<-
Apache > HTTP Server > Documentation > Version 2.4 > Modules

Apache Module mod_log_config

Available Languages:  en  |  fr  |  ja  |  ko  |  tr 

Description:Logging of the requests made to the server
Status:Base
Module Identifier:log_config_module
Source File:mod_log_config.c

Summary

This module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request.

Three directives are provided by this module: TransferLog to create a log file, LogFormat to set a custom format, and CustomLog to define a log file and format in one step. The TransferLog and CustomLog directives can be used multiple times in each server to cause each request to be logged to multiple files.

Support Apache!

Topics

Directives

Bugfix checklist

See also

top

Custom Log Formats

The format argument to the LogFormat and CustomLog directives is a string. This string is used to log each request to the log file. It can contain literal characters copied into the log files and the C-style control characters "\n" and "\t" to represent new-lines and tabs. Literal quotes and backslashes should be escaped with backslashes.

The characteristics of the request itself are logged by placing "%" directives in the format string, which are replaced in the log file by the values as follows:

Format String Description
%% The percent sign.
%a Client IP address of the request (see the mod_remoteip module).
%{c}a Underlying peer IP address of the connection (see the mod_remoteip module).
%A Local IP-address.
%B Size of response in bytes, excluding HTTP headers.
%b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.
%{VARNAME}C The contents of cookie VARNAME in the request sent to the server. Only version 0 cookies are fully supported.
%D The time taken to serve the request, in microseconds.
%{VARNAME}e The contents of the environment variable VARNAME.
%f Filename.
%h Remote hostname. Will log the IP address if HostnameLookups is set to Off, which is the default. If it logs the hostname for only a few hosts, you probably have access control directives mentioning them by name. See the Require host documentation.
%{c}h Like %h, but always reports on the hostname of the underlying TCP connection and not any modifications to the remote hostname by modules like mod_remoteip.
%H The request protocol.
%{VARNAME}i The contents of VARNAME: header line(s) in the request sent to the server. Changes made by other modules (e.g. mod_headers) affect this. If you're interested in what the request header was prior to when most modules would have modified it, use mod_setenvif to copy the header into an internal environment variable and log that value with the %{VARNAME}e described above.
%k Number of keepalive requests handled on this connection. Interesting if KeepAlive is being used, so that, for example, a '1' means the first keepalive request after the initial one, '2' the second, etc...; otherwise this is always 0 (indicating the initial request).
%l Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set On.
%L The request log ID from the error log (or '-' if nothing has been logged to the error log for this request). Look for the matching error log line to see what request caused what error.
%m The request method.
%{VARNAME}n The contents of note VARNAME from another module.
%{VARNAME}o The contents of VARNAME: header line(s) in the reply.
%p The canonical port of the server serving the request.
%{format}p The canonical port of the server serving the request, or the server's actual port, or the client's actual port. Valid formats are canonical, local, or remote.
%P The process ID of the child that serviced the request.
%{format}P The process ID or thread ID of the child that serviced the request. Valid formats are pid, tid, and hextid.
%q The query string (prepended with a ? if a query string exists, otherwise an empty string).
%r First line of request.
%R The handler generating the response (if any).
%s Status. For requests that have been internally redirected, this is the status of the original request. Use %>s for the final status.
%t Time the request was received, in the format [18/Sep/2011:19:18:28 -0400]. The last number indicates the timezone offset from GMT
%{format}t The time, in the form given by format, which should be in an extended strftime(3) format (potentially localized). If the format starts with begin: (default) the time is taken at the beginning of the request processing. If it starts with end: it is the time when the log entry gets written, close to the end of the request processing. In addition to the formats supported by strftime(3), the following format tokens are supported:
secnumber of seconds since the Epoch
msecnumber of milliseconds since the Epoch
usecnumber of microseconds since the Epoch
msec_fracmillisecond fraction
usec_fracmicrosecond fraction
These tokens can not be combined with each other or strftime(3) formatting in the same format string. You can use multiple %{format}t tokens instead.
%T The time taken to serve the request, in seconds.
%{UNIT}T The time taken to serve the request, in a time unit given by UNIT. Valid units are ms for milliseconds, us for microseconds, and s for seconds. Using s gives the same result as %T without any format; using us gives the same result as %D. Combining %T with a unit is available in 2.4.13 and later.
%u Remote user if the request was authenticated. May be bogus if return status (%s) is 401 (unauthorized).
%U The URL path requested, not including any query string.
%v The canonical ServerName of the server serving the request.
%V The server name according to the UseCanonicalName setting.
%X Connection status when response is completed:
X = Connection aborted before the response completed.
+ = Connection may be kept alive after the response is sent.
- = Connection will be closed after the response is sent.
%I Bytes received, including request and headers. Cannot be zero. You need to enable mod_logio to use this.
%O Bytes sent, including headers. May be zero in rare cases such as when a request is aborted before a response is sent. You need to enable mod_logio to use this.
%S Bytes transferred (received and sent), including request and headers, cannot be zero. This is the combination of %I and %O. You need to enable mod_logio to use this.
%{VARNAME}^ti The contents of VARNAME: trailer line(s) in the request sent to the server.
%{VARNAME}^to The contents of VARNAME: trailer line(s) in the response sent from the server.

Modifiers

Particular items can be restricted to print only for responses with specific HTTP status codes by placing a comma-separated list of status codes immediately following the "%". The status code list may be preceded by a "!" to indicate negation.

Format String Meaning
%400,501{User-agent}i Logs User-agent on 400 errors and 501 errors only. For other status codes, the literal string "-" will be logged.
%!200,304,302{Referer}i Logs Referer on all requests that do not return one of the three specified codes, "-" otherwise.

The modifiers "<" and ">" can be used for requests that have been internally redirected to choose whether the original or final (respectively) request should be consulted. By default, the % directives %s, %U, %T, %D, and %r look at the original request while all others look at the final request. So for example, %>s can be used to record the final status of the request and %<u can be used to record the original authenticated user on a request that is internally redirected to an unauthenticated resource.

Format Notes

For security reasons, starting with version 2.0.46, non-printable and other special characters in %r, %i and %o are escaped using \xhh sequences, where hh stands for the hexadecimal representation of the raw byte. Exceptions from this rule are " and \, which are escaped by prepending a backslash, and all whitespace characters, which are written in their C-style notation (\n, \t, etc). In versions prior to 2.0.46, no escaping was performed on these strings so you had to be quite careful when dealing with raw log files.

Since httpd 2.0, unlike 1.3, the %b and %B format strings do not represent the number of bytes sent to the client, but simply the size in bytes of the HTTP response (which will differ, for instance, if the connection is aborted, or if SSL is used). The %O format provided by mod_logio will log the actual number of bytes sent over the network.

Note: mod_cache is implemented as a quick-handler and not as a standard handler. Therefore, the %R format string will not return any handler information when content caching is involved.

Examples

Some commonly used log format strings are:

Common Log Format (CLF)
"%h %l %u %t \"%r\" %>s %b"
Common Log Format with Virtual Host
"%v %h %l %u %t \"%r\" %>s %b"
NCSA extended/combined log format
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
Referer log format
"%{Referer}i -> %U"
Agent (Browser) log format
"%{User-agent}i"

You can use the %{format}t directive multiple times to build up a time format using the extended format tokens like msec_frac:

Timestamp including milliseconds
"%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t"
top

Security Considerations

See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

top

BufferedLogs Directive

Description:Buffer log entries in memory before writing to disk
Syntax:BufferedLogs On|Off
Default:BufferedLogs Off
Context:server config
Status:Base
Module:mod_log_config

The BufferedLogs directive causes mod_log_config to store several log entries in memory and write them together to disk, rather than writing them after each request. On some systems, this may result in more efficient disk access and hence higher performance. It may be set only once for the entire server; it cannot be configured per virtual-host.

This directive should be used with caution as a crash might cause loss of logging data.
top

CustomLog Directive

Description:Sets filename and format of log file
Syntax:CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression]
Context:server config, virtual host
Status:Base
Module:mod_log_config

The CustomLog directive is used to log requests to the server. A log format is specified, and the logging can optionally be made conditional on request characteristics using environment variables.

The first argument, which specifies the location to which the logs will be written, can take one of the following two types of values:

file
A filename, relative to the ServerRoot.
p/|⟷WQQD QD_czG0$냁oD#`~>}.?1Ez (<|NUc |3I$Iܔ`yO7i Z}"rY"hG qI[h\IUp5tTW>F un&# "{TWF##̳E2lQsvHDQ41]'*4'[kn>Caվ\ iCyA{9OHyBKy"K&ҕ%Mm9&Ʈv z]WYfOiTrqߨV@"A/OpX(0ؒ3z.R򡵸A]*g9`1Xj*^gf>^\v"fIs;k,Y:T2 Wx\5#8ژhX nl.asl`]*)'8N?],;!fv:T,9uW{cW4ҝI_vJl ۴1i6<k>ʁ} m+L8F|?b.$uO_HM/MB0/W#f-uġuqcܣ4v_!p"5Вy#aK A#-7#PMI#/a$3aBl`S*OC/.cөyyW*MG) O Eh*8>`Q?bLDgoMo֗˓-ν/@+=Nra=jp͆p 4rvp ̃hcŤ91hYG} ֑d|#Q0ie#kA엛@e4T'^\G5o0} 6]^FhPdH>ʗqiRDPOz/f՜cICr}@468djFL >jvP9@>D*#PRE4*ܰ)'k=*~i;PbQs9] `H7z46IxI q6x~yZALG%`8E!㦊f&'J12 鵉pl̜>bE(r$Ȭ}&i'㻩7Ed/.,%zWD'0zF2^D̀J_'=*Y2Zѵ/xܨ 2>cw1¬[Px!_]KtXI9͝Ё9# Lg\zau$weC'[Wae36ccI `MG]U ^Y@W&pDƂpn! NT)^,^Zp91뺌/wF=*ۍ. ?E蹧#H"zuHS⣋^4 1DzKӥcBؤv9-&JvEv܅{ m̢Ȍ@Aۤ$@oLfSG!5|i'V;Ys#?l#EeACɹ9#l[8Zry6;k~@GG -!KI7&q ~lEE Yq'5\,w{  ؏5ۜld >mKjaKJ Ǣ)AENK \bFJ>w91]챱O([tXa$=S]ID q2ו8d"1HSfXf,Z -,dmNWyɄ4|KNVPb7c!2Ҩ'@9Pp":]!*6 Ӛ..\@B"NnF7 qOwy~gu $h+Dgj+/wg } rF_\T|I. S8CsTdi3G937uTόφi lLqBxZxV\pNt/5[Q3Ȇ6prը&A=`#y[[뎔 xTlLt[yCğ*Jr ‹(OՄ _yJV.RWU![7}3L%驇R.LC`zPq<}1Z}ˑiV-SqǠLPbKOLk#xɡ.id|Qo:lk4-g!!|oLJ T|2@ "~Kz.{7a=L~^Z)vDpT !+'~$,:;XX EI#B kSaM jɚ_O I;so)~]$&RoˆfM.N50C-5wg%36 NNox*)Ncd)Gz'ܚȑsHYȊ ^+c\oeߎUJ 5gX:U^dB nznrw#Jك8p8PZ$U©$l/ ~Cq;0z5n2fV6hr-zzpa'F}CL(u\.f;J  BK/0 |s #FCq[%s"H2MpIbi`wEt*iٷqgeRq2m0L97m%}2#1)y8./.Z iYGs)ʑT)`OO\ж͟O"b}isu0\sMƇZ@n}\S,xD7,L| n>fͪ$eHel=pmF%?q]R@) @+ͳ9zABp: 8^ȸMfR Bl41й.9ԣIJp_`RګQSsUe$B^B'LJ 4J5ҏO qW]t2M+i[c~:aL .VMI Az3ΧY*vNwsƖޣGdHOYo YpOLy[ܧՂV1@[M5\lxƖVg6"jniU/u8ʝznbDh:7vKm#|zN w]N1 Y8gzP+`@ Ap/ os9w'̵3i`0c8J}!tؘWBAXVUm'g A|[1LV;=  qPCHndΡҘXzA rc} q010Mw9hKL%lL;3Lo:wxU]9T+P/6[kE+wt}~Y3ؘ4=x>kvнۂY 5;vg緷KJ>V~G6] CLUӮd{ sُgTY8;VkT#K(z E 5[4>hѨfq@|^c2RVe>PۭIWX3㳨lA"(DŽ}4ioaIܽw@*^Ẑ0VXC e`ٔ*q_҂YϠ̙c>H{z=}lk4!3nɑ6@p;&H**fK#.NU Ax6?S<^L8ǑOG~Ig{6i AG{1I@4.Qo?yqXD)ߍ6\0|TbE q=i_EȄ6 15op(ꓻفmm`tV4U$*BQѶ@\}Kwl*C]G@h9m-r~"K !b=CMzk-/ b_u^jXGѧ cr}n<ic @tA i{b9ۤ"F\t$+FmDߊ.b ݐI^*(ߘ 撚}U!63ע*yք<(T-  M:]^A..6"Dm#Oc= ֏Bɷض{? t'G7ąr;a?d3 %Dq9=zMN!)|xd$xۗUk$o8߂NX5w&o +'og<[BM_wϡn:#¥']迨4s^,1rH,\ۜJoCt9m¥ǏeЦ 1?M6MpCŸ/\+]D޿%/ƆKm=^zgA<;bx>KXݱi;+׷Yz3AgD\? LI= sLѰ_v,!:nL<7=ZyT-#UEZV-I鴌HoUW^JEk xyjBk˰YaBڀ@e!]y ;N;})>Rrbm+E<_JIpSbØRԴ9]j=CV 8((Y*yG@tC BF}4.#D"`2??DRх-uߊb:Y!8]w,`l~t'[\0?ZZ;X?cizlG16,O(9IM%P]u)-Fy7̈2P]!EfC0Q]RqC=b 1Φ~S5X6A]M/9<{T_yܿE@,.GZ{Iߒ5q,4S|3З J3,?rd2,*c46v]xܖSH#/b@f[q?CXZ=R|vB˱S{3=Tl"NR0P|DU>14(GOqX(+ϻz/Vj+ƼKWMދ sVsieB~MWh79iRwuV..ea9DFB*U1CtiXbGw\>mlӌvo'MAhr侉duR@ m PMGCUHaǜģsYf!KIԙ`)xiZd%{j* ɀf NM7\j?jjLE!' pn%8h?A2S3Xf2ql +|2$ըQ3i* 7(lIu\ȺVP9~ȇβv[ΛŻ;ܩGy$}@ Fx:j:`n봇Prkc,Dv%#/!NnBu1Z@uP{SdEd2à ov^5;UlCnz`i F;o1NSFLt FTh`"o(TQwn %?Vfh-둔4?yG֍_!)t/MvLYMRvJKSZ߇@> \< ..Yjd9~W5gNO#ᅪI#\I[A6U,3/p0ċAZzD„Ϭ>I1Hp~a-ǧ.^4 4 $QX}ygd:jb]OlqizCZoFRD߹ g+twް# WJiZuQym,*rQ"ǐLz%pw2БݛM[BI,סᡥ38UV o>Vf~BqI1H1sՖNX8qiWf5t!&_8Z>lZ>IC&m֗u@ WQoGW|:4;R-4mr0>N,2[3?cYq\0*A.|YLEA-u1aI_{E?\{&-&^das< A)TDvP;æAI)/Y첅 JTP:S06viZj66JaS-z㻰wh,0ɜ$ x(l%}w;|Z{8U(Uob^!idVcHGܓ{`XndZ~j)sS:T9g??N $bX*' ?#o&I lLP݅Qm<4f#^ 5c-R s(y& O.-A)#߃\z0۹)|8  Q%lFP]8c2\ɧz#`-B#.- uOxCY ;m~O] +:rfhb Wbji7ޭ /2֙Xmi &q |䀻2y;JOw/Rj'0Kڞԕ}-H .xz'(}TP0>1?Έ0քj2;N=#sm}2HsQ>LdnaFv2lL [*jSo6Y#O?p +&WH _[w>c(*["M{^u{iH]U]E":(Քw2n)^ĘFmMs6ڰp0Q>gc}Jvܘn&!H?e4Q3[} 2 1ʃ{e]I|D%gQ+}l0 7}  ٗZ~smw/I(dΎ Ϋ>|AGiҎ,䞙9@czfҏdfN -?j crdmҼР&!ͪ[ǹw J^ 2=C48rJQԲN}M5VT]%UgrkZ.Q4ُ=.$G"]JNД$sI`ǝR.ɢJ{Vq.=hq<2u\T!V~+Å1y.I61> ?ۢt $#T`3PcK6DK '6 Ԋ}~ӟ |yo(A^YHqe1O={xcZ!4dqPSc@%%OTt=#"E@ ~?^폼@MgAOΫ(A|_XH24dӮC3|Ѳ&2W=l/M=!mބ73ov=La.