Question

我们在server.xml文件pattern="%h %H %l %u %t "%r" %s %b location: %{location}o"中启用了以下访问日志模式。

有人可以帮助了解模式中的参数，然后从下面提到的日志中进行分析。

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:02 -0400] "GET / HTTP/1.1" 200 1150 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:03 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:03 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:09 -0400] "GET / HTTP/1.1" 200 1150 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /favicon.ico HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /favicon.ico HTTP/1.1" 200 21630 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /favicon.ico HTTP/1.1" 206 1 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:10 -0400] "GET /favicon.ico HTTP/1.1" 206 4982 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:18 -0400] "GET /prweb/PRServlet HTTP/1.1" 500 2375 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:18 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:27 -0400] "GET /prsysmgmt HTTP/1.1" 302 - location: /prsysmgmt/

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/ HTTP/1.1" 200 436 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/getnodes.action HTTP/1.1" 200 1664 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/js/global.js HTTP/1.1" 200 4295 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/nodeframes.action?action=frameTop HTTP/1.1" 200 2736 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/jsp/services2/DisplayWelcome.jsp HTTP/1.1" 200 503 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/js/global.js HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/js/expcollapse.js HTTP/1.1" 200 3586 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/images/blueCollapse.gif HTTP/1.1" 200 173 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/images/pega_home.gif HTTP/1.1" 200 663 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/css/styles.css HTTP/1.1" 200 3080 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/images/pega_add.gif HTTP/1.1" 200 1145 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:46:28 -0400] "GET /prsysmgmt/css/desktop.css HTTP/1.1" 200 111141 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:44 -0400] "GET / HTTP/1.1" 302 - location: https://10.100.141.21:8087/

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:44 -0400] "GET / HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:44 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:46:44 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:47:14 -0400] "GET / HTTP/1.1" 302 - location: https://10.100.141.21:8087/

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:47:14 -0400] "GET / HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:47:14 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:11:47:14 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:18 -0400] "GET / HTTP/1.1" 302 - location: https://10.100.141.21:8087/

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:20 -0400] "GET / HTTP/1.1" 200 1150 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:20 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:21 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:28 -0400] "GET /psysmgmt HTTP/1.1" 302 - location: https://10.100.141.21:8087/psysmgmt

10.103.64.119 HTTP/1.1 - - [03/Apr/2018:11:47:30 -0400] "GET /psysmgmt HTTP/1.1" 404 1078 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:00:44 -0400] "GET / HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:00:45 -0400] "GET /prweb/PRServletLDAP2 HTTP/1.1" 500 2375 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:00:45 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:01:00 -0400] "GET /prweb/PRServlet HTTP/1.1" 500 2375 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:01:00 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:02:49 -0400] "GET /prweb/PRServlet HTTP/1.1" 500 2375 location: -

10.103.62.207 HTTP/1.1 - - [03/Apr/2018:12:02:49 -0400] "GET /prweb/diagnostic/status_fail.gif HTTP/1.1" 304 - location: -

Answer 1

模式字段在documentation

中说明

看起来你使用的模式并不是那么好，虽然我们不知道你想要准确记录什么。开发服务器不是prod服务器，您可能在不同的环境中有不同的配置。

我不会重复文档，但我会说 - 意味着此字段不包含任何信息。％u仅在您对用户进行身份验证时使用，并且永远不会使用％l。如果您没有配置安全约束，可能您不需要它们。

您正在使用位置记录位置：％{location} o，但只有在使用301或302响应重定向客户端时，服务器才会返回Location标头。由于这个原因它被设定？说不上。

通常的做法是，如果你不需要任何特殊的东西，那就是依赖于众所周知的普通或组合模式，后者是历史原因的首选模式（日志分析追溯用户活动）。如文档所述，要激活其中一个，只需使用pattern =“combined”

访问日志分析@Tomcat

1 个答案: