apache访问日志管理

bgey

　　1.访问日志

　　在之前的虚拟主机配置文件中，有两行日志相关的配置，末尾的combined是日志的格式类型
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined　　在apache的主配置文件中定义了如下的日志格式

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common　　/usr/local/apache2.4/logs/111.com-access_log中记录了主机111.com的访问记录，combined模式的日志如下：
[root@test_01 ~]# cat /usr/local/apache2.4/logs/111.com-access_log
192.168.231.128 - - [21/Dec/2017:00:22:13 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - - [21/Dec/2017:20:02:16 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
127.0.0.1 - - [21/Dec/2017:20:11:22 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
127.0.0.1 - - [21/Dec/2017:20:16:12 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
192.168.231.1 - - [21/Dec/2017:20:18:16 +0800] "GET / HTTP/1.1" 401 381
192.168.231.1 -  wennan [21/Dec/2017:20:18:51 +0800] "GET / HTTP/1.1" 401 381
192.168.231.1 - wennan [21/Dec/2017:20:18:59 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:18:59 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.231.1 - wennan [21/Dec/2017:20:19:15 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:22:00 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:38:38 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:40:23 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:40:32 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:40:59 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:41:11 +0800] "GET / HTTP/1.1" 200 8
192.168.231.128 - wennan [21/Dec/2017:20:43:25 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.231.1 - wennan [21/Dec/2017:20:51:55 +0800] "GET / HTTP/1.1" 200 8
192.168.231.1 - wennan [21/Dec/2017:20:52:04 +0800] "GET /123.php HTTP/1.1" 500 -
127.0.0.1 - - [21/Dec/2017:20:53:11 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - - [21/Dec/2017:20:53:21 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
192.168.231.128 - wennan [21/Dec/2017:20:53:36 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.231.128 - wennan [21/Dec/2017:20:54:07 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 29
192.168.231.1 - wennan [21/Dec/2017:20:54:14 +0800] "GET /123.php HTTP/1.1" 200 29
192.168.231.128 - - [21/Dec/2017:22:05:24 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.231.128 - - [21/Dec/2017:22:58:50 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.231.128 - - [21/Dec/2017:22:58:54 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.231.128 - - [21/Dec/2017:22:58:55 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.231.128 - - [21/Dec/2017:23:00:48 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 - "-" "curl/7.29.0"
192.168.231.128 - - [21/Dec/2017:23:00:49 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 - "-" "curl/7.29.0"　　2.不记录指定类型的文件

　　①在虚拟主机配置文件中加入如下内容：

SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/111.com-access_log" combined env=!img　　上述配置内容意义为，将gif等类型的文件同意标记为img，然后在记录访问日志的时候不去记录img标记的访问记录
　　②重启服务
[root@test_01 ~]# /usr/local/apache2.4/bin/apachectl graceful　　③多次访问jpg，png等类型文件及非img文件后得到如下日志。设置生效。
[root@test_01 ~]# !tail
tail /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [21/Dec/2017:23:28:57 +0800] "HEAD HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:37:38 +0800] "HEAD HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:38:13 +0800] "HEAD HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:38:45 +0800] "HEAD HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:39:26 +0800] "HEAD HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 - "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:41:20 +0800] "GET HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 215 "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:41:42 +0800] "GET HTTP://111.com/asdasdasdasda.jpg HTTP/1.1" 404 215 "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:46:16 +0800] "GET HTTP://111.com/asdasdasdasda.png HTTP/1.1" 404 215 "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:49:52 +0800] "GET HTTP://111.com/asdasdasdasda.jpg1 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [21/Dec/2017:23:49:58 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"　　3.日志切割
　　①配置虚拟主机配置文件如下：

CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined env=!img　　说明：
　　在此处，调用apache自带的日至切割工具rotatelogs来进行处理。

　　-l：以当前时间系统时间为基准切割日志，否则以UTC时间切割日志。
　　%Y%m%d：根据时间日期自动创建对应时间的日志文件。

　　86400：以天为单位切割日志。
　　②重新加载主机配置文件，然后使用curl工具或者浏览器访问111.com的内容来产生访问日至。
[root@test_01 ~]# curl -x127.0.0.1:80 111.com/123.php
123.php authorization passed
[root@test_01 ~]# curl -x127.0.0.1:80 111.com/123.php
123.php authorization passed
[root@test_01 ~]# curl -x127.0.0.1:80 111.com/123.php
123.php authorization passed
[root@test_01 ~]# curl -x127.0.0.1:80 111.com/123.php
123.php authorization passed　　③查看/usr/local/apache2.4/logs/目录下产生的以日期分割的新日志文件
[root@test_01 ~]# ls /usr/local/apache2.4/logs/
111.com-access_20171222.log  123.com-access_log  access_log
111.com-access_log           abc.com-access_log  error_log
111.com-error_log            abc.com-error_log   httpd.pid
[root@test_01 logs]# cat 111.com-access_20171222.log
127.0.0.1 - - [22/Dec/2017:00:35:01 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:05 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:07 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:07 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:08 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:09 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:09 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:10 +0800] "GET HTTP://111.com/asdasdasdasda.jpg2 HTTP/1.1" 404 216 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:28 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 29 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:30 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 29 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:30 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 29 "-" "curl/7.29.0"
127.0.0.1 - - [22/Dec/2017:00:35:31 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 29 "-" "curl/7.29.0"