Saturday, February 23, 2013

Lighttpd - Access log

Lighttpd have an access log, but it's disabled by default.

Activate access log
To actite it you have to modify the configuration file:
"/etc/lighttpd/lighttpd.conf"

Where you have to activate the mod_accesslog module:

server.modules = (
...
"mod_accesslog"
...
)

And define the access log path, exemple: 
accesslog.filename             = "/var/log/lighttpd/access.log"

Reading the log
The log will be written in the defined file. Every week, the file will be saved as "access.log.2.gz" and a new "access.log" file will be created.

Log Format
Log lines are defined like that by default:
address of remote-host adress of the server user timestamp "request" status code bytes sent "Referer adress" "User-Agent"

1?.6?.1?.1? www.htcpcp.net - 23/Jan/2013:07:13:56 +0000 "GET / HTTP/1.1" 200 1371 "http://www.error418.fr/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)"

When I decided to check of my server log, I didn't thought to find something interesting in it. But reading this log was much more exciting than I thought, making me discover a universe populated by Agents Robots, Nerds and Pirates who will the topic of future posts.

2 comments:

  1. Is it possible to get the IP addresses in access.log resolved to domain names?

    ReplyDelete
  2. The log monitoring program that you should obtain to monitor your production log files must be as simple as the below but must still remain powerfully versatile:
    seo log analyzer

    ReplyDelete