我们tomcat的日志记录格式为:
1pattern="%a|%A|%T|%{X-Forwarded-For}i|%l|%u|%t|%r|%s|%b|%{Referer}i|%{User-Agent}i " resolveHosts="false"/>
都是什么意思呢?
- %a - Remote IP address
- %A - Local IP address
- %b - Bytes sent, excluding HTTP headers, or ‘-’ if zero
- %B - Bytes sent, excluding HTTP headers
- %h - Remote host name (or IP address if resolveHosts is false)
- %H - Request protocol
- %l - Remote logical username from identd (always returns ‘-’)
- %m - Request method (GET, POST, etc.)
- %p - Local port on which this request was received
- %q - Query string (prepended with a ‘?’ if it exists)
- %r - First line of the request (method and request URI)
- %s - HTTP status code of the response
- %S - User session ID
- %t - Date and time, in Common Log Format
- %u - Remote user that was authenticated (if any), else ‘-’
- %U - Requested URL path
- %v - Local server name
- %D - Time taken to process the request, in millis
- %T - Time taken to process the request, in seconds
- %I - Current request thread name (can compare later with stacktraces)
另外,还可以将request请求的查询参数、session会话变量值、cookie值或HTTP请求/响应头内容的变量值等内容写入到日志文件。
它仿照了apache的语法:
- %{XXX}i xxx代表传入的头(HTTP Request)
- %{XXX}o xxx代表传出的响应头(Http Resonse)
- %{XXX}c xxx代表特定的Cookie名
- %{XXX}r xxx代表ServletRequest属性名
- %{XXX}s xxx代表HttpSession中的属性名
1"%a|%A|%T|%{X-Forwarded-For}i|%l|%u|%t|%r|%s|%b|%{Referer}i|%{User-Agent}i "
翻译过来就是
1"远程地址|本地地址|响应时间|X-Forwarded-For|远程用户|远程认证用户|时间|第一行|回应code|发送字节|Referer|User-Agent "
例子:
110.11.9.190|10.11.10.13|0.153|111.199.189.182|-|-|[04/May/2018:21:31:02 +0800]|GET /cms/rest.htm?v=1.0 HTTP/1.0|200|48939|-|Dalvik/2.1.0 (Linux; U; Android 7.0; PIC-AL00 Build/HUAWEIPIC-AL00)
这样就比较全了,本机IP/外来IP,如果前面是nginx代理的,ip和内容以及user-agent都能记录下来,以便之后查找和处理。
