Weblogic在運行的過程中會產生access.log,access.log可以幫助我們了解應用的一些訪問信息,比如:可以了解某個時間段的訪問數量;可以了解訪問應用的IP分布;還可以做一些安全的審計(防范攻擊)。
默認的access.log的日志格式如下:
192.168.174.132 - - [08/Mar/2017:16:00:51 -0800] "GET /Test HTTP/1.1" 302 259
192.168.174.132 - - [08/Mar/2017:16:00:51 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:14 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:17 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:17 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
192.168.174.132 - - [08/Mar/2017:16:30:18 -0800] "GET /Test/ HTTP/1.1" 200 625
這里面包含了IP、時間、請求的URL和HTTP協議,HTTP請求狀態,發送給客戶端文件內容大小等信息。我們還可以對默認的日志格式進行擴展。首先進入下列界面(主頁>服務器概要>server1)
將公用改為擴展,並將日志記錄格式字段設置成:c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent),修改完成后,重啟server1,得到的日志格式就會變成如下:
#Version: 1.0
#Fields: c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent)
#Software: WebLogic
#Start-Date: 2017-03-16 16:12:40
192.168.174.1 - 2017-03-16 16:14:26 /Test 302 269 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:27 /Test/ 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:27 /favicon.ico 404 1164 - "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:30 /Test/index.jsp 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
192.168.174.1 - 2017-03-16 16:14:34 /Test/index.jsp 200 627 "http://192.168.174.132:7001/console/console.portal?_nfpb=true&_pageLabel=WebAppApplicationTestingPage&handle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DTest%2CType%3DAppDeployment%22%29" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
可以看到日志的格式發生了變化,多了url跳轉來源,用戶終端瀏覽器等信息。具體設置可以參考下列表格:
Field | Description | Example value from above |
---|---|---|
x-GWXFF | actual client IP using custom jar file | 11.22.33.44 |
c-ip | IP of client, in this case, IP of the load balancer | 22.33.44.55 |
s-ip | IP or hostname of managed server:port |
managed-serve-rhost:port |
cs-username | Username passed during http authorization | “-” implies it was not passed |
date | date of request in YYYY-MM-DD format | 2013-11-20 |
time | time of request in HH:MM:SS format | 16:10:19 |
cs-method | Method for this request, can be GET, POST, etc | POST |
cs-uri | URI called | /HelloWorld/index.jsp |
sc-status | HTTP status code, e.g. 200, 301, 403, 500, etc | 200 |
bytes | bytes sent | 5245 |
cs(Referer) | Referer URL | “-” implies direct visit |
cs(User-Agent) | User-Agent of the client’s browser making the request | Axis/1.3 |