Accesslog¶
Module: mod_accesslog
- Table of contents
- Accesslog
Description¶
log HTTP requests processed by server
Options¶
accesslog.format
log record format for each HTTP requestDefault:
"%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
accesslog.escaping
(since 1.4.66)
choose escaping convention for CTL chars and chars with high-bit set
CTL chars and chars with high-bit set are backslash-escaped in the log record
accesslog.escaping = "default"
uses the default escaping convention ("\xFF")
accesslog.escaping = "json"
uses JSON escaping convention ("\uFFFF")Default: "default"
accesslog.use-syslog
send the accesslog to syslog
(overridesaccesslog.filename
if both are set)
(syslogs toserver.syslog-facility
(since 1.4.75, or since 1.4.46 withserver.errorlog-use-syslog
)Default: disabled
accesslog.syslog-level
(since 1.4.33)
severity level for syslog logging (see https://en.wikipedia.org/wiki/Syslog#Severity_level for numerical values)Default: 6 (info)
accesslog.filename
name of the file where the accesslog should be written to if syslog is not used.
If the name starts with a '|' the rest of the name is taken as the name of a process which will be spawned and will get the output
If you have multiple workers and want to rotate logs, use a piped logger, e.g. accesslog.filename = "|/usr/sbin/cronolog ... "
Note: If you log to a pipe and have lighty chrooted, then the user running lighty will need access to “/bin/sh”.Default: disabled
accesslog.filename = "/var/log/lighttpd.log" $HTTP["host"] == "www.example.org" { accesslog.filename = "|/usr/bin/cronolog ... " }
log record format¶
format template for the log record
default:accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
This is similar to the combined log format (NCSA extended log format) (used by Apache HTTPD Access Log)accesslog.format = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
but lighttpd uses %V
instead of the nowadays obsolete %l
(options are similar to Apache HTTPD mod_log_config formats)
Option | Description | |
---|---|---|
%% | a percent sign | |
%h | IP address of remote host | |
%{mask}h | IP address of remote host (mask low bits) | (supported in 1.4.70) |
%l | ident name (not supported) | |
%u | authenticated user | |
%t | timestamp of the end-time of the request | |
%{...}t | timestamp of the end-time of the request | (supported in 1.4.40) |
%r | request-line | |
%s | status code | |
%b | bytes sent for the body | |
%{label}i | HTTP request header | |
%a | remote address | (supported in 1.4.40) |
%{mask}a | remote address (mask low bits) | (supported in 1.4.70) |
%A | local address | (supported in 1.4.40) |
%B | same as %b | |
%C | cookie field | (supported in 1.4.40) |
%D | time used in us | (supported in 1.4.40) |
%{label}e | environment | |
%f | physical filename | |
%H | request protocol (HTTP/1.0, ...) | |
%k | num keepalives | (supported in 1.4.40) |
%m | request method (GET, POST, ...) | |
%{label}n | notes (internal module notes) | (supported in 1.4.43) |
%{label}o | HTTP response header | |
%p | server port | |
%{...}p | address port (canonical,local,remote) | (supported in 1.4.49) |
%P | (not supported) | |
%q | query string | |
%T | time used in seconds | |
%{UNIT}T | time used in UNIT (s, ms, us, or ns) | (supported in 1.4.40) |
%U | request URL | |
%v | server-name | |
%V | HTTP request host name | |
%X | connection status | |
%I | bytes incoming | |
%O | bytes outgoing |
- If %s is written %>s or %<s the < and the > are ignored. They are supported for compatibility with apache.
- %h will always return the IP address of the host, never the name. This makes it equivalent to %a.
- %a, %A, %{name}C, %D, %k, %{...}t, %{...}T are implemented in lighttpd 1.4.40 and later.
- %i and %o expect the name of the field which should be written in curly brackets.
- %q is not prepended with '?', unlike Apache
- %{strftime format string}t is supported since 1.4.24.
- %{UNIT}t options:
%{sec}t
,%{msec}t
,%{usec}t
,%{nsec}t
,%{msec_frac}t
,%{usec_frac}t
,%{nsec_frac}t
,%{...strftime-format...}t
- %{UNIT}T options:
%{s}T
,%{sec}T
,%{ms}T
,%{msec}T
,%{us}T
,%{usec}T
,%{ns}T
,%{nsec}T
- %t does not work the same way it works in Apache (where the start of the request is recorded). Instead it shows the time the request actually got delivered. For most users this does not matter as usually requests don't take long to get processed. Use %{begin:...}t for time at start of request.
- %{ratio}n shows file compression ratio for mod_deflate (since 1.4.43)
Disable logging¶
If logging is enabled, it is possible to selectively disable logging within a lighttpd condition. For example, to disable logging for requests to /robots.txt
:
If using accesslog.filename
:$HTTP["url"] == "/robots.txt { accesslog.filename = "" }
If using accesslog.use-syslog
:$HTTP["url"] == "/robots.txt { accesslog.use-syslog = "disable" }
To disable logging for requests from localhost, if using accesslog.filename
:$HTTP["remote-ip"] == "127.0.0.1" { accesslog.filename = "" }
$HTTP["remote-ip"] == "[::1]" { accesslog.filename = "" }
Response Header¶
The accesslog module provides a special way to log content from the application in an accesslog file.
It can be used to log the session id into a logfile, e.g. X-LIGHTTPD-SID
If you want to log X-LIGHTTPD-SID
into the accesslog just specify the field-name within a %{...}o in the accesslog.format
. The prefix X-LIGHTTPD-
is special as every response header starting with this prefix is assumed to be special for lighttpd and won't be sent out to the client.
accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-LIGHTTPD-SID}o\""
<?php session_start(); header("X-LIGHTTPD-SID: ".session_id()); ?> TEST
JSON format¶
accesslog.escaping = "json"
is available since lighttpd 1.4.66
# example mod_accesslog format for json output using high-precision timestamps # note: lighttpd.conf strings are double-quoted # (must backslash-escape double-quotes within the log format string) accesslog.escaping = "json" accesslog.format = "{ " #accesslog.format += "\"@timestamp\": \"%{begin:%FT%T}t.%{begin:usec_frac}tZ\", " # request start timestamp accesslog.format += "\"@timestamp\": " +"\"%{%FT%T}t.%{usec_frac}tZ\", " # request end timestamp accesslog.format += "\"@fields\": " accesslog.format += "{ " accesslog.format += "\"http_host\": " +"\"%V\", " # Host (:authority) accesslog.format += "\"remote_addr\": " +"\"%h\", " accesslog.format += "\"remote_user\": " +"\"%u\", " accesslog.format += "\"request_method\": " +"\"%m\", " accesslog.format += "\"request\": " +"\"%r\", " accesslog.format += "\"status\": " + "%s, " accesslog.format += "\"body_bytes_sent\": "+"\"%b\", " accesslog.format += "\"duration_usec\": " + "%D, " # usec (microseconds) accesslog.format += "\"http_referrer\": " +"\"%{Referer}i\", " accesslog.format += "\"http_user_agent\": "+"\"%{User-Agent}i\" " accesslog.format += "} " accesslog.format += "}"
Updated by gstrauss 6 months ago · 49 revisions