我们tomcat记录的日志内容为:

pattern="%a|%A|%T|%{X-Forwarded-For}i|%l|%u|%t|%r|%s|%b|%{Referer}i|%{User-Agent}i " resolveHosts="false"/>  

都是什么意思呢?

  • %a - Remote IP address
  • %A - Local IP address
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %B - Bytes sent, excluding HTTP headers
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %H - Request protocol
  • %l - Remote logical username from identd (always returns '-')
  • %m - Request method (GET, POST, etc.)
  • %p - Local port on which this request was received
  • %q - Query string (prepended with a '?' if it exists)
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %u - Remote user that was authenticated (if any), else '-'
  • %U - Requested URL path
  • %v - Local server name
  • %D - Time taken to process the request, in millis
  • %T - Time taken to process the request, in seconds
  • %I - Current request thread name (can compare later with stacktraces)

另外,还可以将request请求的查询参数、session会话变量值、cookie值或HTTP请求/响应头内容的变量值等内容写入到日志文件。

它仿照了apache的语法:

  • %{XXX}i xxx代表传入的头(HTTP Request)
  • %{XXX}o xxx代表传出的响应头(Http Resonse)
  • %{XXX}c xxx代表特定的Cookie名
  • %{XXX}r xxx代表ServletRequest属性名
  • %{XXX}s xxx代表HttpSession中的属性名
"%a|%A|%T|%{X-Forwarded-For}i|%l|%u|%t|%r|%s|%b|%{Referer}i|%{User-Agent}i "

翻译过来就是

"远程地址|本地地址|相应时间|X-Forwarded-For|远程用户|远程认证用户|时间|第一行|回应code|发送字节|Referer|User-Agent "

例子:

10.11.9.190|10.11.10.13|0.153|111.199.189.182|-|-|[04/May/2018:21:31:02 +0800]|GET /cms/rest.htm?v=1.0 HTTP/1.0|200|48939|-|Dalvik/2.1.0 (Linux; U; Android 7.0; PIC-AL00 Build/HUAWEIPIC-AL00)  

这样就比较全了,本机IP/外来IP,如果前面是nginx代理的,ip和内容以及user-agent都能记录下来,以便之后查找和处理。

comments powered by Disqus