A very common access log format in web servers. It's called combined log because it combines a normal access log, a referrer log, and user agent log.
The lines in log (one per request) looks something like this:
k74.haaga.hoasnet.fi - - [15/Feb/2002:17:05:18 +0200] "GET /yiffcam/ HTTP/1.0" 200 2839 "http://www.beastwithin.org/" "Mozilla/4.73 [en] (Windows NT 5.0; I)"
The field meanings:
- The domain name or IP address of the requesting machine
- Identd response of the user (dash means there was no identification) - this is rarely seen!
- HTTP username (for authentication)
- Date and time of the request
- Request itself. (Just the first line of the HTTP request.) In other words, what the user wanted.
- Response code. (200 = Okay, 404 = not found, etc etc...)
- Length of the returned data as bytes.
- Referring URL.
- The user agent.
(Source: Apache documentation and so-called "educated guessing")