Decoding Tomcat and Apache Logs: Formats, Parameters, and Browser Differences
This article explains the default and recommended log patterns for Tomcat and Apache HTTPD, provides detailed descriptions of each log parameter, shows sample log entries, and compares how different browsers appear in the server logs.
Tomcat Log Explanation
Configuration file:
server.xmlDefault log pattern
<code>pattern="%h %l %u %t \"%r\" %s %b"</code>Recommended log pattern
<code>pattern="%{X-FORWARDED-FOR}i %l %u %t %r %s %b %D %{User-Agent}i"</code>Sample log output
<code>192.168.3.14- - [14/Dec/2017:17:56:05+0800] GET /solr/admin/cores?_=1513245362283&indexInfo=false&wt=json HTTP/1.1 200 487 3 ...</code>Parameter details
%a: remote IP address
%A: local IP address
%b: number of bytes sent, excluding HTTP headers, or “-” if none
%B: number of bytes sent, excluding HTTP headers
%D: time taken to process the request in milliseconds
%h: remote host name
%H: request protocol
%I: current request thread name
%l: remote logical username from identd (always returns “-”)
%m: request method
%p: local port
%q: query string (prefixed with “?” if present)
%r: first line of the request
%s: HTTP status code
%S: user session ID
%t: date and time in common log format
%T: time taken to process the request in seconds
%u: remote user authentication
%U: URL path requested
%v: local server name
Apache HTTPD Log Explanation
Recommended LogFormat
<code>LogFormat "%{X-Forwarded-For}i %l %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined</code>Parameter details
%a: remote IP address
%A: local IP address
%B: bytes sent, excluding HTTP headers
%b: CLF format bytes sent, “-” if none
%{FOOBAR}e: contents of environment variable FOOBAR
%f: filename
%h: remote host
%H: request protocol
%{FOOBAR}i: contents of request header FOOBAR
%l: remote login name (from identd)
%m: request method
%{FOOBAR}n: contents of note FOOBAR from other modules
%{FOOBAR}o: contents of response header FOOBAR
%p: port used to serve the request
%P: process ID of the child handling the request
%q: query string (including “?” if present)
%r: first line of request
%s: status (original request status; use %>s for final status)
%t: time in common log format
%{format}t: time in specified format
%T: time taken to serve the request in seconds
%u: remote user (from auth)
%U: URL path requested
%v: server name
%V: canonical server name
%{Referer}i: referring page
%{User-agent}i: user agent string
%{X-Forwarded-For}i: real client IP
Browser request differences
Edge
<code>192.168.3.13 - [21/Dec/2017:13:30:35 +0800] "GET /img/jlt1.png HTTP/1.1" 200 66045 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"</code>IE
<code>192.168.3.13 - [21/Dec/2017:13:33:56 +0800] "GET /img/Exhibition-bg.png HTTP/1.1" 200 5866 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"</code>Firefox
<code>192.168.3.13 - [21/Dec/2017:13:34:43 +0800] "GET /img/expert3.jpg HTTP/1.1" 200 8161 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0"</code>Chrome
<code>192.168.3.13 - [21/Dec/2017:13:32:35 +0800] "GET /img/cm2.png HTTP/1.1" 200 12341 "http://www.mytest.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"</code>Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.