsequent [B]LogFormat[/B] or [B]CustomLog[/B] directives rather than repeating the entire format string. The [B]LogFormat[/B] directive defining the alias does nothing else, that is, it only defines the alias, does not actually apply the format and does not set it by default. Hence, it will not affect subsequent [B]TransferLog[/B] directives. In addition, LogFormat cannot use one alias to define another alias. Note that the alias must not contain percent signs ([B]%[/B]). Example: Code: LogFormat "% v% h% l% u% t \"% r \ "%> s% b" vhost_common [B]TransferLog directive[/B] Description: Specifies the location of the log file. Syntax: Code: TransferLog file | pipe Context: server config, virtual hosts This directive has the same arguments and effect as the [B]CustomLog[/B] directive, except that it does not allow you to explicitly specify the log format or log queries based on conditions. Instead, the log format is determined by the most recently specified [B]LogFormat[/B] directive, which does not define an alias. The general log format is used if no other format is specified. Example: Code: LogFormat "% h% l% u% t \"% r \ "%> s% b \"% {Referer} i \ "\"% {User-agent} i \ "" TransferLog "logs / access_log" [B]Apache log formats Common Log Format[/B] A typical configuration for an access log might look like the following. Code: LogFormat "% h% l% u% t \"% r \ "%> s% b" common CustomLog "logs / access_log" common It sets an alias to [B]common[/B] and associates it with a specific log format string. The format string consists of percent-sign directives, each of which tells the server to register a specific piece of information. Literal characters can also be placed in the format string and will be copied directly to the log output. The quote character ( [B]"[/B] ) must be escaped by placing a backslash in front of it so that it is not interpreted as the end of the format string. The format string can also contain the special control characters" \ n "for newlines and" \ t "for tabs. The CustomLog directive sets up a new log file using a specific alias. The file name for the access log is relative to [B]ServerRoot[/B] unless it starts with a [B]forward[/B] slash. The above configuration will write log entries in a format known as the [B]Common Log Format (CLF)[/B]. This standard format can be generated by many different web servers and read by many log analysis programs. The log file entries generated in CLF will look something like this: Code: 95.152.63.100 - frank [18 / Aug / 2019: 08: 58: 34 +0300] "GET / ru /? Act = myip HTTP / 1.1" 200 25858 Each part of this log entry is described below. [B]95.152.63.100 (% h)[/B] This is the IP address of the client (remote host) that made the request to the server. If [B]HostnameLookups is[/B] set to [B]On[/B], the server will try to determine the hostname and write it instead of the IP address. However, this configuration is not recommended because it can significantly slow down the server. Instead, it is best to use a log post processor such as [B]logresolve[/B] to resolve hostnames. The IP address specified here is not necessarily the address of the machine the user is on. If a proxy server exists between the user and the server, this address will be the proxy address, not the original machine. [B]- (% l)[/B] A hyphen in the output indicates that the requested piece of information is not available. In this case, the information that is not available is the RFC 1413 client credential identified using identd on the client computer. This information is highly unreliable and should almost never be used except on tightly controlled internal networks. Apache httpd won't even try to determine this information unless [B]IdentityCheck[/B] is set to [B]On[/B] . [B]frank (% u)[/B] This is the identifier of the user requesting the document, as determined by HTTP authentication. The same value is usually provided to CGI scripts in the REMOTE_USER environment variable. If the status code for the request is 401, then this value should not be trusted because the user is not yet authenticated. If the document is not password protected, this part will be "-" like the previous one. [B][18 / Aug / 2019: 08: 58: 34 +0300] (% t)[/B] The time the request was received. The format is: Code: [day / month / year: hour: minute: second zone] day = 2 * digits month = 3 * letters year = 4 * digits hour = 2 * digits minute = 2 * digits second = 2 * digits zone = (`+ '|` -') 4 * digits You can display the time in a different format by specifying [B]% {format} t[/B] in the log format string, where the format is the same as in strftime (3) from the C standard library, or one of the supported special markers. For details, see the section “How to customize the Apache log format. Custom log formats ”. [B]"GET / ru /? Act = myip HTTP / 1.1" (\ "% r \")[/B] The request string from the client, specified in double quotes. The query string contains a lot of useful information. First, the client uses the GET method. Second, the client requested the resource / ru /? Act = myip, and third, the client was using the HTTP / 1.1 protocol. It is also possible to register one or more parts of the query string independently. For example, the format string " [B]% m% U% q% H[/B] " will log the method, path, query string, and protocol, resulting in exactly the same output as " [B]% r[/B] ". [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Top