【CentOS 7架構9】,Apache訪問日誌#171221

時間  2019-12-06
標籤 CentOS 7架構9 apache 訪問 日誌 欄目 Apache 简体版
原文   原文鏈接

shallow丿ovephp

Apache訪問日誌

  • 訪問日誌記錄用戶的每個請求
  • vi /usr/local/apache2.4/conf/httpd.conf LogFormat "%h %I %u %t "%r" %>s %b "%{Referer}i""%{User-Agent}i""combined LogFormat "%h %I %u %t "%r" %>s %b "common
  • 將虛擬主機配置文件改爲以下: <VirtualHost *:80> DocumentRoot "/data/wwwroot/www.111.com" ServerName www.111.com ServerAlias 111.com Customlog "logs/111.com-access_log"combined </VirtualHost>
  • 從新加載配置文件-t,graceful
  • curl -x 127.0.0.1:80 -I 111.com
  • tail /usr/local/apache2.4/logs/111.com-access_log
[root@localhost ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log
[root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.9.134 - - [04/Nov/2017:10:12:12 +0800] "GET HTTP://www.example.com HTTP/1.1" 200 13
192.168.9.134 - - [04/Nov/2017:10:13:11 +0800] "GET HTTP://111.com HTTP/1.1" 200 13
127.0.0.1 - - [04/Nov/2017:12:09:20 +0800] "GET HTTP://111.com HTTP/1.1" 401 381
127.0.0.1 - - [04/Nov/2017:12:10:05 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
192.168.9.1 - - [04/Nov/2017:12:12:24 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.9.1 - - [04/Nov/2017:12:12:25 +0800] "GET / HTTP/1.1" 401 381
192.168.9.1 - - [04/Nov/2017:12:12:25 +0800] "GET / HTTP/1.1" 401 381
192.168.9.1 - user [04/Nov/2017:12:13:36 +0800] "GET / HTTP/1.1" 200 13
127.0.0.1 - user [04/Nov/2017:12:15:43 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - user [04/Nov/2017:12:15:48 +0800] "GET HTTP://111.com HTTP/1.1" 200 13
192.168.9.1 - - [04/Nov/2017:12:29:11 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - user [04/Nov/2017:12:29:16 +0800] "GET /user.php HTTP/1.1" 200 10
192.168.9.1 - user [04/Nov/2017:12:29:22 +0800] "GET /user.php HTTP/1.1" 200 10
127.0.0.1 - user [04/Nov/2017:12:30:00 +0800] "GET HTTP://111.com HTTP/1.1" 200 13
127.0.0.1 - - [04/Nov/2017:12:30:15 +0800] "GET HTTP://111.com HTTP/1.1" 200 13
127.0.0.1 - - [04/Nov/2017:12:30:29 +0800] "GET HTTP://111.com/user.php HTTP/1.1" 401 381
127.0.0.1 - user [04/Nov/2017:12:30:41 +0800] "GET HTTP://111.com/user.php HTTP/1.1" 200 10
192.168.9.1 - user [04/Nov/2017:12:32:12 +0800] "GET /user.php HTTP/1.1" 200 10
192.168.9.1 - user [04/Nov/2017:12:32:16 +0800] "GET / HTTP/1.1" 200 13
192.168.9.1 - user [04/Nov/2017:12:32:24 +0800] "GET /user.php HTTP/1.1" 200 10
192.168.9.1 - - [04/Nov/2017:13:06:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:13:06:29 +0800] "GET / HTTP/1.1" 200 13
192.168.9.1 - - [04/Nov/2017:13:06:58 +0800] "GET /user.php HTTP/1.1" 401 381
192.168.9.1 - user [04/Nov/2017:13:07:03 +0800] "GET /user.php HTTP/1.1" 200 10
192.168.9.134 - - [04/Nov/2017:13:44:37 +0800] "HEAD HTTP://www.example.com HTTP/1.1" 301 -
192.168.9.134 - - [04/Nov/2017:13:44:56 +0800] "GET HTTP://www.example.com HTTP/1.1" 301 223
192.168.9.134 - - [04/Nov/2017:13:45:59 +0800] "GET HTTP://www.example.com/111111 HTTP/1.1" 301 229
192.168.9.134 - - [04/Nov/2017:13:46:24 +0800] "HEAD HTTP://www.example.com/111111 HTTP/1.1" 301 -
192.168.9.134 - - [04/Nov/2017:13:47:14 +0800] "HEAD HTTP://www.example.com/1dasdasdas HTTP/1.1" 301 -
192.168.9.134 - - [04/Nov/2017:13:47:48 +0800] "HEAD http://111.com/1dasdasdas HTTP/1.1" 404 -
192.168.9.134 - - [04/Nov/2017:13:48:28 +0800] "HEAD http://111.com/user.php HTTP/1.1" 200 -
192.168.9.134 - - [04/Nov/2017:13:55:08 +0800] "GET HTTP://111.com HTTP/1.1" 403 209
192.168.9.134 - - [04/Nov/2017:13:55:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 403 -
192.168.9.1 - - [04/Nov/2017:13:58:02 +0800] "GET /favicon.ico HTTP/1.1" 301 234
192.168.9.1 - - [04/Nov/2017:13:58:02 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:13:58:05 +0800] "GET / HTTP/1.1" 301 223
192.168.9.1 - - [04/Nov/2017:13:58:05 +0800] "GET / HTTP/1.1" 200 13
192.168.9.1 - - [04/Nov/2017:14:00:51 +0800] "GET / HTTP/1.1" 200 13
192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 301 234
192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 301 234
192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:14:01:28 +0800] "GET / HTTP/1.1" 200 13

HEAD爲-I,GEThtml

日誌內容格式能夠更改apache

[root@localhost ~]# vi /usr/local/apache2.4/conf/httpd.conf
/LogFormat
    279 LogLevel warn
    280 
    281 <IfModule log_config_module>
    282     #
    283     # The following directives define some format nicknames for use with
    284     # a CustomLog directive (see below).
    285     #
    286     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    287     LogFormat "%h %l %u %t \"%r\" %>s %b" common
    288 
    289     <IfModule logio_module>
    290       # You need to enable mod_logio.c to use %I and %O
    291       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    292     </IfModule>
    293 
    294     #

%h來源ip %l用戶 %u用戶和密碼 %t時間 %r方式 %s狀態碼 %b大小 %{Referer}i跳轉路徑(從哪裏點擊) %{User-Agent}i瀏覽器代理瀏覽器

[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
     36 #    <FilesMatch user.php>
     37 #       AllowOverride AuthConfig
     38 #       AuthName "111.com user auth"
     39 #       AuthType Basic
     40 #       AuthUserFile /data/.htpasswd
     41 #       require valid-user
     42 #    </FilesMatch>
     43 #    </Directory>
     44     <IfModule mod_rewrite.c>
     45         RewriteEngine on
     46         RewriteCond %{HTTP_HOST} !^111.com$
     47         RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
     48     </IfModule>
     49     ErrorLog "logs/111.com-error_log"
     50     CustomLog "logs/111.com-access_log" common
     51 </VirtualHost>

將50的CustomLog "logs/111.com-access_log" common中的common改成combinedcurl

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# curl -x 127.0.0.1:80 http://111.com/user.php -I
HTTP/1.1 200 OK
Date: Sat, 04 Nov 2017 06:33:52 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

[root@localhost ~]# curl -x 127.0.0.1:80 http://111.com/user.php
hello!user
[root@localhost ~]# vi /data/wwwroot/abc.com/abc.html
<a href=http://111.com/user.php>hello</a>

而後在Windows下使用瀏覽器訪問111.com/user.phpide

[root@localhost ~]# tail /usr/local/apache2.4/logs/111.com-access_log 
192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 301 234
192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 301 234
192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.9.1 - - [04/Nov/2017:14:01:28 +0800] "GET / HTTP/1.1" 200 13
127.0.0.1 - - [04/Nov/2017:14:33:52 +0800] "HEAD http://111.com/user.php HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [04/Nov/2017:14:34:03 +0800] "GET http://111.com/user.php HTTP/1.1" 200 10 "-" "curl/7.29.0"
192.168.9.1 - - [04/Nov/2017:14:35:24 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.9.1 - - [04/Nov/2017:14:35:25 +0800] "GET /user.php HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"
192.168.9.1 - - [04/Nov/2017:14:44:00 +0800] "GET /user.php HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"

而Referer則須要經過上級連接點擊才能顯示出來ui

經過日誌能夠了解到用戶ip、用戶名、時間、行爲方式、上級連接、以及系統等一些信息url

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程