11.21 Apache訪問日誌

訪問日誌目錄概要

• 訪問日誌記錄用戶的每個請求
• vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

• 把虛擬主機配置文件改爲以下：

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/www.123.com"
    ServerName www.123.com
    ServerAlias 123.com
    CustomLog "logs/123.com-access_log" combined
</VirtualHost>

• 從新加載配置文件 -t,graceful
• curl -x127.0.0.1:80 -I 123.com
• tail /usr/local/apache2.4/logs/123.com-access_log

訪問日誌

• 訪問日誌，就是在瀏覽器中輸入網址，每一次訪問，每一次請求，都會生成一個日誌
• 查看apache2.4的日誌

[root@hf-01 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log
[root@hf-01 ~]#

• 查看111.com訪問日誌
  • 日誌裏面的HEAD都是curl命令致使的
  • 日誌裏面的GET就是不加 -I參數的，在加上-I只會輸出狀態碼，並不會把內容GET下來
  • 日誌裏面包含 來源的IP，時間 ， 行爲 ，訪問的域名 ， HTTP的版本1.1 ，狀態碼 ， 大小

[root@hf-01 ~]# ls /usr/local/apache2.4/logs/111.com-access_log 
/usr/local/apache2.4/logs/111.com-access_log
[root@hf-01 ~]# cat !$
cat /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [20/Dec/2017:23:29:53 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:23:34:22 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - - [20/Dec/2017:23:36:57 +0800] "GET HTTP://111.com HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:52 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:48:41 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - hanfeng [20/Dec/2017:23:49:04 +0800] "GET / HTTP/1.1" 200 7
127.0.0.1 - hanfeng [20/Dec/2017:23:57:06 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [20/Dec/2017:23:59:16 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:07 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:21 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:37 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:41 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
[root@hf-01 ~]#

定義日誌文件格式

• 上面輸出的日誌太過簡單，不是咱們所須要的日誌格式，日誌其實能夠自定義格式的

1. 打開主配置文件

• 默認使用的是common
• %h，來源IP
• %l，用戶
• %u，用戶名和密碼
• %t，時間
• %r，行爲和網站
• %>s，網站狀態碼
• %b，頁面大小
• {Referer}i 表示訪問頁面的上一個所訪問的頁面
• %{User-Agent}i 表示用戶代理，是經過瀏覽器訪問，仍是curl命令訪問，最終得到網站的內容，瀏覽器就是用戶代理

[root@hf-01 ~]# vim /usr/local/apache2.4/conf/httpd.conf ——>不更改信息

搜索 /LogFormat ，看到的就是文件格式，這裏提供了兩個文件的格式，默認使用的是common

     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

2. 打開虛擬機配置文件

[root@hf-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

未更改前
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

更改後，將common 改成 combined 

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined
</VirtualHost>

3. 檢查配置文件是否存在語法錯誤，並重啓配置文件

[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@hf-01 ~]#

4. 使用curl命令訪問網址

[root@hf-01 ~]# curl -x192.168.202.150:80 http://111.com123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 13:50:10 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@hf-01 ~]#

5. 再用瀏覽器訪問下網址

6. 查看日誌文件

• 會看到日誌文件豐富了

[root@hf-01 ~]# tail !$
tail /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
[root@hf-01 ~]#

7. 測試{Referer}i ，在論壇新建一個筆記，測試網址，加入本身的測試連接，並在日誌中打開本身的測試連接
8. 再來查看日誌文件，會看到生成了{Referer}i

[root@hf-01 ~]# tail -5 /usr/local/apache2.4/logs/111.com-access_log
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:22:04:27 +0800] "GET /123.php HTTP/1.1" 200 7 "http://ask.apelearn.com/question/17687" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
[root@hf-01 ~]#