11.21 Apache访问日志

时间:2022-04-27
本文章向大家介绍11.21 Apache访问日志,主要内容包括访问日志目录概要、访问日志、基本概念、基础应用、原理机制和需要注意的事项等,并结合实例形式分析了其使用技巧,希望通过本文能帮助到大家理解应用这部分内容。

访问日志目录概要

  • 访问日志记录用户的每一个请求
  • vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
  • 把虚拟主机配置文件改成如下:
 <VirtualHost *:80>
    DocumentRoot "/data/wwwroot/www.123.com"
    ServerName www.123.com
    ServerAlias 123.com
    CustomLog "logs/123.com-access_log" combined
</VirtualHost>
  • 重新加载配置文件 -t,graceful
  • curl -x127.0.0.1:80 -I 123.com
  • tail /usr/local/apache2.4/logs/123.com-access_log

访问日志

  • 访问日志,就是在浏览器中输入网址,每一次访问,每一次请求,都会生成一个日志
  • 查看apache2.4的日志
[root@hf-01 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log
[root@hf-01 ~]#
  • 查看111.com访问日志
    • 日志里面的HEAD都是curl命令导致的
    • 日志里面的GET就是不加 -I参数的,在加上-I只会输出状态码,并不会把内容GET下来
    • 日志里面包含 来源的IP,时间 , 行为 ,访问的域名 , HTTP的版本1.1 ,状态码 , 大小
[root@hf-01 ~]# ls /usr/local/apache2.4/logs/111.com-access_log 
/usr/local/apache2.4/logs/111.com-access_log
[root@hf-01 ~]# cat !$
cat /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [20/Dec/2017:23:29:53 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:23:34:22 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - - [20/Dec/2017:23:36:57 +0800] "GET HTTP://111.com HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:35 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:42:52 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - - [20/Dec/2017:23:48:41 +0800] "GET / HTTP/1.1" 401 381
192.168.202.1 - hanfeng [20/Dec/2017:23:49:04 +0800] "GET / HTTP/1.1" 200 7
127.0.0.1 - hanfeng [20/Dec/2017:23:57:06 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [20/Dec/2017:23:59:16 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:07 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:19:21 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:37 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:19:41 +0800] "GET HTTP://111.com HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
[root@hf-01 ~]#

定义日志文件格式

  • 上面输出的日志太过简单,不是我们所需要的日志格式,日志其实可以自定义格式的
  1. 打开主配置文件
  • 默认使用的是common
  • %h,来源IP
  • %l,用户
  • %u,用户名和密码
  • %t,时间
  • %r,行为和网站
  • %>s,网站状态码
  • %b,页面大小
  • {Referer}i 表示访问页面的上一个所访问的页面
  • %{User-Agent}i 表示用户代理,是通过浏览器访问,还是curl命令访问,最终获得网站的内容,浏览器就是用户代理
[root@hf-01 ~]# vim /usr/local/apache2.4/conf/httpd.conf ——>不更改信息

搜索 /LogFormat ,看到的就是文件格式,这里提供了两个文件的格式,默认使用的是common

     LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h %l %u %t "%r" %>s %b" common
  1. 打开虚拟机配置文件
[root@hf-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

未更改前
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

更改后,将common 改为 combined 

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com  2111.com.cn
   # <Directory /data/wwwroot/111.com> 
   # <FilesMatch 123.php>
   #     AllowOverride AuthConfig
   #     AuthName "111.com user auth"
   #     AuthType Basic
   #     AuthUserFile /data/.htpasswd
   #     require valid-user
   # </FilesMatch>
    #</Directory>
   <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined
</VirtualHost>
  1. 检查配置文件是否存在语法错误,并重启配置文件
[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@hf-01 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@hf-01 ~]#
  1. 使用curl命令访问网址
[root@hf-01 ~]# curl -x192.168.202.150:80 http://111.com123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 13:50:10 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@hf-01 ~]#
  1. 再用浏览器访问下网址
  1. 查看日志文件
  • 会看到日志文件丰富了
[root@hf-01 ~]# tail !$
tail /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [21/Dec/2017:00:24:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:00:25:42 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - hanfeng [21/Dec/2017:00:27:43 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 155
127.0.0.1 - hanfeng [21/Dec/2017:00:29:05 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - hanfeng [21/Dec/2017:00:52:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
[root@hf-01 ~]#
  1. 测试{Referer}i ,在论坛新建一个笔记,测试网址,加入自己的测试链接,并在日志中打开自己的测试链接
  2. 再来查看日志文件,会看到生成了{Referer}i
[root@hf-01 ~]# tail -5 /usr/local/apache2.4/logs/111.com-access_log
192.168.202.130 - - [21/Dec/2017:21:07:37 +0800] "HEAD HTTP://2111.com.cn HTTP/1.1" 301 -
192.168.202.130 - - [21/Dec/2017:21:51:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:21:51:32 +0800] "GET /123.php HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
192.168.202.130 - - [21/Dec/2017:21:55:08 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.1 - - [21/Dec/2017:22:04:27 +0800] "GET /123.php HTTP/1.1" 200 7 "http://ask.apelearn.com/question/17687" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
[root@hf-01 ~]#

随机文章
本站知识点必读
最近更新