s %b \"%{Referer}i\"\"%{User-Agent}i\"\"combined LogFormat \"%h %I %u %t \"%r\" %>s %b \"common 将虚">

【CentOS 7架构9】,Apache访问日志#171221

摘要:hellopasswd Apache访问日志 访问日志记录用户的每一个请求 vi /usr/local/apache2.4/conf/httpd.conf LogFormat \"%h %I %u %t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"\"combined LogFormat \"%h %I %u %t \"%r\" %>s %b \"common 将虚

hellopasswd


Apache访问日志 访问日志记录用户的每一个请求 vi /usr/local/apache2.4/conf/httpd.conf LogFormat "%h %I %u %t "%r" %>s %b "%{Referer}i""%{User-Agent}i""combined LogFormat "%h %I %u %t "%r" %>s %b "common 将虚拟主机配置文件改成如下: <VirtualHost *:80> DocumentRoot "/data/wwwroot/www.111.com" ServerName www.111.com ServerAlias 111.com Customlog "logs/111.com-access_log"combined </VirtualHost> 重新加载配置文件-t,graceful curl -x 127.0.0.1:80 -I 111.com tail /usr/local/apache2.4/logs/111.com-access_log

1 (70).jpg

[root@localhost ~]# ls /usr/local/apache2.4/logs/ 111.com-access_log abc.com-access_log access_log httpd.pid 111.com-error_log abc.com-error_log error_log [root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 192.168.9.134 - - [04/Nov/2017:10:12:12 +0800] "GET HTTP://www.example.com HTTP/1.1" 200 13 192.168.9.134 - - [04/Nov/2017:10:13:11 +0800] "GET HTTP://111.com HTTP/1.1" 200 13 127.0.0.1 - - [04/Nov/2017:12:09:20 +0800] "GET HTTP://111.com HTTP/1.1" 401 381 127.0.0.1 - - [04/Nov/2017:12:10:05 +0800] "HEAD HTTP://111.com HTTP/1.1" 401 - 192.168.9.1 - - [04/Nov/2017:12:12:24 +0800] "GET /favicon.ico HTTP/1.1" 401 381 192.168.9.1 - - [04/Nov/2017:12:12:25 +0800] "GET / HTTP/1.1" 401 381 192.168.9.1 - - [04/Nov/2017:12:12:25 +0800] "GET / HTTP/1.1" 401 381 192.168.9.1 - user [04/Nov/2017:12:13:36 +0800] "GET / HTTP/1.1" 200 13 127.0.0.1 - user [04/Nov/2017:12:15:43 +0800] "HEAD HTTP://111.com HTTP/1.1" 200 - 127.0.0.1 - user [04/Nov/2017:12:15:48 +0800] "GET HTTP://111.com HTTP/1.1" 200 13 192.168.9.1 - - [04/Nov/2017:12:29:11 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - user [04/Nov/2017:12:29:16 +0800] "GET /user.php HTTP/1.1" 200 10 192.168.9.1 - user [04/Nov/2017:12:29:22 +0800] "GET /user.php HTTP/1.1" 200 10 127.0.0.1 - user [04/Nov/2017:12:30:00 +0800] "GET HTTP://111.com HTTP/1.1" 200 13 127.0.0.1 - - [04/Nov/2017:12:30:15 +0800] "GET HTTP://111.com HTTP/1.1" 200 13 127.0.0.1 - - [04/Nov/2017:12:30:29 +0800] "GET HTTP://111.com/user.php HTTP/1.1" 401 381 127.0.0.1 - user [04/Nov/2017:12:30:41 +0800] "GET HTTP://111.com/user.php HTTP/1.1" 200 10 192.168.9.1 - user [04/Nov/2017:12:32:12 +0800] "GET /user.php HTTP/1.1" 200 10 192.168.9.1 - user [04/Nov/2017:12:32:16 +0800] "GET / HTTP/1.1" 200 13 192.168.9.1 - user [04/Nov/2017:12:32:24 +0800] "GET /user.php HTTP/1.1" 200 10 192.168.9.1 - - [04/Nov/2017:13:06:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:13:06:29 +0800] "GET / HTTP/1.1" 200 13 192.168.9.1 - - [04/Nov/2017:13:06:58 +0800] "GET /user.php HTTP/1.1" 401 381 192.168.9.1 - user [04/Nov/2017:13:07:03 +0800] "GET /user.php HTTP/1.1" 200 10 192.168.9.134 - - [04/Nov/2017:13:44:37 +0800] "HEAD HTTP://www.example.com HTTP/1.1" 301 - 192.168.9.134 - - [04/Nov/2017:13:44:56 +0800] "GET HTTP://www.example.com HTTP/1.1" 301 223 192.168.9.134 - - [04/Nov/2017:13:45:59 +0800] "GET HTTP://www.example.com/111111 HTTP/1.1" 301 229 192.168.9.134 - - [04/Nov/2017:13:46:24 +0800] "HEAD HTTP://www.example.com/111111 HTTP/1.1" 301 - 192.168.9.134 - - [04/Nov/2017:13:47:14 +0800] "HEAD HTTP://www.example.com/1dasdasdas HTTP/1.1" 301 - 192.168.9.134 - - [04/Nov/2017:13:47:48 +0800] "HEAD http://111.com/1dasdasdas HTTP/1.1" 404 - 192.168.9.134 - - [04/Nov/2017:13:48:28 +0800] "HEAD http://111.com/user.php HTTP/1.1" 200 - 192.168.9.134 - - [04/Nov/2017:13:55:08 +0800] "GET HTTP://111.com HTTP/1.1" 403 209 192.168.9.134 - - [04/Nov/2017:13:55:13 +0800] "HEAD HTTP://111.com HTTP/1.1" 403 - 192.168.9.1 - - [04/Nov/2017:13:58:02 +0800] "GET /favicon.ico HTTP/1.1" 301 234 192.168.9.1 - - [04/Nov/2017:13:58:02 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:13:58:05 +0800] "GET / HTTP/1.1" 301 223 192.168.9.1 - - [04/Nov/2017:13:58:05 +0800] "GET / HTTP/1.1" 200 13 192.168.9.1 - - [04/Nov/2017:14:00:51 +0800] "GET / HTTP/1.1" 200 13 192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 301 234 192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 301 234 192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:14:01:28 +0800] "GET / HTTP/1.1" 200 13

HEAD为-I,GET

日志内容格式可以更改

[root@localhost ~]# vi /usr/local/apache2.4/conf/httpd.conf /LogFormat 279 LogLevel warn 280 281 <IfModule log_config_module> 282 # 283 # The following directives define some format nicknames for use with 284 # a CustomLog directive (see below). 285 # 286 LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined 287 LogFormat "%h %l %u %t "%r" %>s %b" common 288 289 <IfModule logio_module> 290 # You need to enable mod_logio.c to use %I and %O 291 LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio 292 </IfModule> 293 294 #

%h来源ip %l用户 %u用户和密码 %t时间 %r方式 %s状态码 %b大小 %{Referer}i跳转路径(从哪里点击) %{User-Agent}i浏览器代理

[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 36 # <FilesMatch user.php> 37 # AllowOverride AuthConfig 38 # AuthName "111.com user auth" 39 # AuthType Basic 40 # AuthUserFile /data/.htpasswd 41 # require valid-user 42 # </FilesMatch> 43 # </Directory> 44 <IfModule mod_rewrite.c> 45 RewriteEngine on 46 RewriteCond %{HTTP_HOST} !^111.com$ 47 RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] 48 </IfModule> 49 ErrorLog "logs/111.com-error_log" 50 CustomLog "logs/111.com-access_log" common 51 </VirtualHost>

将50的CustomLog "logs/111.com-access_log" common中的common改为combined

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@localhost ~]# curl -x 127.0.0.1:80 http://111.com/user.php -I HTTP/1.1 200 OK Date: Sat, 04 Nov 2017 06:33:52 GMT Server: Apache/2.4.29 (Unix) PHP/5.6.30 X-Powered-By: PHP/5.6.30 Content-Type: text/html; charset=UTF-8 [root@localhost ~]# curl -x 127.0.0.1:80 http://111.com/user.php hello!user

[root@localhost ~]# vi /data/wwwroot/abc.com/abc.html <a href=http://111.com/user.php>hello</a>

然后在Windows下使用浏览器访问111.com/user.php

[root@localhost ~]# tail /usr/local/apache2.4/logs/111.com-access_log 192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 301 234 192.168.9.1 - - [04/Nov/2017:14:00:57 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 301 234 192.168.9.1 - - [04/Nov/2017:14:01:01 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.9.1 - - [04/Nov/2017:14:01:28 +0800] "GET / HTTP/1.1" 200 13 127.0.0.1 - - [04/Nov/2017:14:33:52 +0800] "HEAD http://111.com/user.php HTTP/1.1" 200 - "-" "curl/7.29.0" 127.0.0.1 - - [04/Nov/2017:14:34:03 +0800] "GET http://111.com/user.php HTTP/1.1" 200 10 "-" "curl/7.29.0" 192.168.9.1 - - [04/Nov/2017:14:35:24 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" 192.168.9.1 - - [04/Nov/2017:14:35:25 +0800] "GET /user.php HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)" 192.168.9.1 - - [04/Nov/2017:14:44:00 +0800] "GET /user.php HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"

而Referer则需要通过上级链接点击才能显示出来

通过日志可以了解到用户ip、用户名、时间、行为方式、上级链接、以及系统等一些信息