Log Service allows you to collect Apache logs and perform multidimensional log analysis. This topic describes how to configure Logtail in Apache mode in the Log Service console to collect logs.
Prerequisites
- A project and a Logstore are created. For more information, see Create a project and Create a Logstore.
- Ports 80 and 443 of the server from which you want to collect logs are enabled.
- The print format, log path, and log file name are specified in the Apache configuration file. For more information, see Appendix: log formats and sample logs.
Procedure
Appendix: log formats and sample logs
Before you collect Apache logs, you must specify the print format, log path, and log file name. For example, CustomLog "/var/log/apache2/access_log" combined indicates that the combined format is used when logs are printed. The log file path is /var/log/apache2/access_log. The following information shows the log formats and sample logs:
- Log formats
- The combined log format:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- The common log format:
LogFormat "%h %l %u %t \"%r\" %>s %b"
- A custom log format:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %f %k %p %q %R %T %I %O" customized
The following table describes the fields of these log formats. For more information, see mod_log_config.
Format field Key name Description %a client_addr The IP address of the client. %A local_addr The local IP address. %b response_size_bytes The number of bytes of the response. A hyphen (-) is displayed if this value is empty. %B response_bytes The number of bytes of the response. The digit 0 is displayed if this value is empty. %D request_time_msec The duration in which a request is processed. Unit: microseconds. %f filename The name of the file. %h remote_addr The name of the remote host. %H request_protocol_supple The request protocol. %I bytes_received The number of bytes that are received by the server. To use this field, you must enable the mod_logio module. %k keep_alive The number of keep-alive requests. %l remote_ident The identification information that is provided by the remote host. %m request_method_supple The HTTP request method. %O bytes_sent The number of bytes that are sent by the server. To use this field, you must enable the mod_logio module. %p remote_port The port number of the server. %P child_process The ID of the child process. %q request_query The query string. An empty string is displayed if no query strings exist. %r request The content of the request. The content includes the method name, address, and the HTTP protocol. %R response_handler The type of the handler that generates the response on the server. %s status The initial HTTP status of the response. %>s status The final HTTP status of the response. %t time_local The local time when the server receives the request. %T request_time_sec The duration in which a request is processed. Unit: seconds. %u remote_user The username of the client. %U request_uri_supple The URI of the request. The URI does not include the string that is used to query logs. %v server_name The name of the server. %V server_name_canonical The name of the server. The name is specified by using the UseCanonicalName directive. “%{User-Agent}i” http_user_agent The information of the client. "%{Rererer}i" http_referer The URL of the web page. The URL is linked to the resource that is being requested. - The combined log format:
- Sample logs
192.168.1.2 - - [02/Feb/2020:17:44:13 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://localhost/x1.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"