Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Message
<blockquote data-quote="Cupper" data-source="post: 576" data-attributes="member: 22"><p>Using <strong>syslog</strong> instead of a filename allows logging to syslogd (8) if the system supports it and if mod_syslog is loaded. The default syslog facility is local7, but you can override this using the <strong>syslog</strong> syntax <strong>: facility</strong>, where the <strong>facility</strong> can be one of the names usually documented in syslog (1). <strong>The tool is</strong> effectively global, and if it changes on individual virtual hosts, the said last <strong>resort</strong> affects the entire server. The same rules apply to the <strong>syslog</strong> tag, which by default uses the Apache binary name, in most cases httpd. You can also override this using the syntax<strong>syslog :: tag</strong>.</p><p></p><p>Code:</p><p>ErrorLog syslog: user</p><p>ErrorLog syslog: user: httpd.srv1</p><p>ErrorLog syslog :: httpd.srv2</p><p></p><p>Additional modules can provide their own <strong>ErrorLog</strong> providers. The syntax is similar to the syslog example above.</p><p></p><p>SECURITY: See the Security Considerations section to find out why your security could be compromised if the directory where the log files are stored is writable by someone other than the user starting the server.</p><p></p><p>Note: When entering a file path on non-Unix platforms, be careful to only use forward slashes, even though the platform may allow backslashes. In general, it is recommended to always use forward slashes in configuration files.</p><p></p><p><strong>ErrorLogFormat directive</strong></p><p>Description: Defines the format for error log entries.</p><p></p><p>Syntax:</p><p>Code:</p><p>ErrorLogFormat [connection | request] format</p><p>Context: server config, virtual hosts.</p><p></p><p>ErrorLogFormat allows you to specify what additional information is written to the error log in addition to the actual log message.</p><p></p><p>Code:</p><p># Simple example</p><p>ErrorLogFormat "[% t] [% l] [pid% P]% F:% E: [client% a]% M"</p><p></p><p>Specifying a connection or request as the first parameter allows additional formats to be specified, resulting in additional information being logged when the first message is logged for a specific connection or request, respectively. This additional information is logged only once per connection / request. If the connection or request is processed without any log message, no additional information is logged either.</p><p></p><p>It may happen that some elements of the format string do not produce output. For example, the Referer header is only present if the log message is associated with the request, and the log message appears when the Referer header has already been read from the client. If no output is generated, the default behavior is to remove everything from the previous space to the next space. This means that the log line is implicitly split into fields at the transitions between non-white spaces and white spaces. If a format string element produces no output, the entire field is omitted. For example, if the remote address is <strong>% a</strong> in log format <strong>[% t] [% l] [% a]%</strong>M is not available, surrounding parentheses are also not registered. Space characters can be escaped with a backslash to prevent them from delimiting the field. The combination ' <strong>%</strong> ' (percent and space) is a zero-width field separator that produces no output.</p><p></p><p>The above behavior can be changed by adding modifiers to the format string element. The <strong>-</strong> (minus) modifier causes minus to be written if the corresponding element produces no output. In one-time-per-join / query formats, the <strong>+</strong> (plus) modifier can also be used. If the element with the plus modifier produces no output, the entire line is omitted.</p><p></p><p>A modifier number can be used to assign a log severity to a format element. The item will only be logged if the severity of the log message is not greater than the specified log severity level. The number can range from 1 (alert) to 4 (warn) and 7 (debug) to 15 (trace8).</p><p></p><p>For example, this is what happens if you add modifiers to the <strong>% {Referer} i</strong> token, which registers the Referer request header.</p><p></p><p><strong>% - {Referer} i</strong> - Registers - if Referer is not set.</p><p></p><p><strong>% + {Referer} i</strong> - Omit the entire line if Referer is not set.</p><p></p><p><strong>% 4 {Referer} i</strong> - Registers the Referrer only if the severity of the log message is greater than 4.</p><p></p><p>Some format string elements take additional parameters in curly braces.</p><p></p><p><strong>%%</strong> - A literal percent sign.</p><p></p><p><strong>% a</strong> - Client IP address of the request (see also mod_remoteip module ).</p><p></p><p><strong>% {c} a</strong> - The underlying IP address of the connection (see <a href="https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4425&cc_key=" target="_blank">mod_remoteip</a> ).</p><p></p><p><strong>% A</strong> - Local IP address.</p><p></p><p><strong>% {NAME} e</strong> - Contents of the environment variable request with NAME.</p><p></p><p><strong>% E</strong> - APR / OS status code and error string</p><p></p><p><strong>% F</strong> - Source file name and call log line number</p><p></p><p><strong>% {NAME} i</strong> - NAME of the request header</p><p></p><p><strong>% k</strong> - Number of keep-alive requests for this connection</p><p></p><p><strong>% l</strong> - Log level of the message</p><p></p><p><strong>% L</strong> - Log request ID</p><p></p><p><strong>% {c} L</strong> - Log connection ID</p><p></p><p><strong>% {C} L</strong> - Connection log ID, if used in connection scope, otherwise empty</p><p></p><p><strong>% m</strong> - Name of the module logging the message</p><p></p><p><strong>% M</strong> - Actual log message</p><p></p><p><strong>% {NAME} n</strong> - Process ID of the current process</p><p></p><p><strong>% P</strong> - The ID of the child process that served the request.</p><p></p><p><strong>% T</strong> - Current process ID</p><p></p><p><strong>% {g} T</strong> - Unique system ID of the current thread (same ID as displayed, for example, top; currently only on Linux)</p><p></p><p><strong>% t</strong> - Current time</p><p></p><p><strong>% {u} t</strong> - Current time, including microseconds</p><p></p><p><strong>% {cu} t</strong> - Current time in compact ISO 8601 format, including microseconds</p><p></p><p><strong>% v</strong> - The canonical <a href="https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4435&cc_key=" target="_blank">ServerName of the</a> server serving the request.</p><p></p><p><strong>% V</strong> - Server name according to the <a href="https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4436&cc_key=" target="_blank">UseCanonicalName</a> setting .</p><p></p><p><strong>\ (</strong> backslash <strong>and space)</strong> - Whitespace separator without creating a new field (separator within one field, space within a field)</p><p></p><p><strong>% (percent and space)</strong> - Field separator (no output)</p><p></p><p></p><p>The <strong>% L</strong> log identifier format creates a unique identifier for a connection or request. This can be used to match which log lines belong to the same connection or request, which request is happening with which connection. The <strong>% L</strong> format string is also available in mod_log_config to allow you to correlate access log entries with error log lines. If mod_unique_id is loaded, its unique identifier will be used as the log identifier for requests.</p><p></p><p>Code:</p><p># Example (default format for MPM streams)</p><p>ErrorLogFormat "[% {u} t] [% -m:% l] [pid% P: tid% T]% 7F:% E: [client \% a]% M%, \ referer \% {Referer} i "</p><p></p><p>This can lead to error messages such as:</p><p>Code:</p><p>[Thu May 12 08: 28: 57.652118 2011] [core: error] [pid 8777: tid 4326490112] [client :: 1: 58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico</p><p></p><p>Note that, as discussed above, some of the fields are completely omitted as they are undefined.</p><p></p><p>Code:</p><p># Example (similar to 2.2.x format) ErrorLogFormat "[% t] [% l]% 7F:% E: [client \% a]% M%, \ referer \% {Referer} i"</p><p></p><p>2.</p><p>Code:</p><p># Extended example with request / connection log ids</p><p>ErrorLogFormat "[% {uc} t] [% -m:% - l] [R:% L] [C:% {C} L]% 7F:% E:% M"</p><p>ErrorLogFormat request "[% {uc} t] [R:% L] Request% k on C:% {c} L pid:% P tid:% T"</p><p>ErrorLogFormat request "[% {uc} t] [R:% L] UA: '% + {User-Agent} i'"</p><p>ErrorLogFormat request "[% {uc} t] [R:% L] Referer: '% + {Referer} i'"</p><p>ErrorLogFormat connection "[% {uc} t] [C:% {c} L] local \% a remote \% A"</p><p><strong>LogLevel directive</strong></p><p>Description: Controls the <strong>verbosity of the ErrorLog</strong> .</p><p></p><p>Syntax:</p><p>Code:</p><p>LogLevel [module:] level [module: level] ...</p><p></p><p>Default value:</p><p>Code:</p><p>LogLevel warn</p><p>Context: server config, virtual hosts, directories</p><p></p><p>Compatibility: Module-level and directory-level customization is available in Apache HTTP Server 2.3.6 and later.</p><p></p><p>LogLevel adjusts the verbosity of messages written to error logs (see the ErrorLog directive). The following levels are available in decreasing order of importance:</p><p></p><p>If a specific level is specified, messages from all other levels of higher significance will also be reported. For example, if specified</p><p>Code:</p><p>LogLevel info</p><p>then messages with levels <strong>notice</strong> and <strong>warn</strong> will also be posted.</p><p></p><p>Please note that 404 (file not found) error messages generated by the web server (core) itself have info status:</p><p>Code:</p><p>[Mon Aug 19 05: 21: 07.846623 2019] [core: info] [pid 29057] [client 2604: a880: 2: d0 :: 651: 5001: 50</p><p><img src="https://sun9-42.userapi.com/impf/c855236/v855236597/d0695/XR3XLnlGLEw.jpg?size=807x418&quality=96&sign=82af6746bcb4d8aed95051d5da44946c&type=album" alt="XR3XLnlGLEw.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p></blockquote><p></p>
[QUOTE="Cupper, post: 576, member: 22"] Using [B]syslog[/B] instead of a filename allows logging to syslogd (8) if the system supports it and if mod_syslog is loaded. The default syslog facility is local7, but you can override this using the [B]syslog[/B] syntax [B]: facility[/B], where the [B]facility[/B] can be one of the names usually documented in syslog (1). [B]The tool is[/B] effectively global, and if it changes on individual virtual hosts, the said last [B]resort[/B] affects the entire server. The same rules apply to the [B]syslog[/B] tag, which by default uses the Apache binary name, in most cases httpd. You can also override this using the syntax[B]syslog :: tag[/B]. Code: ErrorLog syslog: user ErrorLog syslog: user: httpd.srv1 ErrorLog syslog :: httpd.srv2 Additional modules can provide their own [B]ErrorLog[/B] providers. The syntax is similar to the syslog example above. SECURITY: See the Security Considerations section to find out why your security could be compromised if the directory where the log files are stored is writable by someone other than the user starting the server. Note: When entering a file path on non-Unix platforms, be careful to only use forward slashes, even though the platform may allow backslashes. In general, it is recommended to always use forward slashes in configuration files. [B]ErrorLogFormat directive[/B] Description: Defines the format for error log entries. Syntax: Code: ErrorLogFormat [connection | request] format Context: server config, virtual hosts. ErrorLogFormat allows you to specify what additional information is written to the error log in addition to the actual log message. Code: # Simple example ErrorLogFormat "[% t] [% l] [pid% P]% F:% E: [client% a]% M" Specifying a connection or request as the first parameter allows additional formats to be specified, resulting in additional information being logged when the first message is logged for a specific connection or request, respectively. This additional information is logged only once per connection / request. If the connection or request is processed without any log message, no additional information is logged either. It may happen that some elements of the format string do not produce output. For example, the Referer header is only present if the log message is associated with the request, and the log message appears when the Referer header has already been read from the client. If no output is generated, the default behavior is to remove everything from the previous space to the next space. This means that the log line is implicitly split into fields at the transitions between non-white spaces and white spaces. If a format string element produces no output, the entire field is omitted. For example, if the remote address is [B]% a[/B] in log format [B][% t] [% l] [% a]%[/B]M is not available, surrounding parentheses are also not registered. Space characters can be escaped with a backslash to prevent them from delimiting the field. The combination ' [B]%[/B] ' (percent and space) is a zero-width field separator that produces no output. The above behavior can be changed by adding modifiers to the format string element. The [B]-[/B] (minus) modifier causes minus to be written if the corresponding element produces no output. In one-time-per-join / query formats, the [B]+[/B] (plus) modifier can also be used. If the element with the plus modifier produces no output, the entire line is omitted. A modifier number can be used to assign a log severity to a format element. The item will only be logged if the severity of the log message is not greater than the specified log severity level. The number can range from 1 (alert) to 4 (warn) and 7 (debug) to 15 (trace8). For example, this is what happens if you add modifiers to the [B]% {Referer} i[/B] token, which registers the Referer request header. [B]% - {Referer} i[/B] - Registers - if Referer is not set. [B]% + {Referer} i[/B] - Omit the entire line if Referer is not set. [B]% 4 {Referer} i[/B] - Registers the Referrer only if the severity of the log message is greater than 4. Some format string elements take additional parameters in curly braces. [B]%%[/B] - A literal percent sign. [B]% a[/B] - Client IP address of the request (see also mod_remoteip module ). [B]% {c} a[/B] - The underlying IP address of the connection (see [URL='https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4425&cc_key=']mod_remoteip[/URL] ). [B]% A[/B] - Local IP address. [B]% {NAME} e[/B] - Contents of the environment variable request with NAME. [B]% E[/B] - APR / OS status code and error string [B]% F[/B] - Source file name and call log line number [B]% {NAME} i[/B] - NAME of the request header [B]% k[/B] - Number of keep-alive requests for this connection [B]% l[/B] - Log level of the message [B]% L[/B] - Log request ID [B]% {c} L[/B] - Log connection ID [B]% {C} L[/B] - Connection log ID, if used in connection scope, otherwise empty [B]% m[/B] - Name of the module logging the message [B]% M[/B] - Actual log message [B]% {NAME} n[/B] - Process ID of the current process [B]% P[/B] - The ID of the child process that served the request. [B]% T[/B] - Current process ID [B]% {g} T[/B] - Unique system ID of the current thread (same ID as displayed, for example, top; currently only on Linux) [B]% t[/B] - Current time [B]% {u} t[/B] - Current time, including microseconds [B]% {cu} t[/B] - Current time in compact ISO 8601 format, including microseconds [B]% v[/B] - The canonical [URL='https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4435&cc_key=']ServerName of the[/URL] server serving the request. [B]% V[/B] - Server name according to the [URL='https://vk.com/away.php?to=https%3A%2F%2Fhackware.ru%2F%3Fgoto%3D4436&cc_key=']UseCanonicalName[/URL] setting . [B]\ ([/B] backslash [B]and space)[/B] - Whitespace separator without creating a new field (separator within one field, space within a field) [B]% (percent and space)[/B] - Field separator (no output) The [B]% L[/B] log identifier format creates a unique identifier for a connection or request. This can be used to match which log lines belong to the same connection or request, which request is happening with which connection. The [B]% L[/B] format string is also available in mod_log_config to allow you to correlate access log entries with error log lines. If mod_unique_id is loaded, its unique identifier will be used as the log identifier for requests. Code: # Example (default format for MPM streams) ErrorLogFormat "[% {u} t] [% -m:% l] [pid% P: tid% T]% 7F:% E: [client \% a]% M%, \ referer \% {Referer} i " This can lead to error messages such as: Code: [Thu May 12 08: 28: 57.652118 2011] [core: error] [pid 8777: tid 4326490112] [client :: 1: 58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico Note that, as discussed above, some of the fields are completely omitted as they are undefined. Code: # Example (similar to 2.2.x format) ErrorLogFormat "[% t] [% l]% 7F:% E: [client \% a]% M%, \ referer \% {Referer} i" 2. Code: # Extended example with request / connection log ids ErrorLogFormat "[% {uc} t] [% -m:% - l] [R:% L] [C:% {C} L]% 7F:% E:% M" ErrorLogFormat request "[% {uc} t] [R:% L] Request% k on C:% {c} L pid:% P tid:% T" ErrorLogFormat request "[% {uc} t] [R:% L] UA: '% + {User-Agent} i'" ErrorLogFormat request "[% {uc} t] [R:% L] Referer: '% + {Referer} i'" ErrorLogFormat connection "[% {uc} t] [C:% {c} L] local \% a remote \% A" [B]LogLevel directive[/B] Description: Controls the [B]verbosity of the ErrorLog[/B] . Syntax: Code: LogLevel [module:] level [module: level] ... Default value: Code: LogLevel warn Context: server config, virtual hosts, directories Compatibility: Module-level and directory-level customization is available in Apache HTTP Server 2.3.6 and later. LogLevel adjusts the verbosity of messages written to error logs (see the ErrorLog directive). The following levels are available in decreasing order of importance: If a specific level is specified, messages from all other levels of higher significance will also be reported. For example, if specified Code: LogLevel info then messages with levels [B]notice[/B] and [B]warn[/B] will also be posted. Please note that 404 (file not found) error messages generated by the web server (core) itself have info status: Code: [Mon Aug 19 05: 21: 07.846623 2019] [core: info] [pid 29057] [client 2604: a880: 2: d0 :: 651: 5001: 50 [IMG alt="XR3XLnlGLEw.jpg"]https://sun9-42.userapi.com/impf/c855236/v855236597/d0695/XR3XLnlGLEw.jpg?size=807x418&quality=96&sign=82af6746bcb4d8aed95051d5da44946c&type=album[/IMG] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Apache logs 2023
Top