我在 Ubuntu 20.04.2 LTS 上运行 Apache2 网络服务器。我注意到我的access.log几行只是简单地说combine了这些,没有关于请求或其他任何信息。还有其他几access.log行不是说combine,并且做有关于该请求的信息。
以下是我的一个示例access.log:
combine
combine
combine
45.129.136.74 - - [26/Aug/2021:00:17:23 -0400] "\x03" 400 0 "-" "-"
45.129.136.74 - - [26/Aug/2021:00:17:23 -0400] "\x03" 400 0 "-" "-"
combine
192.241.204.78 - - [26/Aug/2021:00:23:55 -0400] "GET / HTTP/1.1" 200 546 "-" "Mozilla/5.0 zgrab/0.x"
84.54.153.88 - - [26/Aug/2021:00:27:54 -0400] "GET / HTTP/1.1" 200 621 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
combine
combine
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "POST /api/jsonws/invoke HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:57 -0400] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /console/ HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.164.110 - - [26/Aug/2021:01:02:58 -0400] "GET /_ignition/execute-solution HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.129.136.74 - - [26/Aug/2021:01:05:21 -0400] "\x03" 400 0 "-" "-"
205.185.126.200 - - [26/Aug/2021:01:12:58 -0400] "POST /boaform/admin/formLogin HTTP/1.1" 404 475 "http://40.121.65.70:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
185.189.182.234 - - [26/Aug/2021:01:32:22 -0400] "GET / HTTP/1.1" 400 0 "-" "-"
42.193.16.135 - - [26/Aug/2021:01:34:15 -0400] "GET / HTTP/1.1" 200 565 "-" "Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.62 XWEB/2692 MMWEBSDK/200901 Mobile Safari/537.36"
206.189.182.136 - - [26/Aug/2021:01:45:23 -0400] "GET /ab2g HTTP/1.1" 400 0 "-" "-"
206.189.182.136 - - [26/Aug/2021:01:45:23 -0400] "GET /ab2h HTTP/1.1" 400 0 "-" "-"
combine
combine
combine
combine
combine
我的apache2.conf有这些行:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
另外在我的一个sites-enabled配置文件中我有以下行:
CustomLog ${APACHE_LOG_DIR}/access.log combine
访问日志中的这些行是什么combine意思?我到底为什么要看它们?我怎样才能让这些行不只是说说而已combine,而是真正显示一些有用的信息?
答案1
在我看来,这似乎是打字错误。
以下是有问题的那一行:
CustomLog ${APACHE_LOG_DIR}/access.log combine
这文档声明第二个参数是“要么是先前的 LogFormat 指令定义的昵称,要么是日志格式部分中描述的明确格式字符串。”
因为这是不是由先前的 LogFormat 指令定义的昵称,它将被视为格式字符串。这意味着文字“combine”将被记录。
假设您想要使用之前定义的“组合”LogFormat,在这种情况下您只需修复拼写错误即可。