访问日志,记录了网站访问者的信息。在一些特殊情况,我们可以通过访问日志提取出我们需要的信息。如:网站受攻击时发起源、统计访问用户大数据分布等。
一、网站访问日志
1、访问日志配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@juispan ~]
# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot
"/data/www/abc.com"
ServerName abc.com
ServerAlias www.abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http:
//abc
.com/$1 [R=301,L]
<
/IfModule
>
ErrorLog
"logs/abc.com-error_log"
##错误日志
CustomLog
"logs/abc.com-access_log"
common
##请求日志
<
/VirtualHost
>
|
2、查看访问日志
|
1
2
3
4
5
6
7
8
|
[root@juispan ~]
# ls /usr/local/apache2.4/logs/
123.com-access_log abc.com-access_log access_log httpd.pid
123.com-error_log abc.com-error_log error_log
[root@juispan ~]
# tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21
/Jul/2017
:11:38:13 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
403 209
192.168.137.100 - - [21
/Jul/2017
:12:00:52 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:00:57 +0800]
"GET HTTP://www.abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:01:06 +0800]
"GET HTTP://abcd.com/ HTTP/1.1"
200 7
|
▏日志格式:
|
1
2
3
|
[root@juispan ~]
# cat /usr/local/apache2.4/conf/httpd.conf | grep -i logformat
LogFormat
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat
"%h %l %u %t \"%r\" %>s %b"
common
|
3、将common更改成combined,显示更为详细的日志格式
|
1
2
3
4
5
6
7
8
|
[root@juispan ~]
# tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21
/Jul/2017
:11:38:13 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
403 209
192.168.137.100 - - [21
/Jul/2017
:12:00:52 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:00:57 +0800]
"GET HTTP://www.abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:01:06 +0800]
"GET HTTP://abcd.com/ HTTP/1.1"
200 7
192.168.137.1 - - [21
/Jul/2017
:18:07:04 +0800]
"GET /favicon.ico HTTP/1.1"
404 209
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.137.1 - - [21
/Jul/2017
:18:07:06 +0800]
"GET / HTTP/1.1"
200 7
"-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
192.168.137.1 - - [21
/Jul/2017
:18:07:22 +0800]
"GET /1.txt HTTP/1.1"
404 203
"-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
|
默认情况下log日志格式为:
|
1
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
其中%h 是记录访问者的IP,如果在web的前端有一层代理,那么这个%h其实就是代理机器的IP,这不是我们想要的。
在这种情况下,%{X-FORWARDED-FOR}i 字段会记录客户端真实的IP。
▏所以log日志改为:
|
1
|
LogFormat "%h %{X-FORWARDED-FOR}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
二、不记录静态文件
访问日志记录的大量垃圾静态文件(如图片、css、js等)访问信息,影响运维工作效率。
1、配置虚拟主机
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@juispan ~]
# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot
"/data/www/abc.com"
ServerName abc.com
ServerAlias www.abc.com
ErrorLog
"logs/abc.com-error_log"
SetEnvIf Request_URI
".*\.gif$"
img
SetEnvIf Request_URI
".*\.jpg$"
img
SetEnvIf Request_URI
".*\.png$"
img
SetEnvIf Request_URI
".*\.bmp$"
img
SetEnvIf Request_URI
".*\.swf$"
img
SetEnvIf Request_URI
".*\.js$"
img
SetEnvIf Request_URI
".*\.css$"
img
##把以gif,jpg等结尾的全部标记为img
CustomLog
"logs/abc.com-access_log"
combined
env
=!img
##除了img文件,全部都记录
<
/VirtualHost
>
|
2、检查重新加载
|
1
2
3
|
[root@juispan ~]
# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@juispan ~]
# /usr/local/apache2.4/bin/apachectl graceful
|
3、验证效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[root@juispan ~]
# curl -x127.0.0.1:80 abcd.com/123.php -I
HTTP
/1
.1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:04 GMT
Server: Apache
/2
.4.27 (Unix) PHP
/7
.1.6
Content-Type: text
/html
; charset=iso-8859-1
[root@juispan ~]
# curl -x127.0.0.1:80 abcd.com/123.gif -I
HTTP
/1
.1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:10 GMT
Server: Apache
/2
.4.27 (Unix) PHP
/7
.1.6
Content-Type: text
/html
; charset=iso-8859-1
[root@juispan ~]
# curl -x127.0.0.1:80 abcd.com/123.png -I
HTTP
/1
.1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:17 GMT
Server: Apache
/2
.4.27 (Unix) PHP
/7
.1.6
Content-Type: text
/html
; charset=iso-8859-1
[root@juispan ~]
# tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21
/Jul/2017
:11:38:13 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
403 209
192.168.137.100 - - [21
/Jul/2017
:12:00:52 +0800]
"GET HTTP://abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:00:57 +0800]
"GET HTTP://www.abc.com/ HTTP/1.1"
200 7
192.168.137.100 - - [21
/Jul/2017
:12:01:06 +0800]
"GET HTTP://abcd.com/ HTTP/1.1"
200 7
192.168.137.1 - - [21
/Jul/2017
:18:07:04 +0800]
"GET /favicon.ico HTTP/1.1"
404 209
"-"
"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.137.1 - - [21
/Jul/2017
:18:07:06 +0800]
"GET / HTTP/1.1"
200 7
"-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
192.168.137.1 - - [21
/Jul/2017
:18:07:22 +0800]
"GET /1.txt HTTP/1.1"
404 203
"-"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
127.0.0.1 - - [21
/Jul/2017
:18:20:04 +0800]
"HEAD HTTP://abcd.com/123.php HTTP/1.1"
404 -
"-"
"curl/7.29.0"
##可以看到过滤后的效果了
|
三、访问日志切割
网站每天都在被访问,会记录大量的日志信息。单个大日志文件不方便运维人员的查看,而且还不方便清理过期日志。通过切割日志能很好的解决这个问题。
1、配置虚拟主机
|
1
2
|
[root@juispan ~]
# cat /usr/local/apache2.4/conf/extra/httpd-vhosts.conf | grep -i customlog
CustomLog
"|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400"
combined
env
=!img
##工具名为:rotatelogs;-l:以当前系统时间为基准
|
2、检查重新加载
|
1
2
3
|
[root@juispan ~]
# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@juispan ~]
# /usr/local/apache2.4/bin/apachectl graceful
|
3、测试效果
|
1
2
3
4
5
6
7
8
9
|
[root@juispan ~]
# curl -x127.0.0.1:80 abcd.com/123.php -I
HTTP
/1
.1 404 Not Found
Date: Fri, 21 Jul 2017 10:32:07 GMT
Server: Apache
/2
.4.27 (Unix) PHP
/7
.1.6
Content-Type: text
/html
; charset=iso-8859-1
[root@juispan ~]
# ls /usr/local/apache2.4/logs/
123.com-access_log abc.com-access_20170721.log abc.com-error_log error_log
123.com-error_log abc.com-access_log access_log httpd.pid
|
可以看到生成了一个新的日志文件,后期可以制作一个任务计划,删除过期的日志文件,以防磁盘空间不足。
本文转自Grodd51CTO博客,原文链接:http://blog.51cto.com/juispan/1952820,如需转载请自行联系原作者
