A very common access log format in web servers. It's called combined log because it combines a normal access log, a referrer log, and user agent log.

The lines in log (one per request) looks something like this:

k74.haaga.hoasnet.fi - - [15/Feb/2002:17:05:18 +0200] "GET /yiffcam/ HTTP/1.0" 200 2839 "http://www.beastwithin.org/" "Mozilla/4.73 [en] (Windows NT 5.0; I)"

The field meanings:

  1. The domain name or IP address of the requesting machine
  2. Identd response of the user (dash means there was no identification) - this is rarely seen!
  3. HTTP username (for authentication)
  4. Date and time of the request
  5. Request itself. (Just the first line of the HTTP request.) In other words, what the user wanted.
  6. Response code. (200 = Okay, 404 = not found, etc etc...)
  7. Length of the returned data as bytes.
  8. Referring URL.
  9. The user agent.

(Source: Apache documentation and so-called "educated guessing")

Log in or register to write something here or to contact authors.