<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en-us" />
<meta name="ROBOTS" content="ALL" />
<meta http-equiv="imagetoolbar" content="no" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<meta name="Keywords" content="cherokee web server httpd http" />
<meta name="Description" content="Cherokee is a flexible, very fast, lightweight Web server. It is implemented entirely in C, and has no dependencies beyond a standard C library. It is embeddable and extensible with plug-ins. It supports on-the-fly configuration by reading files or strings, TLS/SSL (via GNUTLS or OpenSSL), virtual hosts, authentication, cache friendly features, PHP, custom error management, and much more." />
<link href="media/css/cherokee_doc.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<h2 id="_a_href_index_html_index_a_8594_a_href_modules_html_modules_a_8594_a_href_modules_loggers_html_loggers_a"><a href="index.html">Index</a> → <a href="modules.html">Modules</a> → <a href="modules_loggers.html">Loggers</a></h2>
<div class="sectionbody">
<h3 id="_logger_ncsa">Logger: NCSA</h3><div style="clear:left"></div>
<div class="paragraph"><p>Also known as the <em>Common log format</em> (<strong>CLF</strong>). This is a standard
format produced by many web servers and read by many log analysis
tools. Some of the fields specified by the format might actually be
missing if the information that should be logged is not present. These
fields will simply be replaced by "hyphens" ("-"), which is the
standard behavior.</p></div>
<div class="paragraph"><p>This log format contains only basic HTTP access information: the
requested resource and a few other pieces of information, but does not
contain referral, user agent, or cookie information.</p></div>
<div class="paragraph"><p>The fields in the Common log file format are:</p></div>
<div class="listingblock">
<div class="content">
<pre><tt> host rfc1413 username date:time request statuscode bytes</tt></pre>
</div></div>
<div class="paragraph"><p>A log file produced by this logger will look more or less like this:</p></div>
<div class="sidebarblock">
<div class="sidebar-content">
<div class="paragraph"><p>::ffff:127.0.0.1 - - [11/Aug/2008:16:17:58 +0000] "GET /index.html HTTP/1.1" 200 2633</p></div>
</div></div>
<div class="paragraph"><p>Each field of this log entry is described below.</p></div>
<div class="dlist"><dl>
<dt class="hdlist1">
<strong>host</strong> (::ffff:127.0.0.1)
</dt>
<dd>
<p>
This is the remote host’s IP (the client IP) or host/subdomain. It
corresponds to the address of the device requesting the
information. If a proxy sever exists between the user and the server,
this address will correspond to the proxy instead of the machine
actually requesting data.
</p>
</dd>
<dt class="hdlist1">
<strong>rfc1413</strong> (-)
</dt>
<dd>
<p>
Missing piece of information. In this case it is the RFC 1413 identity
of the client determined by identd on the clients machine, which is
highly unreliable and should not be trusted anyway.
</p>
</dd>
<dt class="hdlist1">
<strong>user</strong> (-)
</dt>
<dd>
<p>
This is the username or UID of the person requesting the document as
determined by HTTP authentication. Since the document is not password
protected, it is not present in this case. If it is present, the value
should not be trusted until the user is actually authenticated.
</p>
</dd>
<dt class="hdlist1">
<strong>date:time timezone</strong> ([11/Aug/2008:14:18:14 +0000])
</dt>
<dd>
<p>
The time when the server processed the request. The format is:
</p>
</dd>
</dl></div>
[day/month/year:hour:minute:second zone]
<div class="paragraph"><p>+
- day = 2*digit
- month = 3*letter
- year = 4*digit
- hour = 2*digit
- minute = 2*digit
- second = 2*digit
- zone = (‘+’ | ‘-’) 4*digit</p></div>
<div class="dlist"><dl>
<dt class="hdlist1">
<strong>request</strong>"GET /index.html HTTP/1.1"
</dt>
<dd>
<p>
The request from the client is given in double quotes, and contains
the method used by the client (GET), the requested resource
(/index.html) and the protocol (HTTP/1.1).
</p>
</dd>
<dt class="hdlist1">
200
</dt>
<dd>
<p>
Status code sent back to the client. In this case it indicates a
successful response. The full list of possible status codes can be
found in the HTTP specification
(<a href="http://www.ietf.org/rfc/rfc2616.txt">RFC2616</a>, section 10).
</p>
</dd>
<dt class="hdlist1">
2633
</dt>
<dd>
<p>
The last entry is the size returned to the client excluding the
response headers. This will be "-" if no content is returned. To log "0" for no content, use %B instead.
</p>
</dd>
</dl></div>
</div>
<div id="footer">
<div id="footer-text">
</div>
</div>
</body>
</html>
