 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
| Appendix E: Understanding Server Logs |
Appendix E - Server Log FilesA portion of a server log file from an Apache Web server illustrates the statistics that can be generated by reviewing log files. ---------------- 209.98.171.75 - jdoe [15/Jan/2002:10:33:41 -0600] "GET /newsletter/People.html HTTP/1.1" 200 22415 209.98.171.75 - - [15/Jan/2002:10:33:42 -0600] "GET /images/news/EmployeePhotos/jnielsen.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:42 -0600] "GET /images/news/EmployeePhotos/ghelseth.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:42 -0600] "GET /images/news/EmployeePhotos/jmelville.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:43 -0600] "GET /images/news/EmployeePhotos/enelson.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:43 -0600] "GET /images/news/EmployeePhotos/bkinney.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:43 -0600] "GET /images/news/EmployeePhotos/ebeazley.jpg HTTP/1.1" 304 - 209.98.171.75 - - [15/Jan/2002:10:33:43 -0600] "GET /images/news/EmployeePhotos/jschuman.jpg HTTP/1.1" 304 - The log file lists, in order, separated by spaces: 1) The IP address of the user that requested the page. In the above example 209.98.171.75. If the user is behind a proxy or a firewall, this number may not be reported, or may not always be accurate. 2) The group name of the user. In this case, this is blank, represented by a dash [-]. In most cases, this is blank. 3) The user name, if the user was required to authenticate to the server. In our example log file, on the first line, one user requested a page from a secure area, and a username and password were required. 4) The date and time of the request. For example, [15/Jan/2002:10:33:41 -0600]. 5) The method used to fetch the page (POST, GET, HEADER, etc.). This is usually information of use only to programmers. 6) The URL of the page requested. Notice that each image request is broken out. All of these were images on the initial page requested (line one). Each image on a page, therefore, generates a line in a log file. This must be accounted for, and can make counting visitors by parsing a log file difficult. 7) The Protocol that the Web browser used. In our example, HTTP/1.1. 8) The status of the request. This is usually a number. 200, for instance (on the first line), indicates a page that was successfully retrieved. 9) The number of bytes transferred. The example provided is a basic Web server log. Other information besides the data shown can be recorded. The user’s operating system, browser type and browser version, for instance, can be recorded. If a visitor enters your Web site from another site, either by clicking on a link or by following a bookmark, the referring Web site can be captured as well. Advanced techniques using client side scripts and server side applications are possible as well, but are beyond the scope of this document.
|