AWS log file format
AWS request log
The log file consists of the following 8 elements, in order,
delemited as noted:
- The date and time of the request, surrounded by '[' and ']'. Note
that this is always reported in GMT, as determined by the hoursoff option in the config file.
- The host the request was from. The host name if it is available,
the IP address if that is available but the reverse name lookup
failed, or unknown if we could not get either for some
reason.
- A '-'. This is reserved for the remote user name from identd
protocols, which is not implemented.
- The user name via HTTP authentication, or '-' if the request was
not authenticated.
- The request from the remote server, delimited by '"'. This is
normally a method (GET, POST, or
HEAD), a space, the URL on your server ('/' is
common), and an optional HTTP version number (HTTP/1.0).
- The status of the request response, as described by the HTTP
specification of response statuses.
- The number of bytes known to have been transfered. Some modules
(e.g. cgi) may transfer bytes that are
not included in this total.
- The URL of the page that has a link to the requested page, or
'-' if the client did not send that information. This is marked
by a '<' before the URL.
- The software that made the request, terminated by a '>'.
The referrer and software are not part of the Common Log File
format, and are enclosed in '<' and '>' to set them off. The rest
of the elements are from that format, with the exception that the date
and time has moved from just before the request to the beginning of
the line.
AWS error log
The error log contains messages in two basic formats:
First, any request that has a response status greater than 400
indicates an error, and is logged to the error file instead of the
request file. They have the same format as a request log entry. For
instance, status 404 requests indicate the file was not found. You can
use the referrer field of the line to determine whether the
page is one that you can correct or not.
The second type of line is a message line of some kind. I.e. - a
daemon start message (not really an error, but this leaves nothing but
requests in the request log) and network failures of various kinds are
the most common entries. Many messages end in the string ": m"; this
is an artifact of the AmiTCP syslog implementation, and I am trying to
decide how to deal with this issue.
Mike Meyer