httpd

http://httpd.apache.org/docs/2.2/logs.html

 

httpd.conf文件

Configuration and logfile names: If the filenames you specify for many of the server's control files begin with "/" (or "drive:/" for Win32), the server will use that explicit path.  
配置和日誌文件名：若是你指定的多數服務器控制文件以/開頭，服務器將使用顯式路徑。
If the filenames do *not* begin with "/", the value of ServerRoot is prepended -- so "logs/foo.log" with ServerRoot set to "/etc/httpd" will be interpreted by the server as "/etc/httpd/logs/foo.log".
若是文件名不以/開頭，而且serverroot的值預設--那麼設置serverroot值爲/etc/httpd/的logs/foo.log將被服務器解釋爲/etc/httpd/logs/foo.log。

 

目錄

    Security Warning
    Error Log
    Access Log
    Log Rotation
    Piped Logs
    Virtual Hosts
    Other Log Files
    Comments

 

In order to effectively manage a web server, it is necessary to get feedback about the activity and performance of the server as well as any problems that may be occurring.
爲了有效地管理一個web server，獲得關於服務器事務與性能和可能發生的任何問題的反饋是很必要的。
The Apache HTTP Server provides very comprehensive and flexible logging capabilities. This document describes how to configure its logging capabilities, and how to understand what the logs contain.
apache http server 提供了很是方便與靈活的日誌記錄功能。本文檔描述瞭如何配置它的日誌記錄功能，和如何理解日誌的內容。

Security Warning

Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root.
任何人只要對apache寫日誌的目錄有寫權限，幾乎都能得到server啓動的uid，通常爲root。
Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see the security tips document for details.
沒有明確的結果，存放日誌的目錄就不要開放寫權限。參見安全細節。
In addition, log files may contain information supplied directly by the client, without escaping.
此外，日誌文件可能包含直接由客戶端提供的信息。
Therefore, it is possible for malicious clients to insert control-characters in the log files, so care must be taken in dealing with raw logs.
所以，惡意用戶插入控制字符到日誌文件是極可能的，因此必須謹慎處理原始日誌。

 

Error log

The server error log, whose name and location is set by the ErrorLog directive, is the most important log file.
服務器錯誤日誌，它的名字與位置由Errorlog 指令設置，是最重要的日誌文件。
This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests.
這裏是apache httpd將發送診斷信息和記錄任何在遇處處理請求時發生錯誤的地方。
It is the first place to look when a problem occurs with starting the server or with the operation of the server, since it will often contain details of what went wrong and how to fix it.
它是當在啓動服務器或服務器操做時發生問題的第一個要查看的地方，它常常包含出錯和修正它的細節。
The error log is usually written to a file (typically error_log on Unix systems and error.log on Windows and OS/2). On Unix systems it is also possible to have the server send errors to syslog or pipe them to a program.
錯誤日誌一般寫到一個文件（典型是在unix中是error_log和windows與os/2中是error.log）。在unix中讓服務器發送錯誤給syslog或管道它們到一個程序也是可能的。

The format of the error log is relatively free-form and descriptive. But there is certain information that is contained in most error log entries. For example, here is a typical message.
錯誤日誌格式是相對自由和描述性的。但在多很多天志項中，它裏面包含着主要信息。例如，下面是一個典型的消息：
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
The first item in the log entry is the date and time of the message. The second item lists the severity of the error being reported.
日誌項的第一項是消息的日期與時間。第二項列出錯誤報告的嚴重程度。
The LogLevel directive is used to control the types of errors that are sent to the error log by restricting the severity level.
loglevel指令被用來控制發送給錯誤日誌的錯誤類型
The third item gives the IP address of the client that generated the error. Beyond that is the message itself, which in this case indicates that the server has been configured to deny the client access.
第三項給出生成錯誤的客戶ip。剩下的是消息自己，在這個消息中指示服務器已經配置爲拒絕客戶訪問。
The server reports the file-system path (as opposed to the web path) of the requested document.
服務器報告請求文檔的文件系統路徑（與web路徑徹底不一樣） 

 

Access log

The server access log records all requests processed by the server. The location and content of the access log are controlled by the CustomLog directive.
server訪問日誌記錄全部由服務器處理的請求。位置和訪問日誌的內容由customlog 指令控制。
The LogFormat directive can be used to simplify the selection of the contents of the logs. This section describes how to configure the server to record information in the access log.
logformat 指令能簡化日誌內容的選取。這部分描述了在訪問日誌裏如何配置服務器記錄信息。

Of course, storing the information in the access log is only the start of log management. The next step is to analyze this information to produce useful statistics.
固然，在訪問日誌裏存儲信息只是日誌管理的開始。下一步是分析信息來生產有用的統計。
Log analysis in general is beyond the scope of this document, and not really part of the job of the web server itself.
常規的日誌分析都屬於本文檔的範疇，不是web server自己任務的一部分。
For more information about this topic, and for applications which perform log analysis, check the Open Directory or Yahoo.
要獲取關於本主題的更多信息，和完成日誌分析的應用，檢查開放目錄或yahoo。

Various versions of Apache httpd have used other modules and directives to control access logging, including mod_log_referer, mod_log_agent, and the TransferLog directive.
apache httpd的多個版本曾經使用其它模塊和指令來控制訪問記錄，包括mod_log_referer, mod_log_agent, and the TransferLog指令。
The CustomLog directive now subsumes the functionality of all the older directives.
customlog指令如今包含了全部老指令的功能。

The format of the access log is highly configurable. The format is specified using a format string that looks much like a C-style printf(1) format string.
訪問日誌的格式是高度可配置的。格式使用一個看起來更像C風格 printf格式字符串的格式字符串來指定。
Some examples are presented in the next sections. For a complete list of the possible contents of the format string, see the mod_log_config format strings.
一些樣例在下一部分展現。要獲取一個可能格式字符串內容的徹底列表，參見mod_log_format格式字符串。

 

Log Rotation
日誌輪替
On even a moderately busy server, the quantity of information stored in the log files is very large. The access log file typically grows 1 MB or more per 10,000 requests.
即便在一個適度繁忙的服務器上，存儲在日誌文件裏的信息數量是很是大的。訪問日誌一般每10000次請求增加1M或更多。
It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs.
所以移動或刪除已經存在的日誌來週期性的輪替日誌文件是頗有必要的
This cannot be done while the server is running, because Apache will continue writing to the old log file as long as it holds the file open.
當server運行的時候不能輪替，由於只要apache保持文件打開就會繼續寫老的文件。
Instead, the server must be restarted after the log files are moved or deleted so that it will open new log files.
因此，server必須在日誌文件移動或刪除後重啓以便server打開新的日誌文件。
By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients.
使用一個優雅的重啓，server能被指示打開新的日誌文件而不用丟失任何來自客戶端的已存在或試圖訪問的鏈接。


However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests.
然而，爲了實現這個目標，server必須繼續完成服務老的請求的同時寫老的文件。
It is therefore necessary to wait for some time after the restart before doing any processing on the log files.
因些在重啓以後，對日誌文件作任何處理以前等待一些時間是必須的。
A typical scenario that simply rotates the logs and compresses the old logs to save space is:
簡單地輪替日誌並壓縮老的日誌來節約空間的一個典型的場景是：

mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old

Another way to perform log rotation is using piped logs as discussed in the next section.
另外一種完成日誌輪替的方法是在下一部分要討論的管道日誌。

Piped Logs
管道日誌
Apache httpd is capable of writing error and access log files through a pipe to another process, rather than directly to a file.
apache httpd 有能爲經過一個管道寫錯誤與訪問日誌到另外一個進程，而非直接至一個文件。
This capability dramatically increases the flexibility of logging, without adding code to the main server.
這個能力顯著地增長了記錄的靈活性，不用添加代碼到主server。
In order to write logs to a pipe, simply replace the filename with the pipe character "|", followed by the name of the executable which should accept log entries on its standard input.
爲了寫日誌給一個管道，簡單地用管道符|替換文件名，跟隨可執行程序名字，這個程序應該在它的標準輸入上接受日誌項。
Apache will start the piped-log process when the server starts, and will restart it if it crashes while the server is running. (This last feature is why we can refer to this technique as "reliable piped logging".)
當server啓動時，apache將啓動一個管道日誌進程，而且服務器運行的同時，假如管道當機能夠重啓。（最後一個特性就是爲何咱們能稱這項技術爲「可靠的管道日誌」）
Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root.
管道日誌進程由httpd父進程派生，繼承了父進程的uid。這意味着管道日誌程序一般以root運行。
It is therefore very important to keep the programs simple and secure.
所以保持程序簡單和安全是很是重要的。
One important use of piped logs is to allow log rotation without having to restart the server.
管道日誌的一個重要用法是容許輪替而不用重啓server。
The Apache HTTP Server includes a simple program called rotatelogs for this purpose. For example, to rotate the logs every 24 hours, you can use:
server包含一個簡單的程序，叫作rotatelogs來達到這個目的。例如，每24小時輪替日誌，你能使用：
CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 60" common 這個可能不能正常使用，因此用下面的那一條，加入下面的一條指令，而後訪問頁面，日誌就會在一分鐘後替換。

Notice that quotes are used to enclose the entire command that will be called for the pipe. Although these examples are for the access log, the same technique can be used for the error log.
注意雙引號被用來封閉由管道調用的整個命令。儘管這個例子被用於訪問日誌，一樣的技術也能用於error_log。
As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available.

By default the piped log process is spawned using a shell. (usually with /bin/sh -c). Depending on the shell specifics invocation via shell might lead to an additional shell process for the lifetime of the logging pipe program and signal handling problems during restart.

Use "||" instead of "|" to spawn without invoking a shell:

# Invoke "rotatelogs" without using a shell
CustomLog "||/usr/local/apache/bin/rotatelogs /var/log/access_log 60" common