What are access logs?
Server access logs contain raw information about each request made to your web site. Here are a few sample lines from the current access logs:
38.107.179.210 - - [28/May/2012:05:42:14 -0700] "GET /php/colors.php HTTP/1.1" 200 6093 "-" "CCBot/1.0 (+http://www.commoncrawl.org/bot.html)" "www.webmaster-showcase.net"
38.107.179.206 - - [28/May/2012:05:42:17 -0700] "GET /ssl/index.php HTTP/1.1" 302 248 "-" "CCBot/1.0 (+http://www.commoncrawl.org/bot.html)" "www.webmaster-showcase.net"
212.95.226.66 - - [28/May/2012:05:42:38 -0700] "GET / HTTP/1.0" 200 668 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" "www.webmaster-showcase.net"
38.107.179.207 - - [28/May/2012:05:43:20 -0700] "GET /thoughts.txt HTTP/1.1" 200 5301 "-" "CCBot/1.0 (+http://www.commoncrawl.org/bot.html)" "www.webmaster-showcase.net"
38.107.179.208 - - [28/May/2012:05:43:24 -0700] "GET /yahoo/SendMail.php HTTP/1.1" 200 4921 "-" "CCBot/1.0 (+http://www.commoncrawl.org/bot.html)" "www.webmaster-showcase.net"
See the detailed explanation below.
How to get them
You can configure your web site so the server access logs are written into a file named "access.log" in your "logs" directory. See the link on your control panel when you are logged in as a WebHosting member.
If the "logs" directory doesn't exist, you get no information. So, if you want to see the access logs you must create the "logs" directory.
To prevent others from viewing your access logs, password protect the logs directory.
NOTE: These files use part of your disk quota so don't ask for them if you aren't going to use them.What they mean
Each line contains "fields" which are separated by a space. If the field can contain a space, the field value is put into enclosing quote marks. The fields are:
| Field Number | example | explanation |
|---|---|---|
| 1 | 216.145.50.200 | IP address of requesting system |
| 2 | s1.who.net | The name of the IP identified by the first field. This may not be available. In that case it is just a dash (-). |
| 3 | mary | This is the name from the name/password pair presented with the request for an access-controlled resource. You don't want the world to see this because it makes a cracker's job easy -- they already have half of the data needed to access the access-controlled area. That's why you should access-control the logs directory. If no name/password pair was provided with the request this field value is just a dash (-). |
| 4 | [05/Mar/2002:10:45:01 -0800] | Time stamp of when the request was made. It's in UTC (universal time co-ordinates) with an offset. "-800" indicates the server is 8 hours west 0 longitude (Greenwich, England). |
| 5 | "GET / HTTP/1.0" | This is the request. |
| 6 | 200 | This is the response code. "200" indicates a normal response. "304" is another common response indicating the requested resource has not changed so the browser can use it's locally-cached copy. |
| 7 | 4272 | Number of bytes sent in response to the request. This only counts the data bytes, not the overhead bytes of the HTTP protocol. So, for example, "304" resposes show no bytes sent (just a dash) but the sever did send back some bytes. It sent back at least the "304" response code. |
| 8 | "http://www.webmaster-showcase.net/index.php" | This is the referring URL. If a requested HTML file contains <IMG> tags, for example, when the browser requests the image it tells the server that the request was made because it was included on the requesting page. It sends the URL of the requesting page as the referrer. When you type a URL into the request line in your browser, that request would not have a "referrer" value. |
| 9 | "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)" | The type of browser making the request. |
| 10 | "www.webmaster-showcase.net" | The domain used to access the resource. Since a WebHosting member can set up multiple sub-domains which may access the same resources, this item can be used to identify how the resource was requested. |
