The Apache log format and directory are specified in the /etc/apache2/httpd.conf configuration file.
Log format
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" common
The above statements define two log formats: combined and common.
The following statement writes logs into the specified file in the combined format.
CustomLog "/var/log/apache2/access_log" combined
Sample log:
192.168.1.2 - - [02/Feb/2016:17:44:13 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://localhost/x1.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"
Apache log format details:
%a remote_ip%A local_ip%B size%b size%D time_taken_ms%f filename%h remote_host%H protocol%l ident%m method%p port%P pid"%q" url_query"%r" request%s status%>s status%t time%T time_taken%u remote_user%U url_stem%v server_name%V canonical_name%I bytes_received%O bytes_sent"%{User-Agent}i" user_agent"%{Referer}i" referer
Apache log collection by Log Service
For details about the standard process, refer to Quick start. Manually edit the regular expression after it is automatically generated.
After all fields are extracted, set the name of each field and adjust the regular expression for general applicability.
Click Manual Input Regular Expression to adjust as follows.
The length field is numeric, but can be filled in with a hyphen. In this case, replace the matched result (\d+) with (\S+). If other fields do not belong to the defined type, make similar replacements.
After replacing, click Validate. If the regular expression is correct, extracted results are displayed. Manually adjust the regular expression if it is incorrect.
Assign a defined field to each extracted result. For example, name a field “time”. Click Auto Generate next to Time Format. Then click Next.
After Logtail configuration is completed, push the configuration to the client.