Saturday, February 23, 2013

Lighttpd - Access log

Lighttpd have an access log, but it's disabled by default.

Activate access log
To actite it you have to modify the configuration file:
"/etc/lighttpd/lighttpd.conf"

Where you have to activate the mod_accesslog module:

server.modules = (
...
"mod_accesslog"
...
)

And define the access log path, exemple: 
accesslog.filename             = "/var/log/lighttpd/access.log"

Reading the log
The log will be written in the defined file. Every week, the file will be saved as "access.log.2.gz" and a new "access.log" file will be created.

Log Format
Log lines are defined like that by default:
address of remote-host adress of the server user timestamp "request" status code bytes sent "Referer adress" "User-Agent"

1?.6?.1?.1? www.htcpcp.net - 23/Jan/2013:07:13:56 +0000 "GET / HTTP/1.1" 200 1371 "http://www.error418.fr/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)"

When I decided to check of my server log, I didn't thought to find something interesting in it. But reading this log was much more exciting than I thought, making me discover a universe populated by Agents Robots, Nerds and Pirates who will the topic of future posts.

1 comment:

  1. Is it possible to get the IP addresses in access.log resolved to domain names?

    ReplyDelete