http://httpd.apache.org/docs/2.2/logs.html
httpd.conf文件
Configuration and logfile names: If the filenames you specify for many of the server's control files begin with "/" (or "drive:/" for Win32), the server will use that explicit path.
配置和日志文件名:如果你指定的多数服务器控制文件以/开头,服务器将使用显式路径。
If the filenames do *not* begin with "/", the value of ServerRoot is prepended -- so "logs/foo.log" with ServerRoot set to "/etc/httpd" will be interpreted by the server as "/etc/httpd/logs/foo.log".
如果文件名不以/开头,并且serverroot的值预设--那么设置serverroot值为/etc/httpd/的logs/foo.log将被服务器解释为/etc/httpd/logs/foo.log。
目录
Security Warning
Error Log
Access Log
Log Rotation
Piped Logs
Virtual Hosts
Other Log Files
Comments
In order to effectively manage a web server, it is necessary to get feedback about the activity and performance of the server as well as any problems that may be occurring.
为了有效地管理一个web server,得到关于服务器事务与性能和可能发生的任何问题的反馈是很必要的。
The Apache HTTP Server provides very comprehensive and flexible logging capabilities. This document describes how to configure its logging capabilities, and how to understand what the logs contain.
apache http server 提供了非常方便与灵活的日志记录功能。本文档描述了如何配置它的日志记录功能,和如何理解日志的内容。
Security Warning
Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root.
任何人只要对apache写日志的目录有写权限,几乎都能获得server启动的uid,一般为root。
Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see the security tips document for details.
没有明确的结果,存放日志的目录就不要开放写权限。参见安全细节。
In addition, log files may contain information supplied directly by the client, without escaping.
此外,日志文件可能包含直接由客户端提供的信息。
Therefore, it is possible for malicious clients to insert control-characters in the log files, so care must be taken in dealing with raw logs.
因此,恶意用户插入控制字符到日志文件是很可能的,所以必须谨慎处理原始日志。
Error log
The server error log, whose name and location is set by the ErrorLog directive, is the most important log file.
服务器错误日志,它的名字与位置由Errorlog 指令设置,是最重要的日志文件。
This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests.
这里是apache httpd将发送诊断信息和记录任何在遇到处理请求时发生错误的地方。
It is the first place to look when a problem occurs with starting the server or with the operation of the server, since it will often contain details of what went wrong and how to fix it.
它是当在启动服务器或服务器操作时发生问题的第一个要查看的地方,它经常包含出错和修正它的细节。
The error log is usually written to a file (typically error_log on Unix systems and error.log on Windows and OS/2). On Unix systems it is also possible to have the server send errors to syslog or pipe them to a program.
错误日志通常写到一个文件(典型是在unix中是error_log和windows与os/2中是error.log)。在unix中让服务器发送错误给syslog或管道它们到一个程序也是可能的。
The format of the error log is relatively free-form and descriptive. But there is certain information that is contained in most error log entries. For example, here is a typical message.
错误日志格式是相对*和描述性的。但在多数日志项中,它里面包含着主要信息。例如,下面是一个典型的消息:
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
The first item in the log entry is the date and time of the message. The second item lists the severity of the error being reported.
日志项的第一项是消息的日期与时间。第二项列出错误报告的严重程度。
The LogLevel directive is used to control the types of errors that are sent to the error log by restricting the severity level.
loglevel指令被用来控制发送给错误日志的错误类型
The third item gives the IP address of the client that generated the error. Beyond that is the message itself, which in this case indicates that the server has been configured to deny the client access.
第三项给出生成错误的客户ip。剩下的是消息本身,在这个消息中指示服务器已经配置为拒绝客户访问。
The server reports the file-system path (as opposed to the web path) of the requested document.
服务器报告请求文档的文件系统路径(与web路径完全不同)
Access log
The server access log records all requests processed by the server. The location and content of the access log are controlled by the CustomLog directive.
server访问日志记录所有由服务器处理的请求。位置和访问日志的内容由customlog 指令控制。
The LogFormat directive can be used to simplify the selection of the contents of the logs. This section describes how to configure the server to record information in the access log.
logformat 指令能简化日志内容的选取。这部分描述了在访问日志里如何配置服务器记录信息。
Of course, storing the information in the access log is only the start of log management. The next step is to analyze this information to produce useful statistics.
当然,在访问日志里存储信息只是日志管理的开始。下一步是分析信息来生产有用的统计。
Log analysis in general is beyond the scope of this document, and not really part of the job of the web server itself.
常规的日志分析都属于本文档的范畴,不是web server本身任务的一部分。
For more information about this topic, and for applications which perform log analysis, check the Open Directory or Yahoo.
要获取关于本主题的更多信息,和完成日志分析的应用,检查开放目录或yahoo。
Various versions of Apache httpd have used other modules and directives to control access logging, including mod_log_referer, mod_log_agent, and the TransferLog directive.
apache httpd的多个版本曾经使用其它模块和指令来控制访问记录,包括mod_log_referer, mod_log_agent, and the TransferLog指令。
The CustomLog directive now subsumes the functionality of all the older directives.
customlog指令现在包含了所有老指令的功能。
The format of the access log is highly configurable. The format is specified using a format string that looks much like a C-style printf(1) format string.
访问日志的格式是高度可配置的。格式使用一个看起来更像C风格 printf格式字符串的格式字符串来指定。
Some examples are presented in the next sections. For a complete list of the possible contents of the format string, see the mod_log_config format strings.
一些样例在下一部分展示。要获取一个可能格式字符串内容的完全列表,参见mod_log_format格式字符串。
Log Rotation
日志轮替
On even a moderately busy server, the quantity of information stored in the log files is very large. The access log file typically grows 1 MB or more per 10,000 requests.
即使在一个适度繁忙的服务器上,存储在日志文件里的信息数量是非常大的。访问日志通常每10000次请求增长1M或更多。
It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs.
因此移动或删除已经存在的日志来周期性的轮替日志文件是很有必要的
This cannot be done while the server is running, because Apache will continue writing to the old log file as long as it holds the file open.
当server运行的时候不能轮替,因为只要apache保持文件打开就会继续写老的文件。
Instead, the server must be restarted after the log files are moved or deleted so that it will open new log files.
所以,server必须在日志文件移动或删除后重启以便server打开新的日志文件。
By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients.
使用一个优雅的重启,server能被指示打开新的日志文件而不用丢失任何来自客户端的已存在或试图访问的连接。
However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests.
然而,为了实现这个目标,server必须继续完成服务老的请求的同时写老的文件。
It is therefore necessary to wait for some time after the restart before doing any processing on the log files.
因些在重启之后,对日志文件做任何处理之前等待一些时间是必须的。
A typical scenario that simply rotates the logs and compresses the old logs to save space is:
简单地轮替日志并压缩老的日志来节约空间的一个典型的场景是:
mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old
Another way to perform log rotation is using piped logs as discussed in the next section.
另一种完成日志轮替的方法是在下一部分要讨论的管道日志。
Piped Logs
管道日志
Apache httpd is capable of writing error and access log files through a pipe to another process, rather than directly to a file.
apache httpd 有能为通过一个管道写错误与访问日志到另一个进程,而非直接至一个文件。
This capability dramatically increases the flexibility of logging, without adding code to the main server.
这个能力显著地增加了记录的灵活性,不用添加代码到主server。
In order to write logs to a pipe, simply replace the filename with the pipe character "|", followed by the name of the executable which should accept log entries on its standard input.
为了写日志给一个管道,简单地用管道符|替换文件名,跟随可执行程序名字,这个程序应该在它的标准输入上接受日志项。
Apache will start the piped-log process when the server starts, and will restart it if it crashes while the server is running. (This last feature is why we can refer to this technique as "reliable piped logging".)
当server启动时,apache将启动一个管道日志进程,并且服务器运行的同时,假如管道当机可以重启。(最后一个特性就是为什么我们能称这项技术为“可靠的管道日志”)
Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root.
管道日志进程由httpd父进程派生,继承了父进程的uid。这意味着管道日志程序通常以root运行。
It is therefore very important to keep the programs simple and secure.
因此保持程序简单和安全是非常重要的。
One important use of piped logs is to allow log rotation without having to restart the server.
管道日志的一个重要用法是允许轮替而不用重启server。
The Apache HTTP Server includes a simple program called rotatelogs for this purpose. For example, to rotate the logs every 24 hours, you can use:
server包含一个简单的程序,叫做rotatelogs来达到这个目的。例如,每24小时轮替日志,你能使用:
CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 60" common 这个可能不能正常使用,所以用下面的那一条,加入下面的一条指令,然后访问页面,日志就会在一分钟后替换。
Notice that quotes are used to enclose the entire command that will be called for the pipe. Although these examples are for the access log, the same technique can be used for the error log.
注意双引号被用来封闭由管道调用的整个命令。尽管这个例子被用于访问日志,同样的技术也能用于error_log。
As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available.
By default the piped log process is spawned using a shell. (usually with /bin/sh -c). Depending on the shell specifics invocation via shell might lead to an additional shell process for the lifetime of the logging pipe program and signal handling problems during restart.
Use "||" instead of "|" to spawn without invoking a shell:
# Invoke "rotatelogs" without using a shell
CustomLog "||/usr/local/apache/bin/rotatelogs /var/log/access_log 60" common