Weblogic在运行的过程中会产生access.log,access.log可以帮助我们了解应用的一些访问信息,比如:可以了解某个时间段的访问数量;可以了解访问应用的IP分布;还可以做一些安全的审计(防范攻击)。
默认的access.log的日志格式如下:
192.168.174.132 - - [08/Mar/2017:16:00:51 -0800] "GET /Test HTTP/1.1" 302 259
192.168.174.132 - - [08/Mar/2017:16:00:51 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:14 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:17 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:17 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
这里面包含了IP、时间、请求的URL和HTTP协议,HTTP请求状态,发送给客户端文件内容大小等信息。我们还可以对默认的日志格式进行扩展。首先进入下列界面(主页>服务器概要>server1)
将公用改为扩展,并将日志记录格式字段设置成:c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent),修改完成后,重启server1,得到的日志格式就会变成如下:
#Version: 1.0
#Fields: c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent)
#Software: WebLogic
#Start-Date: 2017-03-16 16:12:40
192.168.174.1 - 2017-03-16 16:14:26 /Test 302 269 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:27 /Test/ 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:27 /favicon.ico 404 1164 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:30 /Test/index.jsp 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:34 /Test/index.jsp 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
可以看到日志的格式发生了变化,多了url跳转来源,用户终端浏览器等信息。具体设置可以参考下列表格:
| Field | Description | Example value from above |
|---|---|---|
| x-GWXFF | actual client IP using custom jar file | 11.22.33.44 |
| c-ip | IP of client, in this case, IP of the load balancer | 22.33.44.55 |
| s-ip | IP or hostname of managed server:port |
managed-serve-rhost:port |
| cs-username | Username passed during http authorization | “-” implies it was not passed |
| date | date of request in YYYY-MM-DD format | 2013-11-20 |
| time | time of request in HH:MM:SS format | 16:10:19 |
| cs-method | Method for this request, can be GET, POST, etc | POST |
| cs-uri | URI called | /HelloWorld/index.jsp |
| sc-status | HTTP status code, e.g. 200, 301, 403, 500, etc | 200 |
| bytes | bytes sent | 5245 |
| cs(Referer) | Referer URL | “-” implies direct visit |
| cs(User-Agent) | User-Agent of the client’s browser making the request | Axis/1.3 |