tomcat log description

Configuration file server.xml

The default log format is

pattern="%h %l %u %t "%r" %s %b"

Recommended use

pattern="%{X-FORWARDED-FOR}i %l %u %t %r %s %b %D %{User-Agent}i" 

The log output is as follows

192.168.3.14 - - [14/Dec/2017:17:56:05 +0800] GET /solr/admin/cores?_=1513245362283&indexInfo=false&wt=json HTTP/1.1 200 487 3 
?_=1513245362283&indexInfo=false&wt=json 
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

The parameters are described in detail as follows

% a: Remote IP address
 % A: Local IP address
 % b: Number of bytes sent, excluding HTTP headers, or ":" If no bytes are sent
 % B: Number of bytes sent, excluding HTTP headers
 % D: Time to process requests (in milliseconds)
% h: Remote host name
 % H: Request Protocol
 % I (capitalized i): the thread name of the current request
 % l (lowercase L): Remote logic from identd user name (always returns':')
% m: Request method
 % p: Local Port
 % q: Query string (with a "?" before it)? If it exists, otherwise it's an empty string
 % r: Requirements in the first line
 % s: Response HTTP status code
 % S: User session ID
 % t: Date and time, in common log format
 % T: Time spent processing requests (in seconds)
% u: Remote user authentication
 % U: Request URL path
 % v: Local server name

httpd log description

Recommended use

LogFormat "%{X-Forwarded-For}i %l %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""  combined

The parameters are described in detail as follows

% a: Remote IP address
 % A: Local IP address
 % B: Number of bytes sent, excluding HTTP headers
 % b: The number of bytes sent in CLF format, excluding HTTP headers. For example, when no data is sent, write'-'instead of 0.
% {FOOBAR}e: Content of the environment variable FOOBAR
 % f: File name
 % h: Remote Host
 % H: Request agreement
 % Foobar}i: The content of the Foobar, the header line of the request sent to the server.
% l: Remote login name (from identd, if provided)
% m: Method of request
 % Foobar}n: The annotation "Foobar" from another module
 % Foobar}o: Foobar content, header line of response
 % p: Ports used by the server in response to requests
 % P: The child process ID that responds to the request.
% q: Query string (if there is a query string, it contains the following part of "?"; otherwise, it is an empty string.)
% r: The first line of the request
 % s: State. For internal redirection requests, this refers to the status of the * original * request. If%> s is used, it refers to subsequent requests.
% t: Time expressed in common log time format (or standard English format)
% {format}t: Time in the specified format
 % T: Time spent responding to requests in seconds
 % u: Remote users (from auth; may be forged if the return status (% s) is 401)
% U: The URL path requested by the user
 % v: ServerName of the server responding to the request
 % V: Server name based on UseCanonical Name settings
 % Referer}i: This page that jumps from that page link
 % {User-agent}i: User-Agent of the user
 % {X-Forwarded-For}i: Recording Real Client ip

Look at the differences between browsers when accessing

Edge

192.168.3.13 - [21/Dec/2017:13:30:35 +0800] "GET /img/jlt1.png HTTP/1.1" 200 66045 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
192.168.3.13 - [21/Dec/2017:13:30:35 +0800] "GET /img/rigrt-mack.png HTTP/1.1" 200 4646 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"

IE

192.168.3.13 - [21/Dec/2017:13:33:56 +0800] "GET /img/Exhibition-bg.png HTTP/1.1" 200 5866 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.3.13 - [21/Dec/2017:13:33:56 +0800] "GET /img/jlt1.png HTTP/1.1" 200 66045 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

Firefox

192.168.3.13 - [21/Dec/2017:13:34:43 +0800] "GET /img/expert3.jpg HTTP/1.1" 200 8161 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0"
192.168.3.13 - [21/Dec/2017:13:34:43 +0800] "GET /img/Service1.jpg HTTP/1.1" 200 30918 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0"

Chrome

192.168.3.13 - [21/Dec/2017:13:32:35 +0800] "GET /img/cm2.png HTTP/1.1" 200 12341 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.3.13 - [21/Dec/2017:13:32:35 +0800] "GET /img/cm3.png HTTP/1.1" 200 14835 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"