Module mod_log_config

This module is contained in the mod_log_config.c file, and is compiled in by default in Apache 1.2. mod_log_config replaces mod_log_common in Apache 1.2. Prior to version 1.2, mod_log_config was an optional module. It provides for logging of the requests made to the server, using the Common Log Format or a user-specified format.


Three directives are provided by this module: TransferLog to create a log file, LogFormat to set a custom format, and CustomLog to define a log file and format in one go. The TransferLog and CustomLog directives can be used multiple times in each server to cause each request to be logged to multiple files.

Compatibility notes

Log File Formats

Unless told otherwise with LogFormat the log files created by TransferLog will be in standard "Common Log Format" (CLF). The contents of each line in a CLF file are explained below. Alternatively, the log file can be customized (and if multiple log files are used, each can have a different format). Custom formats are set with LogFormat and CustomLog.

Common Log Format

The Common Log Format (CLF) file contains a separate line for each request. A line is composed of several tokens separated by spaces:
host ident authuser date request status bytes
If a token does not have a value then it is represented by a hyphen (-). The meanings and values of these tokens are as follows:
The fully-qualified domain name of the client, or its IP number if the name is not available.
If IdentityCheck is enabled and the client machine runs identd, then this is the identity information reported by the client.
If the request was for an password protected document, then this is the userid used in the request.
The date and time of the request, in the following format:
date = [day/month/year:hour:minute:second zone]
day = 2*digit
month = 3*letter
year = 4*digit
hour = 2*digit
minute = 2*digit
second = 2*digit
zone = (`+' | `-') 4*digit
The request line from the client, enclosed in double quotes (").
The three digit status code returned to the client.
The number of bytes in the object returned to the client, not including any headers.

Custom Log Formats

The format argument to the LogFormat and CustomLog is a string. This string is logged to the log file for each request. It can contain literal characters copied into the log files, and `%' directives which are replaced in the log file by the values as follows:
%...b:          Bytes sent, excluding HTTP headers.
%...f:          Filename
%...{FOOBAR}e:  The contents of the environment variable FOOBAR
%...h:          Remote host
%...{Foobar}i:  The contents of Foobar: header line(s) in the request
                sent to the server.
%...l:          Remote logname (from identd, if supplied)
%...{Foobar}n:  The contents of note "Foobar" from another module.
%...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
%...p:          The port the request was served to
%...P:          The process ID of the child that serviced the request.
%...r:          First line of request
%...s:          Status.  For requests that got internally redirected, this
                is status of the *original* request --- %...>s for the last.
%...t:          Time, in common log format time format
%...{format}t:  The time, in the form given by format, which should
                be in strftime(3) format.
%...T:          The time taken to serve the request, in seconds.
%...u:          Remote user (from auth; may be bogus if return status (%s) is 401)
%...U:          The URL path requested.
%...v:          The name of the server (i.e. which virtual host?)
The `...' can be nothing at all (e.g. "%h %u %r %s %b"), or it can indicate conditions for inclusion of the item (which will cause it to be replaced with `-' if the condition is not met). Note that there is no escaping performed on the strings from %r, %...i and %...o; some with long memories may remember that I thought this was a bad idea, once upon a time, and I'm still not comfortable with it, but it is difficult to see how to `do the right thing' with all of `%..i', unless we URL-escape everything and break with CLF.

The forms of condition are a list of HTTP status codes, which may or may not be preceded by `!'. Thus, `%400,501{User-agent}i' logs User-agent: on 400 errors and 501 errors (Bad Request, Not Implemented) only; `%!200,304,302{Referer}i' logs Referer: on all requests which did not return some sort of normal status.

Note that the common log format is defined by the string "%h %l %u %t \"%r\" %s %b", which can be used as the basis for extending for format if desired (e.g. to add extra fields at the end). NCSA's extended/combined log format would be "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"".

Using Multiple Log Files

The TransferLog and CustomLog directives can be given more than once to log requests to multiple log files. Each request will be logged to all the log files defined by either of these directives.

Use with Virtual Hosts

If a <VirtualHost> section does not contain any TransferLog or CustomLog directives, the logs defined for the main server will be used. If it does contain one or more of these directives, requests serviced by this virtual host will only be logged in the log files defined within its definition, not in any of the main server's log files. See the examples below.

Security Considerations

See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.



Syntax: CookieLog filename
Context: server config, virtual host
Module: mod_cookies
Compatibility: Only available in Apache 1.2 and above

The CookieLog directive sets the filename for logging of cookies. The filename is relative to the ServerRoot. This directive is included only for compatibility with mod_cookies, and is deprecated.


Syntax: CustomLog file-pipe format
Context: server config, virtual host
Status: Base
Module: mod_log_config

The first argument is the filename to log to. This is used exactly like the argument to TransferLog, that is, it is either a full path, or relative to the current server root.

The format argument specifies a format for each line of the log file. The options available for the format are exactly the same as for the argument of the LogFormat directive. If the format includes any spaces (which it will do in almost all cases) it should be enclosed in double quotes.


Syntax: LogFormat string
Default: LogFormat "%h %l %u %t \"%r\" %s %b"
Context: server config, virtual host
Status: Base
Module: mod_log_config

This sets the format of the logfile. See Custom Log Formats for details on the format arguments.


Syntax: TransferLog file-pipe
Default: none
Context: server config, virtual host
Status: Base
Module: mod_log_config

The TransferLog directive adds a log file in Common Log Format. File-pipe is one of

A filename
A filename relative to the ServerRoot.
`|' followed by a command
A program to receive the agent log information on its standard input. Note the a new program will not be started for a VirtualHost if it inherits the TransferLog from the main server.
Security: if a program is used, then it will be run under the user who started httpd. This will be root if the server was started by root; be sure that the program is secure.

Index Home