Modules |Directives |FAQ |Glossary |Sitemap
Apache HTTP Server Version 2.4
| Description: | Logging of the requests made to the server |
|---|---|
| Status: | Base |
| Module Identifier: | log_config_module |
| Source File: | mod_log_config.c |
This module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request.
Three directives are provided by this module:TransferLog to create a log file,LogFormat to set a custom format, andCustomLog to define a log file and format in one step. TheTransferLog andCustomLog directives can be used multiple times in each server to cause each request to be logged to multiple files.
The format argument to theLogFormat andCustomLog directives is a string. This string is used to log each request to the log file. It can contain literal characters copied into the log files and the C-style control characters "\n" and "\t" to represent new-lines and tabs. Literal quotes and backslashes should be escaped with backslashes.
The characteristics of the request itself are logged by placing "%" directives in the format string, which are replaced in the log file by the values as follows:
| Format String | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
%% | The percent sign. | ||||||||||
%a | Client IP address of the request (see themod_remoteip module). | ||||||||||
%{c}a | Underlying peer IP address of the connection (see themod_remoteip module). | ||||||||||
%A | Local IP-address. | ||||||||||
%B | Size of response in bytes, excluding HTTP headers. | ||||||||||
%b | Size of response in bytes, excluding HTTP headers. In CLF format,i.e. a '-' rather than a 0 when no bytes are sent. | ||||||||||
%{VARNAME}C | The contents of cookieVARNAME in the request sent to the server. Only version 0 cookies are fully supported. | ||||||||||
%D | The time taken to serve the request, in microseconds. | ||||||||||
%{VARNAME}e | The contents of the environment variableVARNAME. | ||||||||||
%f | Filename. | ||||||||||
%h | Remote hostname. Will log the IP address ifHostnameLookups is set toOff, which is the default. If it logs the hostname for only a few hosts, you probably have access control directives mentioning them by name. Seethe Require host documentation. | ||||||||||
%{c}h | Like%h, but always reports on the hostname of the underlying TCP connection and not any modifications to the remote hostname by modules likemod_remoteip. | ||||||||||
%H | The request protocol. | ||||||||||
%{VARNAME}i | The contents ofVARNAME: header line(s) in the request sent to the server. Changes made by other modules (e.g.mod_headers) affect this. If you're interested in what the request header was prior to when most modules would have modified it, usemod_setenvif to copy the header into an internal environment variable and log that value with the%{VARNAME}e described above. | ||||||||||
%k | Number of keepalive requests handled on this connection. Interesting ifKeepAlive is being used, so that, for example, a '1' means the first keepalive request after the initial one, '2' the second, etc...; otherwise this is always 0 (indicating the initial request). | ||||||||||
%l | Remote logname (from identd, if supplied). This will return a dash unlessmod_ident is present andIdentityCheck is setOn. | ||||||||||
%L | The request log ID from the error log (or '-' if nothing has been logged to the error log for this request). Look for the matching error log line to see what request caused what error. | ||||||||||
%m | The request method. | ||||||||||
%{VARNAME}n | The contents of noteVARNAME from another module. | ||||||||||
%{VARNAME}o | The contents ofVARNAME: header line(s) in the reply. | ||||||||||
%p | The canonical port of the server serving the request. | ||||||||||
%{format}p | The canonical port of the server serving the request, or the server's actual port, or the client's actual port. Valid formats arecanonical,local, orremote. | ||||||||||
%P | The process ID of the child that serviced the request. | ||||||||||
%{format}P | The process ID or thread ID of the child that serviced the request. Valid formats arepid,tid, andhextid. | ||||||||||
%q | The query string (prepended with a? if a query string exists, otherwise an empty string). | ||||||||||
%r | First line of request. | ||||||||||
%R | The handler generating the response (if any). | ||||||||||
%s | Status. For requests that have been internally redirected, this is the status of theoriginal request. Use%>s for the final status. | ||||||||||
%t | Time the request was received, in the format[18/Sep/2011:19:18:28 -0400]. The last number indicates the timezone offset from GMT | ||||||||||
%{format}t | The time, in the form given by format, which should be in an extendedstrftime(3) format (potentially localized). If the format starts withbegin: (default) the time is taken at the beginning of the request processing. If it starts withend: it is the time when the log entry gets written, close to the end of the request processing. In addition to the formats supported bystrftime(3), the following format tokens are supported:
strftime(3) formatting in the same format string. You can use multiple%{format}t tokens instead. | ||||||||||
%T | The time taken to serve the request, in seconds. | ||||||||||
%{UNIT}T | The time taken to serve the request, in a time unit given byUNIT. Valid units arems for milliseconds,us for microseconds, ands for seconds. Usings gives the same result as%T without any format; usingus gives the same result as%D. Combining%T with a unit is available in 2.4.13 and later. | ||||||||||
%u | Remote user if the request was authenticated. May be bogus if return status (%s) is 401 (unauthorized). | ||||||||||
%U | The URL path requested, not including any query string. | ||||||||||
%v | The canonicalServerName of the server serving the request. | ||||||||||
%V | The server name according to theUseCanonicalName setting. | ||||||||||
%X | Connection status when response is completed:
| ||||||||||
%I | Bytes received, including request and headers. Cannot be zero. You need to enablemod_logio to use this. | ||||||||||
%O | Bytes sent, including headers. May be zero in rare cases such as when a request is aborted before a response is sent. You need to enablemod_logio to use this. | ||||||||||
%S | Bytes transferred (received and sent), including request and headers, cannot be zero. This is the combination of %I and %O. You need to enablemod_logio to use this. | ||||||||||
%{VARNAME}^ti | The contents ofVARNAME: trailer line(s) in the request sent to the server. | ||||||||||
%{VARNAME}^to | The contents ofVARNAME: trailer line(s) in the response sent from the server. |
Particular items can be restricted to print only for responses with specific HTTP status codes by placing a comma-separated list of status codes immediately following the "%". The status code list may be preceded by a "!" to indicate negation.
| Format String | Meaning |
|---|---|
%400,501{User-agent}i | LogsUser-agent on 400 errors and 501 errors only. For other status codes, the literal string"-" will be logged. |
%!200,304,302{Referer}i | LogsReferer on all requests that donot return one of the three specified codes, "-" otherwise. |
The modifiers "<" and ">" can be used for requests that have been internally redirected to choose whether the original or final (respectively) request should be consulted. By default, the% directives%s, %U, %T, %D, and%r look at the original request while all others look at the final request. So for example,%>s can be used to record the final status of the request and%<u can be used to record the original authenticated user on a request that is internally redirected to an unauthenticated resource.
For security reasons, starting with version 2.0.46, non-printable and other special characters in%r,%i and%o are escaped using\xhh sequences, wherehh stands for the hexadecimal representation of the raw byte. Exceptions from this rule are" and\, which are escaped by prepending a backslash, and all whitespace characters, which are written in their C-style notation (\n,\t, etc). In versions prior to 2.0.46, no escaping was performed on these strings so you had to be quite careful when dealing with raw log files.
Since httpd 2.0, unlike 1.3, the%b and%B format strings do not represent the number of bytes sent to the client, but simply the size in bytes of the HTTP response (which will differ, for instance, if the connection is aborted, or if SSL is used). The%O format provided bymod_logio will log the actual number of bytes sent over the network.
Note:mod_cache is implemented as a quick-handler and not as a standard handler. Therefore, the%R format string will not return any handler information when content caching is involved.
Some commonly used log format strings are:
"%h %l %u %t \"%r\" %>s %b""%v %h %l %u %t \"%r\" %>s %b""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"""%{Referer}i -> %U""%{User-agent}i"You can use the%{format}t directive multiple times to build up a time format using the extended format tokens likemsec_frac:
"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"See thesecurity tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.
| Description: | Buffer log entries in memory before writing to disk |
|---|---|
| Syntax: | BufferedLogs On|Off |
| Default: | BufferedLogs Off |
| Context: | server config |
| Status: | Base |
| Module: | mod_log_config |
TheBufferedLogs directive causesmod_log_config to store several log entries in memory and write them together to disk, rather than writing them after each request. On some systems, this may result in more efficient disk access and hence higher performance. It may be set only once for the entire server; it cannot be configured per virtual-host.
| Description: | Sets filename and format of log file |
|---|---|
| Syntax: | CustomLogfile|pipeformat|nickname[env=[!]environment-variable|expr=expression] |
| Context: | server config, virtual host |
| Status: | Base |
| Module: | mod_log_config |
TheCustomLog directive is used to log requests to the server. A log format is specified, and the logging can optionally be made conditional on request characteristics using environment variables.
The first argument, which specifies the location to which the logs will be written, can take one of the following two types of values:
ServerRoot.|", followed by the path to a program to receive the log information on its standard input. See the notes onpiped logs for more information.If a program is used, then it will be run as the user who startedhttpd. This will be root if the server was started by root; be sure that the program is secure.
When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.
The second argument specifies what will be written to the log file. It can specify either anickname defined by a previousLogFormat directive, or it can be an explicitformat string as described in thelog formats section.
For example, the following two sets of directives have exactly the same effect:
# CustomLog with format nicknameLogFormat "%h %l %u %t \"%r\" %>s %b" commonCustomLog "logs/access_log" common# CustomLog with explicit format stringCustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"
The third argument is optional and controls whether or not to log a particular request. The condition can be the presence or absence (in the case of a 'env=!name' clause) of a particular variable in the serverenvironment. Alternatively, the condition can be expressed as arbitrary booleanexpression. If the condition is not satisfied, the request will not be logged. References to HTTP headers in the expression will not cause the header names to be added to the Vary header.
Environment variables can be set on a per-request basis using themod_setenvif and/ormod_rewrite modules. For example, if you want to record requests for all GIF images on your server in a separate logfile but not in your main log, you can use:
SetEnvIf Request_URI \.gif$ gif-imageCustomLog "gif-requests.log" common env=gif-imageCustomLog "nongif-requests.log" common env=!gif-image
Or, to reproduce the behavior of the old RefererIgnore directive, you might use the following:
SetEnvIf Referer example\.com localrefererCustomLog "referer.log" referer env=!localreferer
| Description: | Sets filename and format of log file |
|---|---|
| Syntax: | GlobalLogfile|pipeformat|nickname[env=[!]environment-variable|expr=expression] |
| Context: | server config |
| Status: | Base |
| Module: | mod_log_config |
| Compatibility: | Available in Apache HTTP Server 2.4.19 and later |
TheGlobalLog directive defines a log shared by the main server configuration and all defined virtual hosts.
TheGlobalLog directive is identical to theCustomLog directive, apart from the following differences:
GlobalLog is not valid in virtual host context.GlobalLog is used by virtual hosts that define their ownCustomLog, unlike a globally specifiedCustomLog.| Description: | Describes a format for use in a log file |
|---|---|
| Syntax: | LogFormatformat|nickname[nickname] |
| Default: | LogFormat "%h %l %u %t \"%r\" %>s %b" |
| Context: | server config, virtual host |
| Status: | Base |
| Module: | mod_log_config |
This directive specifies the format of the access log file.
TheLogFormat directive can take one of two forms. In the first form, where only one argument is specified, this directive sets the log format which will be used by logs specified in subsequentTransferLog directives. The single argument can specify an explicitformat as discussed in thecustom log formats section above. Alternatively, it can use anickname to refer to a log format defined in a previousLogFormat directive as described below.
The second form of theLogFormat directive associates an explicitformat with anickname. Thisnickname can then be used in subsequentLogFormat orCustomLog directives rather than repeating the entire format string. ALogFormat directive that defines a nicknamedoes nothing else -- that is, itonly defines the nickname, it doesn't actually apply the format and make it the default. Therefore, it will not affect subsequentTransferLog directives. In addition,LogFormat cannot use one nickname to define another nickname. Note that the nickname should not contain percent signs (%).
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
| Description: | Specify location of a log file |
|---|---|
| Syntax: | TransferLogfile|pipe |
| Context: | server config, virtual host |
| Status: | Base |
| Module: | mod_log_config |
This directive has exactly the same arguments and effect as theCustomLog directive, with the exception that it does not allow the log format to be specified explicitly or for conditional logging of requests. Instead, the log format is determined by the most recently specifiedLogFormat directive which does not define a nickname. Common Log Format is used if no other format has been specified.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""TransferLog logs/access_logCopyright 2025 The Apache Software Foundation.
Licensed under theApache License, Version 2.0.