Log file formats

1. Common Log format (CLF)
2. W3C
3. Squid native format
4. NCSA Log format
5. Cloud Front
6. Google Cloud Storage
7. AWS elastic load balancing (https/s)

The Common Log Format example.

207.40.10.1 user-identifier frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

Explanation:

• If you find "-" in a field this indicates the missing data.
• 207.40.10.1 is the IP address of the client (remote host) which made the request to the server.
• user-identifier is the RFC 1413 identity of the client.
• frank is the userid of the person requesting the document.
• [10/Oct/2000:13:55:36 -0700] is the date, time, and time zone that the request was received, by default in strftime format %d/%b/%Y:%H:%M:%S %z.
• "GET /apache_pb.gif HTTP/1.0" is the request line from the client. The method GET, /apache_pb.gif the resource requested, and HTTP/1.0 the HTTP protocol.
• 200 is the HTTP status code returned to the client. 2xx is a successful response, 3xx a redirection, 4xx a client error, and 5xx a server error.
• 2326 is the size of the object returned to the client, measured in bytes.

NGINX perspective

NGINX writes information about client requests in the access log right after the request is processed and default format is like this as set in http server block:

http {

log_format compression '$remote_addr - $remote_user [$time_local] '

'"$request" $status $body_bytes_sent '

'"$http_referer" "$http_user_agent" "$gzip_ratio"';



server {

gzip on;

access_log /spool/logs/nginx-access.log compression;

...

}

}

This would fit into the the Common Log format:

%h %^[%d:%t %^] "%r" %s %b