LogLogic Apache Web Server Log Configuration Guide

(1)

LogLogic Apache Web Server 

Log Configuration Guide

Document Release: September 2011 Part Number: LL60009-00ELS090001

(2)

Proprietary Information

This document contains proprietary and confidential information of LogLogic, Inc. and its licensors.  In accordance with the license, this document may not be copied, disclosed, modified, transmitted, or translated except as permitted in writing by LogLogic, Inc.

Trademarks

LogLogic and the LogLogic logo are trademarks or registered trademarks of LogLogic, Inc. in the United States and/or foreign countries. All other company or product names are trademarks or registered trademarks of their respective owners.

Notice

(3)

LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable,

experienced engineers who can help you maximize the performance of your LogLogic Appliances. To reach LogLogic Customer Support:

Telephone: Toll Free—1-800-957-LOGS Local—1-408-834-7480

EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970 Email: support@loglogic.com

You can also visit the LogLogic Support website at: http://www.loglogic.com/services/support.  When contacting Customer Support, be prepared to provide:

Your name, email address, phone number, and fax number Your company name and company address

Your machine type and release version

A description of the problem and the content of pertinent error messages (if any)

Documentation Support

Your feedback on LogLogic documentation is important to us. Send e-mail to

DocComments@loglogic.com if you have questions or comments. Your comments will be reviewed and addressed by the LogLogic technical writing team.

(6)

Conventions

LogLogic documentation uses the following conventions to highlight code and command-line elements:

A monospace font is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as filenames, directories, paths, and URLs).

A monospace bold font is used to distinguish system prompts or screen output from user responses, as in this example:

username: system

home directory: home\app

A monospace italic font is used for placeholders, which are general names that you replace with names specific to your site, as in this example: 

LogLogic_home_directory\upgrade\

(7)

Chapter 1 – Configuring LogLogic’s Apache Web

Server Log Collection

This chapter describes the configuration steps that enable a LogLogic Appliance to capture Apache Web Server logs. The configuration steps assume that you have a functioning LogLogic Appliance that can be configured to capture Apache Web Server access log data

Introduction to Apache Web Server . . . 7

Prerequisites . . . 7

Configuring Apache Web Server . . . 8

Enabling the LogLogic Appliance to Capture Log Data . . . 9

Verifying the Configuration . . . 14

Introduction to Apache Web Server

LogLogic supports the capture and analysis of Apache Web Server access logs. The access log includes information about user requests processed by the server. The location and content of the access log are controlled by the CustomLog directive in the Apache Web Server configuration file (i.e., httpd.conf). The Log Format directive can be used to simplify the selection of the contents of the logs.

Access logs can be obtained in two formats based on the configuration, common log format and combined log format. The combined log format is exactly the same as the common log format, with the addition of two fields (i.e, Referer and User-Agent HTTP request header). The common log format is enabled by default, while the combined log format must be enabled by modifying the configuration file.

The LogLogic Appliance captures access log data from the Apache Web Server by file pull using a file transfer rule. The configuration procedures for Apache Web Server and the LogLogic

Appliance depend upon the log format used within your environment. For more information, see

How LogLogic Captures Apache Web Server Log Data on page 15.

Prerequisites

Prior to configuring Apache Web Server and the LogLogic Appliance, ensure that you meet the following prerequisites:

Apache HTTP Server version 2.x or later installed on a UNIX system (i.e., Solaris, AIX, Linux, etc.), Microsoft Windows, or Novell NetWare

Read and Write permissions on Apache Web Server log files Proper access permissions to make configuration changes

3rd-party FTP, FTP(S), HTTP(S), CIFS, SCP, and/or SFTP server software installed for any platform that does not have these capabilities by default. For more information, see

Configuring the LogLogic Appliance for File Collection on page 9.

LogLogic Appliance running Release 5.1 or later installed with a Log Source Package that includes Apache Web Server support

(8)

Configuring Apache Web Server

This section describes the configuration to be done on Apache Web Server for enabling different logging formats and rotation of logs.

Configuring httpd.conf to Enable Combined/Common Log

Format

The combined log format is not enabled by default. To enable the combined log format, changes to the httpd.conf file are required. This file is located in the following directory:

Apache root directory/conf/httpd.conf Open the file in a text editor and make the following changes:

<IfModule log_config_module> #

# The following directives define some format nicknames for use with # a CustomLog directive (see below).

#

#LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Note: When entering a file path on non-UNIX platforms, make sure that only forward slashes are used even though the platform may allow the use of back slashes.

Configuring httpd.conf for Log Rotation

For log rotation, a tool named rotatelogs is used in conjunction with the CustomLog directive in the httpd.conf file. The rotatelogs tool is available by default with Apache Web Server. In the configuration example given below, the file is rotated every 1 hour or when the size of the log file becomes 5 MB, whichever condition occurs earlier. The filename and timestamp is in the syntax, for example:

accesslog.year month day hour min secs.log

Example 1 Common Log format #

# The location and format of the access logfile (Common Logfile Format).

(9)

Example 2 Combined Log format #

# The location and format of the access logfile (Combined Logfile Format).

#

CustomLog "|/usr/apache/bin/rotatelogs /www/logs/ accesslog.%Y%m%d%H%M%S.log 3600 5M" combined

</IfModule>

Note: After the configuration files are changed, the Apache Web Server must be restarted for any modified options to take effect.

Enabling the LogLogic Appliance to Capture Log Data

The following sections describe how to enable the LogLogic Appliance to capture Apache Web Server log data.

Configuring the LogLogic Appliance for File Collection

The LogLogic Appliance captures Apache Web Server logs using file pull functionality via a file transfer rule. If the host machine where Apache Web Server is installed does not have file transfer functionality by default, you can use one of the following deployment options for log file

collection:

Install 3rd-party file transfer software (or create a script to handle file transfers) on the host machine where Apache Web Server is installed

Configure a remote Host Server with file transfer capability to capture log files from the Apache Web Server host machine

Once the file transfer capability on the host machine or the remote Host Server is properly configured, you can create file transfer rules on the LogLogic Appliance for each log file you want to capture. The LogLogic Appliance pulls the log files via a supported file transfer protocol such as SFTP, SCP, FTP(S), HTTP(S), etc. For more information, see the LogLogic Administration Guide.

Note: Although the LogLogic Appliance supports a variety of file transfer protocols, LogLogic recommends that you use a secure protocol (such as SFTP or SCP) for transferring files.

Capturing Apache Web Server Log Data via SFTP

The following procedure explains, at a high-level, how to configure your environment to capture file-based log messages via SFTP. LogLogic recommends using SFTP for Windows-based systems, or SCP for Unix-based systems, to securely transfer files to the LogLogic Appliance from your log source. However, you can use any of the LogLogic-supported protocols in your environment (i.e., FTP(S), HTTP(S), SCP, etc.).

Note: For more information on each supported protocol, including whether a Public Key Copy is needed and what search methods (i.e., CSV, Wildcard) are available, see the LogLogic

(10)

To enable the LogLogic Appliance to capture log data via SFTP:

1. Make sure that a destination directory (i.e., log directory) exists and is accessible on the host machine where Apache Web Server is installed.

The destination directory should contain the original log files that Apache Web Server generates.

2. Transfer the Apache Web Server log files to a separate publishing directory on the host machine or on a remote Host Server.

You can use a script or 3rd-party software that makes a copy of or moves the log files from the destination directory (i.e., log directory) to the publishing directory. In addition, if you are using a script, you can specify the schedule for when the script runs (e.g., hourly, daily, or weekly).

Note: If you are using a remote Host Server to transfer logs to the LogLogic Appliance, LogLogic recommends that you define a clean-up process to handle old log files that accumulate over time.

3. On the LogLogic Appliance, add the Apache Web Server to the Appliance as a new device. For more information, see Adding an Apache Web Server Device on page 10.

4. Create a file transfer rule and specify SFTP as the Protocol. For more information, see

Creating File Transfer Rules on page 11.

IMPORTANT! SCP and SFTP have limitations in their ability to pull a large number of files (100 or more). LogLogic recommends that you compress the files into a single file (such as .tar or tar.gz) before the files are pulled by the LogLogic Appliance.

5. File transfer rules using SFTP as the protocol require a public key copy from the LogLogic Appliance. You need to copy the Appliance’s public key to the Apache Web Server host machine or the remote Host Server. For more information on public key copy, see the LogLogic Administration Guide.

Adding an Apache Web Server Device

LogLogic captures Apache Web Server access log files using the file pull functionality via file transfer rule. You must add the server as a new device so LogLogic can properly handle the log file data to make it available through reports and searching. Once you have successfully added an Apache Web Server device, you must configure file transfer rules for file collection. For more information, see Configuring the LogLogic Appliance for File Collection on page 9.

To add an Apache Web Server as a new device: 1. Log in to the LogLogic Appliance.

2. From the navigation menu, select Management > Devices. The Device tab appears.

3. Click Add New.

(11)

Figure 1 Adding a Device to the LogLogic Appliance

4. Type in the following information for the device: Name—Name for the Apache WebServer device

Description (optional)—Description of the Apache WebServer device Device Type—Select Apache WebServer from the drop-down menu

Host IP—IP address of the machine hosting the Apache Web Server log data (this can be a remote Host Server or the host machine where Apache Web Server is installed)

Enable Data Collection—Select the Yes radio button

Refresh Device Name through DNS Lookups (optional)—Select this checkbox to enable the Name field to be automatically updated. The name is obtained using a reverse DNS lookup on the configured refresh interval. The DNS name overrides any manual name you assign.

5. Click Add.

6. Verify that your new device appears in the Devices tab and that Enabled is set to Yes.  (See Figure 4 on page 14.)

After you add the new device, you can configure the LogLogic Appliance by setting up file transfer rules. For information on configuring the LogLogic Appliance to capture Apache Web Server log messages, see Configuring the LogLogic Appliance for File Collection

on page 9.

Creating File Transfer Rules

After you add your Apache Web Server device, you can create a file transfer rule for the log files. File transfer rules enable the LogLogic Appliance to pull files from the host machine or remote Host Server publishing the Apache Web Server log files.

(12)

Examples: file

/foo/file, /bar/*.log

/foo?/bar*/*.aud, /foo1/file1.tar.gz, /foo1/file2.Z /foo[2-8]/bar*/net*.log

LogLogic can pull and decompress archive files, extract individual files from the archive files, and then process the individual files. The following file types are supported: .tar.bz2, .tar.gz, tar.Z, .tgz, .taz, .tar, .gz, .z, .Z, .zip, .ZIP. For more information, see the LogLogic Administration Guide.

To create a file transfer rule:

1. Log in to the LogLogic Appliance.

2. From the navigation menu, select Management > Devices. 3. Select the File Transfer Rules tab.

4. Add a rule for the Apache Web Server log files you want to capture by completing the following steps:

a.From the Device Type drop-down menu, select Apache WebServer.

b.From the Device drop-down menu, select the appropriate Apache WebServer device.

Figure 2 File Transfer Rules Tab

Note: If you have added only one Apache Web Server device, the device name is automatically added.

5. Click Add New then enter the appropriate information for the following required fields: Rule Name—Name of the transfer rule (e.g., Apache WebServer Access Logs) Protocol—Specify the appropriate protocol (e.g., SFTP, SCP, FTP(S), etc.)

Note: LogLogic recommends using a secure file transfer protocol, such as SFTP for Windows-based devices or SCP for UNIX-based devices. If you are using SFTP or SCP, you must copy the

Appliance’s public key to the machine where the logs are located. For more information, see

(13)

g

Files—Full path (after the IP address) to the Host Server where the Apache Web Server log files are located. For example:

/log/file_name.log

To capture all logs in a specific directory specify the asterisk (*) wildcard. For example:

/log/*.log

The server can be the host machine where the device is installed or a remote Host Server with file transfer functionality. For more information, see Configuring the LogLogic Appliance for File Collection on page 9.

File Format—Select Apache WebServer Log from the drop-down menu Collection Time—Specify the time you want to retrieve the log file

Use Advanced Duplication Detection—Select the Yes radio button if you want the LogLogic Appliance to check for duplicate data while capturing the Apache WebServer logs.

Enable—Select the Yes radio button to enable the file transfer rule 6. Click Add.

(14)

Verifying the Configuration

The section describes how to verify that the configuration changes made to Apache Web Server and the LogLogic Appliance are applied correctly.

To verify the configuration:

1. Log in to the LogLogic Appliance.

2. From the navigation menu, select Dashboards > Log Source Status. The Log Source Status tab appears.

Figure 4 Log Source Status — Apache WebServer Added

3. Locate the IP address for each Apache WebServer device.

If the device name (Apache WebServer) appears in the list of devices, then the configuration is correct. If the device does not appear in the Log Source Status tab, check the Apache WebServer logs for events that should have been sent. If events were detected and are still not appearing on the LogLogic Appliance, verify the Apache WebServer configuration and the LogLogic Appliance configuration.

You can also verify that the LogLogic Appliance is properly capturing log data from Apache Web Server by trying to view the data in the reports. LogLogic recommends checking the reports to make sure that the data obtained is valid and matches expectations. For more information, see

(15)

Chapter 2 – How LogLogic Supports Apache Web

Server

This chapter describes LogLogic’s support for Apache Web Server. LogLogic enables you to capture log data to monitor Apache Web Server events. LogLogic supports Apache Web Server logs.

How LogLogic Captures Apache Web Server Log Data . . . 15

Supported Apache Web Server Access Log Data . . . 16

LogLogic Real-Time Reports . . . 17

LogLogic Search Filters . . . 17

How LogLogic Captures Apache Web Server Log Data

By default, Apache Web Server access log data is recorded in a file named access_log.txt. The access_log.txt file is located in the Apache Web Server’s installation directory within the Logs directory. LogLogic enables you to capture the log data in text format from a remote file system using SFTP, SCP, FTP(S), HTTP(S), etc.

The LogLogic Appliance uses file pulling to capture Apache Web Server log messages. Log files unchanged since the last pull are filtered out from collecting to eliminate duplication. File pulling maintains a record of log files identified on the database to allow conversion. All log messages are pulled from the specified path where the converted log files are stored.

Note: LogLogic enables you to collect Apache Web Server log messages at a configurable time (e.g., every x minutes, at an hourly interval, daily at a specified time, or weekly at a specified date and time).

(16)

Figure 5 Apache Web Server with LogLogic Components and Processes for File-Based Log Collection

Once the data is captured and parsed, you can generate reports. In addition, you can create alerts to notify you of issues on Apache Web Server. For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help.

Note: When a log file is transferred, each file contains a timestamp which consists of a date and time. The timestamp refers to the file creation date and time for a particular message in the file. For a listing of LogLogic supported date and time formats, see the LogLogic Administration Guide.

Supported Apache Web Server Access Log Data

LogLogic enables you to capture Apache Web Server access log data. There are five event categories of access records that can be generated for Apache Web Server:

Informational Successful Redirection Server Error Client Error

Table 1 on page 22 lists the Apache Web Server access messages that are supported by the LogLogic Appliance.

Note: The LogLogic Appliance captures all messages from the Apache Web Server logs, but includes only specific messages for report/alert generation.

(17)

LogLogic Real-Time Reports

LogLogic provides pre-configured Real-Time Reports for Apache Web Server log data. The following Real-Time Reports are available:

All Unparsed Events - Displays data for all events retrieved from the Apache Web Server log for a specified time interval

Web Cache Activity – Displays locally-stored web information served during a specified time interval

Web Surfing Activity – Displays web information served during a specified time interval

To access LMI 5 Real-Time Reports:

1. In the top navigation pane, click Reports. 2. Click Network Activity.

The following Real-Time Reports are available: Web Cache Activity

Web Surfing Activity 3. Click Operational.

The following Real-Time Reports are available: All Unparsed Events

You can create custom reports from the existing Real-Time Report templates. For more information, see the LogLogic User Guide and LogLogic Online Help.

LogLogic Search Filters

LogLogic provides pre-configured Search Filters for Apache Web Server log data. Search Filters are used to filter report data and create alerts.

To access Search Filters:

1. From the navigation menu, select Search. 2. Select Search Filters.

The following Search Filters are available:

Apache: 3xx - Redirected – Displays information about Apache Web Server HTTP Error 3xx - Page Redirected errors

Apache: 403 - Forbidden – Displays information about Apache Web Server HTTP Error 403 - Access Denied/Forbidden errors

Apache: 404 - Not Found – Displays information about Apache Web Server HTTP Error 404 - Page Not Found errors

Apache: 4xx & 5xx Page Retrieve – Displays information about Apache Web Server HTTP 4xx & 5xx - Page Retrieving errors

(18)

Chapter 3 – Troubleshooting and FAQ

This chapter contains troubleshooting information regarding the configuration and/or use of log collection for Apache Web Server. It also contains Frequently Asked Questions (FAQ), providing quick answers to common questions.

Troubleshooting . . . 18

Frequently Asked Questions . . . 19

Troubleshooting

Is your version of Apache Web Server supported?

For more information, see Prerequisites on page 7.

Is your LogLogic Appliance running Release 5.1 or later?

If you are running an release prior to 5.1, you might require an upgrade. Contact LogLogic Support for more information.

Is the appropriate Log Source Package (LSP) installed properly?

Check to make sure that the LSP that is installed includes support for Apache Web Server. Also make sure that the package was installed successfully. For more information on LSP installation procedures, see the LogLogic Log Source Package Release Notes.

If Apache Web Server events are not appearing on the LogLogic Appliance...

You need to verify if the LogLogic Appliance is receiving the logs correctly. For more information, see Problems Retrieving Log Files Using Configured File Transfer Rules on page 18.

Also, make sure that you are using the proper log format (common or combined) and that you have properly configured log rotation on Apache Web Server. For more information, see

Configuring Apache Web Server on page 8.

Problems Retrieving Log Files Using Configured File Transfer

Rules

If you are having general problems retrieving log files using your configured file transfer rules, you might need to verify that your LogLogic Appliance is receiving Apache Web Server logs as scheduled.

(19)

3. Select the File Transfer Rules tab.

The File Transfer Rules tab appears with a table displaying all of your file transfer rules. 4. Find the file-based log data entries.

5. Under the Last Successful Retrieval column, watch for a successful transfer as defined by the Collection Interval mark.

6. Under the Last Attempted Retrieval column, verify that there are no failures.

7. If the Last Attempted Retrieval value is incrementing but the Last Successful Retrieval value is not changing, then the LogLogic Appliance is not receiving logs correctly. If this problem occurs, then complete the following steps:

a.Verify the path to your log files. If necessary, make appropriate changes. b.Verify your user name and password. If necessary, make appropriate changes. Alternatively, you can run an Index Search against Apache Web Server as follows to check log collection:

1. From the navigation menu, select Search > Index Search.

2. Specify the LogLogic Appliance as the Device Type and choose the appropriate Source Device.

3. Enter your Boolean Search query. For example:

To return file collector-related logs, type engine_filecollector

To return only Apache entries, type engine_filecollector and Apache Entries can be found in the /loglogic/status/filecollector_status file.

Frequently Asked Questions

How does the LogLogic Appliance collect logs from Apache Web Server?

Apache Web Server can generate access logs using a combined or common log format. The access log (access_log.txt) is captured by the LogLogic Appliance using file pull via a file transfer rule. For more information, see How LogLogic Captures Apache Web Server Log Data on page 15.

What access permissions are required?

To configure logging on Apache Web Server, the user needs to have Read and Write permissions to edit configuration files.

How do I configure logging on Apache Web Server?

(20)

(21)

Appendix A – Event Reference

This appendix lists the LogLogic-supported Apache Web Server events. The LogLogic Apache Web Server event table identifies events which can be analyzed through the LogLogic Agile Reports, as well as a sample log message. All sample log messages were captured by LogLogic’s file pull utility.

LogLogic Support for Apache Web Server Events

The following list describes the contents of each of the columns in the table below. Event ID – Apache Web Server event identifier

Agile Reports/Search – Defines if the Apache Web Server event is available through the LogLogic Agile Report Engine or through the search capabilities. If the event is available through the Agile Report Engine, then you can use LogLogic’s Real-Time Reports and Summary Reports to analyze and display the captured log data. Otherwise, all other

supported events that are captured by the LogLogic Appliance can be viewed by performing a search for the log data.

Title/Comments – Event name

Event Category – Category of events such as Informational, Successful, etc. Event Type – Type of event such as Info, Success, etc.

Sample Log Message (Common) – Sample Apache Web Server access log messages in common log format

(22)

Table 1 Apache Web Server Events Event ID Agile Reports/ Search Title/ Comments Event Category Event Type Sample Log Message (Common)

Sample Log Message (Combined)

1 100 Agile HTTP_CONTINUE Informational Info S-->127.0.0.1 - - [22/ Dec/2006:12:06:39 +0530] "GET /test/ test.html HTTP/1.1" 201 64 S-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 100 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

2 101 Agile HTTP_SWITCHIN

G_PROTOCOLS Informational Info S-->127.0.0.1 - - [22/Dec/2006:12:06:39 +0530] "GET /test/ test.html HTTP/1.1" 202 64 S-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 101 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

3 200 Agile HTTP_OK Successful Success R-->10.201.51.60 - - [27/Jun/2006:12:18:26 +0530] "GET / HTTP/ 1.0" 200 44 R-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 200 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

4 201 Agile HTTP_CREATED Successful Success S-->127.0.0.1 - - [22/ Dec/2006:12:06:39 +0530] "GET /test/ test.html HTTP/1.1" 201 64 S-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 201 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

5 202 Agile HTTP_ACCEPTED Successful Success S-->127.0.0.1 - - [22/ Dec/2006:12:06:39 +0530] "GET /test/ test.html HTTP/1.1" 202 64 S-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 202 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

6 203 Agile HTTP_NON_AUTH

ORITATIVE Successful Success S-->127.0.0.1 - - [22/Dec/2006:12:06:39 +0530] "GET /test/ test.html HTTP/1.1" 203 64 S-->10.116.24.52 - - [22/Jan/2007:07:03:57 -0500] "GET /mantis/account_delete.php HTTP/1.1" 203 1938 "http:// 10.116.28.103:8080/mantis/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

7 204 Agile HTTP_NO_CONT

(23)

Event ID Agile Reports/ Search Title/ Comments Event Category Event Type Sample Log Message (Common)

9 206 Agile HTTP_PARTIAL_C

ONTENT Successful Success R-->209.149.149.133 - - [20/Oct/2003:12:49:23 -0700] "GET /gcs/ gc1add.pdf HTTP/1.1" 206 71657

10 300 Agile HTTP_MULTIPLE_

CHOICES Redirection Info S-->127.0.0.1 - - [27/Jun/2006:13:54:41 +0530] "GET /Redhat HTTP/1.1" 300 232

S-->10.116.24.52 - - [29/Jan/2007:12:47:05 -0500] "GET /mantis HTTP/1.1" 300 241 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

11 301 Agile HTTP_MOVED_P

ERMANENTLY Redirection Info R-->crawler8.googlebot.com - - [21/Oct/ 2003:10:58:38 -0700] "GET /gcs HTTP/1.0" 301 236

R-->10.116.24.52 - - [29/Jan/2007:12:47:05 -0500] "GET /mantis HTTP/1.1" 301 241 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

12 302 Agile HTTP_MOVED_TE

MPORARILY Redirection Info R-->128.95.20.157 - - [21/Oct/2003:10:57:51 -0700] "POST /gcs/ form2mail.cgi HTTP/ 1.1" 302 0

13 303 Agile HTTP_SEE_OTHE

R Redirection Info S-->127.0.0.1 - - [27/Jun/2006:13:54:41 +0530] "GET /Redhat HTTP/1.1" 303 232

14 304 Agile HTTP_NOT_MODI

FIED Redirection Info R-->127.0.0.1 - admin [22/Dec/2006:13:12:58 +0530] "GET /test/ test.html HTTP/1.1" 304

-R-->10.116.24.52 - - [29/Jan/2007:12:44:23 -0500] "GET / HTTP/1.1" 304 - "-" "Mozilla/ 4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

15 305 Agile HTTP_USE_PROX

Y Redirection Info S-->127.0.0.1 - - [27/Jun/2006:13:54:41 +0530] "GET /Redhat HTTP/1.1" 305 232

16 306 Agile Unused Redirection Info S-->127.0.0.1 - - [27/

Jun/2006:13:54:41 +0530] "GET /Redhat HTTP/1.1" 306 232

17 307 Agile HTTP_TEMPORA

RY_REDIRECT Redirection Info S-->127.0.0.1 - - [27/Jun/2006:13:54:41 +0530] "GET /Redhat HTTP/1.1" 307 232

18 400 Agile HTTP_BAD_REQU

EST Client Error Error R-->192.168.10.1 - - [03/Sep/2002:16:57:13 -0400] "GET / HTTP/ 1.1" 400 394

S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 400 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

19 401 Agile HTTP_UNAUTHO

(24)

20 402 Agile HTTP_PAYMENT_

REQUIRED Client Error Error S-->127.0.0.1 - - [22/Dec/2006:13:08:52 +0530] "GET /test/ test.html HTTP/1.1" 402 401 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 402 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

21 403 Agile HTTP_FORBIDDE

N Client Error Error R-->localhost - - [22/Dec/2006:12:32:25 +0530] "GET /test/ test.html HTTP/1.1" 403 216 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 403 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

22 404 Agile HTTP_NOT_FOUN

D Client Error Error R-->10.115.5.33 - - [27/Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 404 221 R-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 404 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

23 405 Agile HTTP_METHOD_

NOT_ALLOWED Client Error Error R-->152.22.18.16 - - [22/Aug/2005:09:46:17 -0700] "PROPFIND / gcs/ grantattachment.doc HTTP/1.1" 405 257 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 405 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

24 406 Agile

HTTP_NOT_ACCE PTABLE

Client Error Error S-->10.115.5.33 - - [27/ Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 406 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 406 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

25 407 Agile HTTP_PROXY_AU

THENTICATION_R EQUIRED

26 408 Agile HTTP_REQUEST_

TIMEOUT Client Error Error R-->192.168.10.1 - - [03/Sep/2002:11:20:25 0400] "" 408

-S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 408 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

27 409 Agile HTTP_CONFLICT Client Error Error S-->10.115.5.33 - - [27/ Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 409 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 409 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

28 410 Agile HTTP_GONE Client Error Error S-->10.115.5.33 - - [27/

(25)

29 411 Agile HTTP_LENGTH

REQUIRED Client Error Error S-->10.115.5.33 - - [27/Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 411 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 411 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

30 412 Agile HTTP_PRECONDI

TION_FAILED Client Error Error S-->10.115.5.33 - - [27/Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 412 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 412 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

ENTITY_TOO_LA RGE

URI_TOO_LARGE Client Error Error S-->10.115.5.33 - - [27/Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 414 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 414 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

33 415 Agile HTTP_UNSUPPO

RTED_MEDIA_TY PE

34 416 Agile HTTP_RANGE_N

OT_SATISFIABLE Client Error Error S-->host213.200.73.37.adsl.ifxnw.cl - - [16/Dec/ 2005:15:30:13 -0800] "GET /gcs/gc1add.pdf HTTP/1.1" 416 0 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 416 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

35 417 Agile HTTP_EXPECTATI

ON_FAILED Client Error Error S-->10.115.5.33 - - [27/Jun/2006:17:21:40 +0530] "GET /./RedHat/ base/updates.img HTTP/1.0" 417 221 S-->10.116.24.52 - - [22/Jan/2007:07:04:06 -0500] "GET /mantis1/account_delete.php HTTP/1.1" 417 224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)"

36 500 Agile HTTP_INTERNAL_

SERVER_ERROR Server Error Error R-->d-128-95-115-93.dhcp4.testlab.com - - [08/Oct/2003:11:47:15 -0700] "POST /gcs/ form2mail.cgi HTTP/ 1.1" 500 -S-->10.116.24.52 - - [22/Jan/2007:06:59:02 -0500] "\x80L\x01\x03" 500 216 "-" "-" 37 501 Agile HTTP_NOT

IMPLEMENTED Server Error Error R-->192.168.10.1 - - [03/Sep/2002:11:17:44 0400] "get" 501

-R-->10.116.24.52 - - [22/Jan/2007:06:59:02 -0500] "\x80L\x01\x03" 501 216 "-" "-"

38 502 Agile HTTP_BAD_GATE

WAY Server Error Error S-->192.168.10.1 - - [03/Sep/2002:11:17:44 0400] "get" 502

(26)

39 503 Agile HTTP_SERVICE_

UNAVAILABLE Server Error Error S-->192.168.10.1 - - [03/Sep/2002:11:17:44 0400] "get" 503

-S-->10.116.24.52 - - [22/Jan/2007:06:59:02 -0500] "\x80L\x01\x03" 503 216 "-" "-"

40 504 Agile HTTP_GATEWAY_

TIME_OUT Server Error Error S-->192.168.10.1 - - [03/Sep/2002:11:17:44 0400] "get" 504 -S-->10.116.24.52 - - [22/Jan/2007:06:59:02 -0500] "\x80L\x01\x03" 504 216 "-" "-" 41 505 Agile HTTP_VERSION_ NOT_SUPPORTE D

Server Error Error S-->192.168.10.1 - - [03/Sep/2002:11:17:44 0400] "get" 505

LogLogic Apache Web Server Log Configuration Guide