11.21 Apache访问日志

时间 2019-11-12

原文原文链接

访问日志目录概要

访问日志记录用户的每个请求
vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

把虚拟主机配置文件改为以下：

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/www.123.com"
    ServerName www.123.com
    ServerAlias 123.com
    CustomLog "logs/123.com-access_log" combined
</VirtualHost>

从新加载配置文件 -t,graceful
curl -x127.0.0.1:80 -I 123.com
tail /usr/local/apache2.4/logs/123.com-access_log

访问日志

访问日志，就是在浏览器中输入网址，每一次访问，每一次请求，都会生成一个日志
查看apache2.4的日志

[root@hf-01 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log
[root@hf-01 ~]#

查看111.com访问日志
- 日志里面的HEAD都是curl命令致使的
- 日志里面的GET就是不加 -I参数的，在加上-I只会输出状态码，并不会把内容GET下来
- 日志里面包含来源的IP，时间，行为，访问的域名， HTTP的版本1.1 ，状态码，大小

[root@hf-01 ~]# ls /usr/local/apache2.4/logs/111.com-access_log 
/usr/local/apache2.4/logs/111.com-access_log
[root@hf-01 ~]# cat !$
cat /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [20/Dec/2017:23:29:53 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:23:34:22 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - - [20/Dec/2017:23:36:57 +0800] "GET HTTP://111.com HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:52 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:48:41 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - hanfeng [20/Dec/2017:23:49:04 +0800] "GET / HTTP/1.1" 200 7
127.0.0.1 - hanfeng [20/Dec/2017:23:57:06 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [20/Dec/2017:23:59:16 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:07 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:21 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:37 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:41 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
[root@hf-01 ~]#

定义日志文件格式

上面输出的日志太过简单，不是咱们所须要的日志格式，日志其实能够自定义格式的

打开主配置文件

默认使用的是common
%h，来源IP
%l，用户
%u，用户名和密码
%t，时间
%r，行为和网站
%>s，网站状态码
%b，页面大小
{Referer}i 表示访问页面的上一个所访问的页面
%{User-Agent}i 表示用户代理，是经过浏览器访问，仍是curl命令访问，最终得到网站的内容，浏览器就是用户代理

[root@hf-01 ~]# vim /usr/local/apache2.4/conf/httpd.conf ——>不更改信息

搜索 /LogFormat ，看到的就是文件格式，这里提供了两个文件的格式，默认使用的是common

     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

打开虚拟机配置文件

[root@hf-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

未更改前
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

更改后，将common 改成 combined 

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined
</VirtualHost>

检查配置文件是否存在语法错误，并重启配置文件

[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@hf-01 ~]#

使用curl命令访问网址

[root@hf-01 ~]# curl -x192.168.202.150:80 http://111.com123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 13:50:10 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@hf-01 ~]#

再用浏览器访问下网址

查看日志文件

会看到日志文件丰富了

[root@hf-01 ~]# tail !$
tail /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
[root@hf-01 ~]#

测试{Referer}i ，在论坛新建一个笔记，测试网址，加入本身的测试连接，并在日志中打开本身的测试连接
再来查看日志文件，会看到生成了{Referer}i

[root@hf-01 ~]# tail -5 /usr/local/apache2.4/logs/111.com-access_log
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:22:04:27 +0800] "GET /123.php HTTP/1.1" 200 7 "http://ask.apelearn.com/question/17687" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
[root@hf-01 ~]#