更新时间:2022-09-21 07:46:50
访问日志,记录了网站访问者的信息。在一些特殊情况,我们可以通过访问日志提取出我们需要的信息。如:网站受攻击时发起源、统计访问用户大数据分布等。
一、网站访问日志
1、访问日志配置
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@juispan ~] # vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> DocumentRoot "/data/www/abc.com"
ServerName abc.com
ServerAlias www.abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http: //abc .com/$1 [R=301,L]
< /IfModule >
ErrorLog "logs/abc.com-error_log" ##错误日志
CustomLog "logs/abc.com-access_log" common ##请求日志
< /VirtualHost >
|
2、查看访问日志
1
2
3
4
5
6
7
8
|
[root@juispan ~] # ls /usr/local/apache2.4/logs/
123.com-access_log abc.com-access_log access_log httpd.pid 123.com-error_log abc.com-error_log error_log [root@juispan ~] # tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21 /Jul/2017 :11:38:13 +0800] "GET HTTP://abc.com/ HTTP/1.1" 403 209
192.168.137.100 - - [21 /Jul/2017 :12:00:52 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:00:57 +0800] "GET HTTP://www.abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:01:06 +0800] "GET HTTP://abcd.com/ HTTP/1.1" 200 7
|
▏日志格式:
1
2
3
|
[root@juispan ~] # cat /usr/local/apache2.4/conf/httpd.conf | grep -i logformat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
3、将common更改成combined,显示更为详细的日志格式
1
2
3
4
5
6
7
8
|
[root@juispan ~] # tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21 /Jul/2017 :11:38:13 +0800] "GET HTTP://abc.com/ HTTP/1.1" 403 209
192.168.137.100 - - [21 /Jul/2017 :12:00:52 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:00:57 +0800] "GET HTTP://www.abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:01:06 +0800] "GET HTTP://abcd.com/ HTTP/1.1" 200 7
192.168.137.1 - - [21 /Jul/2017 :18:07:04 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.137.1 - - [21 /Jul/2017 :18:07:06 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
192.168.137.1 - - [21 /Jul/2017 :18:07:22 +0800] "GET /1.txt HTTP/1.1" 404 203 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
|
默认情况下log日志格式为:
1
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
其中%h 是记录访问者的IP,如果在web的前端有一层代理,那么这个%h其实就是代理机器的IP,这不是我们想要的。
在这种情况下,%{X-FORWARDED-FOR}i 字段会记录客户端真实的IP。
▏所以log日志改为:
1
|
LogFormat "%h %{X-FORWARDED-FOR}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
二、不记录静态文件
访问日志记录的大量垃圾静态文件(如图片、css、js等)访问信息,影响运维工作效率。
1、配置虚拟主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@juispan ~] # vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> DocumentRoot "/data/www/abc.com"
ServerName abc.com
ServerAlias www.abc.com
ErrorLog "logs/abc.com-error_log"
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img ##把以gif,jpg等结尾的全部标记为img
CustomLog "logs/abc.com-access_log" combined env =!img ##除了img文件,全部都记录
< /VirtualHost >
|
2、检查重新加载
1
2
3
|
[root@juispan ~] # /usr/local/apache2.4/bin/apachectl -t
Syntax OK [root@juispan ~] # /usr/local/apache2.4/bin/apachectl graceful
|
3、验证效果
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[root@juispan ~] # curl -x127.0.0.1:80 abcd.com/123.php -I
HTTP /1 .1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:04 GMT Server: Apache /2 .4.27 (Unix) PHP /7 .1.6
Content-Type: text /html ; charset=iso-8859-1
[root@juispan ~] # curl -x127.0.0.1:80 abcd.com/123.gif -I
HTTP /1 .1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:10 GMT Server: Apache /2 .4.27 (Unix) PHP /7 .1.6
Content-Type: text /html ; charset=iso-8859-1
[root@juispan ~] # curl -x127.0.0.1:80 abcd.com/123.png -I
HTTP /1 .1 404 Not Found
Date: Fri, 21 Jul 2017 10:20:17 GMT Server: Apache /2 .4.27 (Unix) PHP /7 .1.6
Content-Type: text /html ; charset=iso-8859-1
[root@juispan ~] # tail /usr/local/apache2.4/logs/abc.com-access_log
192.168.137.100 - - [21 /Jul/2017 :11:38:13 +0800] "GET HTTP://abc.com/ HTTP/1.1" 403 209
192.168.137.100 - - [21 /Jul/2017 :12:00:52 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:00:57 +0800] "GET HTTP://www.abc.com/ HTTP/1.1" 200 7
192.168.137.100 - - [21 /Jul/2017 :12:01:06 +0800] "GET HTTP://abcd.com/ HTTP/1.1" 200 7
192.168.137.1 - - [21 /Jul/2017 :18:07:04 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.137.1 - - [21 /Jul/2017 :18:07:06 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
192.168.137.1 - - [21 /Jul/2017 :18:07:22 +0800] "GET /1.txt HTTP/1.1" 404 203 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)"
127.0.0.1 - - [21 /Jul/2017 :18:20:04 +0800] "HEAD HTTP://abcd.com/123.php HTTP/1.1" 404 - "-" "curl/7.29.0" ##可以看到过滤后的效果了
|
三、访问日志切割
网站每天都在被访问,会记录大量的日志信息。单个大日志文件不方便运维人员的查看,而且还不方便清理过期日志。通过切割日志能很好的解决这个问题。
1、配置虚拟主机
1
2
|
[root@juispan ~] # cat /usr/local/apache2.4/conf/extra/httpd-vhosts.conf | grep -i customlog
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined env =!img ##工具名为:rotatelogs;-l:以当前系统时间为基准
|
2、检查重新加载
1
2
3
|
[root@juispan ~] # /usr/local/apache2.4/bin/apachectl -t
Syntax OK [root@juispan ~] # /usr/local/apache2.4/bin/apachectl graceful
|
3、测试效果
1
2
3
4
5
6
7
8
9
|
[root@juispan ~] # curl -x127.0.0.1:80 abcd.com/123.php -I
HTTP /1 .1 404 Not Found
Date: Fri, 21 Jul 2017 10:32:07 GMT Server: Apache /2 .4.27 (Unix) PHP /7 .1.6
Content-Type: text /html ; charset=iso-8859-1
[root@juispan ~] # ls /usr/local/apache2.4/logs/
123.com-access_log abc.com-access_20170721.log abc.com-error_log error_log 123.com-error_log abc.com-access_log access_log httpd.pid |
可以看到生成了一个新的日志文件,后期可以制作一个任务计划,删除过期的日志文件,以防磁盘空间不足。
本文转自Grodd51CTO博客,原文链接:http://blog.51cto.com/juispan/1952820,如需转载请自行联系原作者