Online Manual

The Access Log

The access log file contains all accesses to your web server. This does mean all URLs that begin with http://yourdomain or http://yourIP.

Note: The following may only be of interest if you want some in-depth information of the access logging.
It isn't necessary to obtain this knowledge for account maintenance. Because we provide graphical usage stats with Wusage and/or Webalizer. These programs exactly parses the access log file to provide the web usage stats.
The program run daily. You can access it at http://www.yourdomain.com/wusage/ or http://www.yourdomain.com/webalizer/ respectively.

If you want to run your own stats cgi script, you have to specify the access log file location in your script.
It is: /home/yourid/access-log
For instance: Your account is whyme.com. The log file location is: /home/whyme/access-log

These are snippets of an real access log file with and without extended logging, created by the Apache web server.

This shows the common log format (CLF). It is without referer and user agent logging.

146.74.93.?? - - [13/May/2003:20:53:34 -0500] "GET / HTTP/1.0" 200 11058
146.74.93.?? - - [13/May/2003:20:53:35 -0500] "GET /sis_logo.jpg HTTP/1.0" 200 26025
146.74.93.?? - - [13/May/2003:20:53:36 -0500] "GET /services.gif HTTP/1.0" 200 856
146.74.93.?? - - [13/May/2003:20:53:37 -0500] "GET /testimonials.gif HTTP/1.0" 200 851
?.inet.co.th - - [13/May/2003:23:32:12 -0500] "GET /demos/links/manual.htm HTTP/1.0" 200 11968
?.inet.co.th - - [13/May/2003:23:32:14 -0500] "GET /sisline.gif HTTP/1.0" 200 3004
?.inet.co.th - - [13/May/2003:23:32:14 -0500] "GET /bubble.gif HTTP/1.0" 200 227

The common log format is defined by the official string "%h %l %u %t \"%r\" %s %b"

 

This shows NCSA's extended/combined log format. Referer and user agent logging included.

146.74.93.?? - - [13/May/2003:20:53:34 -0500] "GET / HTTP/1.0" 200 11058 "http://www.yes-yes0yes.com/keylists/example.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
146.74.93.?? - - [13/May/2003:20:53:35 -0500] "GET /sis_logo.jpg HTTP/1.0" 200 26025 "http://www.spunkyworld.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
146.74.93.?? - - [13/May/2003:20:53:36 -0500] "GET /services.gif HTTP/1.0" 200 856 "http://www.spunkyworld.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
146.74.93.?? - - [13/May/2003:20:53:37 -0500] "GET /testimonials.gif HTTP/1.0" 200 851 "http://www.spunkyworld.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
?.inet.co.th - - [13/May/2003:23:32:12 -0500] "GET /demos/links/manual.htm HTTP/1.0" 200 11968 "http://www.euroseek.net/query?q=webhosting&l=english&of=70" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.10  [en]"
?.inet.co.th - - [13/May/2003:23:32:14 -0500] "GET /sisline.gif HTTP/1.0" 200 3004 "http://www.spunkyworld.com/demos/links/manual.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.10  [en]"
?.inet.co.th - - [13/May/2003:23:32:14 -0500] "GET /bubble.gif HTTP/1.0" 200 227 "http://www.spunkyworld.com/demos/links/manual.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.10  [en]"

It is defined by the official string "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"".

If you are confused, don't worry. Here are the explanations.


Common Log Format

The Common Log Format (CLF) file contains a separate line for each request. A line is composed of several tokens separated by spaces.
The format argument to the log format is a string.
It can contain literal characters, and `%' directives which are replaced in the log file by the values as shown below.
If a token does not have a value then it is represented by a hyphen (-).

%h: Remote host
	The fully-qualified domain name of the client or its IP number
%l: Remote logname (from identd, if supplied)
	not supported
%u: Remote user (from auth; may be bogus if return status (%s) is 401)
	If the request was for an password protected document, then this is the userid used in the request.
%t: Time, in common log format time format (standard english format)
	The date and time of the request, in the following format:
	date = [day/month/year:hour:minute:second zone] 
	day = 2*digit
	month = 3*letter
	year = 4*digit
	hour = 2*digit
	minute = 2*digit
	second = 2*digit
	zone = (`+' | `-') 4*digit
%r: First line of request
	The request line from the client, enclosed in double quotes (").
%s: Status. For requests that got internally redirected, this
is status of the *original* request
	The three digit status code returned to the client.
	200 OK
	201 Created
	202 Accepted
	206 Partial Content
	301 Moved Permanently
	302 Moved Temporarily
	304 Not Modified
	400 Bad Request
	401 Unauthorized
	403 Forbidden
	404 Not Found
	500 Internal Server Error
	501 Not Implemented
	502 Bad Gateway
	503 Service Unavailable
%b: Bytes sent, excluding HTTP headers.
	The number of bytes in the object returned to the client, not including any headers.

NCSA's extended/combined log format

Differs only with the extended logging feature for the Referer link and the User-agent.

%{Referer}i: The page, where your visitor came from
             In the above example, it is another web page and a search engine
%{User-agent}i: The browser software your visitor is using

Return To Menu

- Last modified on 5/13/2003 -


Home / Hosting / Domain Lookup / Support / Email Contact

© 1998-2024 Spunkyworld Internet Services - All rights reserved