LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Confused about httpd log format and files (https://www.linuxquestions.org/questions/linux-server-73/confused-about-httpd-log-format-and-files-4175734722/)

mfoley 03-09-2024 11:59 AM
Confused about httpd log format and files
 
I have the following configured in my httpd.conf (comments removed):
Code:
LogLevel warn

<IfModule log_config_module>
    LogFormat "%{%Y-%m-%d %H:%M:%S}t %h %>s %B \"%{User-Agent}i\" \"%m %U%q\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
   
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
     
    CustomLog "/var/log/httpd/access_log" common
     
</IfModule>
First of all, what are the various qualifiers "combined", "common" and "combindeio"? I don't understand these.

More inportantly, I want the format shown that I've highlighted -- I've used this elsewhere, instead in access_log I get what appears to be the format beneath it:
Code:
87.236.176.2 - - [09/Mar/2024:12:48:14 -0500] "GET / HTTP/1.1" 200 4723
If I comment out that one (right after the highlight) I get lines of the word "common":
Code:
209.97.152.248 - - [09/Mar/2024:12:50:03 -0500] "GET /images/favicon.ico HTTP/1.1" 200 5430 (<-- before changing LogFormat)
common (<-- after changing LogFormat)
common
common
common
What do I need to do to get the highlighted format working?

wpeckham 03-09-2024 12:35 PM
Might one presume this is the Apache HTTPD?
And if so, that it is the version from the current SLACKWARE sets?

frankbell 03-09-2024 08:39 PM
If it is indeed Apache (as "httpd" leads me to believe), this article may be helpful.

wpeckham 03-09-2024 11:00 PM
FYI: I have used 5 different HTTPD servers, and I am sure I have not used all of the ones that exist. The Apache HTTPD is only the best known right now.
The NCSA HTTPd server came first, and the early Apache HTTPD server was based upon that.

jayjwa 03-10-2024 10:58 PM
Quote:
First of all, what are the various qualifiers "combined", "common" and "combindeio"?
As per the docs (which in a basic Apache install land in /manual/logs.html in your webroot), "This defines the nickname common and associates it with a particular log format string." According to that, you likely want the line to be

Code:
CustomLog "/var/log/httpd/access_log" combined
which is what I use right now. They are defining log formats, and when you comment it out you remove the definition.

mfoley 03-11-2024 12:57 AM
Quote:
Originally Posted by wpeckham (Post 6488622)
Might one presume this is the Apache HTTPD?
And if so, that it is the version from the current SLACKWARE sets?
Yes Apache httpd. Slackware 15.0, not Current.
Quote:
Originally Posted by jayjwa (Post 6488908)
As per the docs (which in a basic Apache install land in /manual/logs.html in your webroot), "This defines the nickname common and associates it with a particular log format string." According to that, you likely want the line to be

Code:
CustomLog "/var/log/httpd/access_log" combined
which is what I use right now. They are defining log formats, and when you comment it out you remove the definition.
That worked! The CustomLog for common was not commented out, but the log format I wanted specified combined. I changed that to
Code:
LogFormat "%{%Y-%m-%d %H:%M:%S}t %h %>s %B \"%{User-Agent}i\" \"%m %U%q\"" common
And it started logging what I wanted. Thanks.

(Still not sure of what the various common, combined, and combinedio nicknames do, but maybe those don't apply in my case.)

descendant_command 03-11-2024 04:51 AM
You should leave the log format definitions alone and specify which one you want to use in the vhost definition, as in jayjwa's post.

It seems you have 'common' specified when you want 'combined'.

mfoley 03-11-2024 09:44 PM
Quote:
Originally Posted by descendant_command (Post 6488958)
You should leave the log format definitions alone and specify which one you want to use in the vhost definition, as in jayjwa's post.

It seems you have 'common' specified when you want 'combined'.
As long as your suggesting ... Why would I want 'combined' versus 'common'? What exactly is the difference/purpose of combined versus common versus combindeio? Are there designates purposes for each of these "aliases"? Is "combined" the normal/standard one to used? Combined with what? I find this aspect of http logs quite confusing if they all end up in access_log anyway. The docs don't really this clarify for me.

descendant_command 03-12-2024 06:37 AM
No idea where they originate, you could label them barry, dave or short, if you want.

My point is that the httpd.conf contains the format definition, specifying the layout and an arbitrary label for it, which you can then call by label in each vhost without having to recreate the format template all over again.

Pick one that matches what you want to see in your logs, or make your own.


All times are GMT -5. The time now is 05:24 PM.