The content and meaning of each field of Apache, IIS, NGINX log records

Others 2020-04-22 22:52:14 views: null

The log file is a very important part of the website record. Through the log, we can effectively find the problems in the website and help us analyze the website.

1.Apache

The following picture is the website I built with the phpstudy integrated environment. The path of the log file is C: \ phpStudy \ Apache \ logs. You can see that there are two types of logs, namely access.log (access log) and error.log (error Log).

        The following figure is part of the content of the access log that I intercepted. The meaning of each field in order is as follows

  • Remote host IP: indicates who accessed the website 
  • Blank (E-mail): In order to prevent the user's mailbox from being harassed by spam, the second item is replaced with "-"
  • Blank (login name): used to record the name provided by the browser when authenticating.
  • Request time: enclosed in square brackets, and using "public log format" or "standard English format". The "+0800" at the end of the time information indicates that the time zone where the server is located is 8 hours after UTC.
  • Method + resource + protocol: what kind of request the server received. The typical format of this information is "METHOD RESOURCE PROTOCOL", that is, "Method Resource Agreement".

         METHOD: GET, POST, HEAD, ...
         RESOURCE: /, index.html, /default/index.php , ... (requested file)
         PROTOCOL: HTTP + version number

  • Status code: Whether the request was successful, or what kind of error was encountered. Most of the time, this value is 200, which means that the server has successfully responded to the browser's request, everything is normal.
  • Number of bytes sent: indicates the total number of bytes sent to the client. It tells us whether the transfer was interrupted (whether the value is the same as the file size). Adding these values ​​in the log records can tell how much data the server sent in a day, week, or month.

 

 

The following figure is a screenshot of the error log. The meaning of each field is as follows:

1. The date and time the error occurred

2. The level or severity of the error

3. The IP address that caused the error

4. The error message itself.

 

 

 

The following are the errors of various levels of Apache

emerg emergency-the system is not available. "Child cannot open lock file. Exiting"  
alert must take immediate action. "getpwuid: couldn't determine user name from uid"  
crit fatal situation. "socket: Failed to get a socket, exiting child"  
error . "Premature end of script headers"  
warn warning situation. "child process 1234 did not exit, sending another SIGHUP"  
notice is generally important. "httpd: caught SIGBUS, attempting to dump core in ..."  
info General information. "Server seems busy, (you may need to increase StartServers, or Min / MaxSpareServers) ..."  
debug error level information "Opening config file ..."  

2.IIS

The following picture is the website we built with window server 2018. You can see the path of the log file is C: \ inetpub \ logs \ LogFiles \ W3SVC2. Of course, we can manually specify the path in the iis service manager.

 

 

 The following picture is part of one of the logs I intercepted.

 

 

The meaning of each field

  • date: the meaning of each field of the request date
  • time: The time at which the request was issued. These two fields constitute the detailed time for the resource request. This time is usually the server time. Plus 8)
  • s-ip: server IP, resource processing server IP, usually the server's local IP.
  • cs-method: request method, common GET and POST requests.
  • cs-uri-stem: Request resource path, absolute path location under the root directory of the website.
  • cs-uri-query: request parameters.
  • s-port: Use port, usually HTTP protocol port is 80, HTTPS protocol port is 443.
  • cs-username: Client user name, usually empty or-.
  • c-ip: Client IP, an important basis for judging the only user, and also a basis for judging the authenticity of spider spiders.
  • cs (User-Agent): the type of device and browser used by the user, and whether it is a crawler spider program, but this data can be simulated, and it needs to be combined with the client IP above to accurately determine whether it is a spider program.
  • sc-status: Request resource returns status code, HTTP status code, usually 200 is normal, 301 is jump, 404 is resource does not exist, 500 is server error, detailed website HTTP status code. 
  • sc-substatus: Protocol sub-status, usually 0.
  • sc-win32-status: Win32 status, usually 0.

③ The meaning of the fields that are not in the above picture (may appear in other logs)

  • time-taken: Time spent, in milliseconds.
  • cs-version: protocol version.
  • cs (Referer): Request the way to come, from which page to click the link to enter the resource. Generally, if this field exists, the search engine and search term can be determined.
  • sc-bytes: The size of the sent file, in bytes. Generally the size of the requested resource file.
  • s-computername: server computer name.
  • cs (Cookie): The client requests a cookie.
  • cs-host: The client requests the host name.

3.NGINX

1. The path where Nginx default logs are stored

 For example, phpstudy (windows) is in: phpstudy / Extensions / Nginx / logs;

 wdcp(linux)在 :www/wdlinux/Nginx/logs 。

2. The default format of Nginx access log:

    log_format main '$remote_addr - - $remote_user [$time_local] "$request" '

     '$status $body_bytes_sent "$http_referer" '

    '"$http_user_agent"    "$http_x_forwarded_for" ';

  Examples:

127.0.0.1 - - [17/Apr/2020:22:55:48 +0800] "GET /wordpress HTTP/1.1" 301 170 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"

1.remote_addr (127.0.0.1): remote host IP

2. Blank (-) Email: In order to avoid the user's mailbox being harassed by spam.

3. Blank (-) login name: It is used to record the name provided by the browser when it is authenticated.

4.remote_user [$ time_local] ([17 / Apr / 2020: 22: 55: 48 +0800]): access time and date, wrapped in square brackets, using common log format, and finally +0800 represents the time zone of the server is located in URC The next 8 hours.

5. "$ request" ("GET / wordpress HTTP / 1.1"): request method, resources, protocol.

6.body_bytes_sent (170): number of bytes sent

7.http_referer(-):referer

8.http_user_agent (Mozilla / 5.0 (Windows NT 10.0; Win64; x64; rv: 71.0) Gecko / 20100101 Firefox / 71.0): the corresponding UA in HTTP Header, including browser information, visitor ’s operating system, version, etc .

 

NGINX is partly from the blog https://www.cnblogs.com/Zh1z3ven/p/12726151.html  

 

Guess you like

Origin www.cnblogs.com/laoxu777/p/12756324.html
Recommended
wlnmp one-click installation package update 240522
ChatGPT was severely down and was rumored to have been hacked by Russian hackers.
Ranking
Java implementation Storage Structure queue
Android development Yabo Sports Start Tutorial
Let me catch it! There are a lot of interesting souls, not many interesting books, Redis in-depth adventure subverts your understanding of Redis
easyrecovery software 2024 free version computer file data recovery tool
Deep Understanding of Virtual Private Networks: How VPNs Connect the World
EOS was looted, not without reason
Construction of chromium GN system
Comprehensive summary of JAVA basic knowledge [New students must see and learn together]
Fall in love with [data structures] Quick Sort
OpenCV implements FAST algorithm corner point detection and ORB algorithm feature point detection
Daily
More
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)

Code World

© 2018 codetd.com