WebLogic 12C自定义Access.log日志

不管是Nginx,还是WebLogic,在运行的过程中都会产生Access.log,Access.log可以帮助我们做一些统计(记录某个时间点访问的数量),也可以帮助我们做一些安全性的审计(防范攻击)等等。默认的Access.log 在日常的使用中,已经提供了一些基础的信息。那么Access.log如何扩展,如何自定义是我们这篇文章需要探讨的?

首先,我们来看一下修改之前,我的Access.log的日志格式,如下所示:

211.67.64.23 - - [14/Sep/2016:11:06:49 +0800] "POST /wcm/center.do HTTP/1.0" 200 2646 
211.67.64.23 - - [14/Sep/2016:11:06:51 +0800] "POST /wcm/app/website/website_addedit_dowith.jsp HTTP/1.0" 200 1 
211.67.64.23 - - [14/Sep/2016:11:06:51 +0800] "POST /wcm/app/nav_tree/tree_html_creator.jsp HTTP/1.0" 200 511 
211.67.64.23 - - [14/Sep/2016:11:06:51 +0800] "GET /wcm/app/include/cmsobject_locked.jsp?ObjId=5&ObjType=103&ActionFlag=false HTTP/1.0" 200 83 

这里面包含了IP、时间、请求的URL和HTTP协议,HTTP请求状态,发送给客户端文件内容大小等信息。而我们还能够对默认的日志进行扩展。首先进入下列界面(主页 >服务器概要 >AdminServer):

将这里的公用修改成扩展,并将扩展日志记录格式字段设置成:c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent),如下所示:

修改这个之后,需要重新启动weblogic,然后得到的日志格式,就会变成如下:

#Version: 1.0 
#Fields: c-ip cs-username date time cs-uri sc-status bytes cs(Referer) cs(User-Agent) 
#Software: WebLogic 
#Start-Date: 2016-09-14 17:32:37 

211.67.64.23 - 2016-09-14 09:32:37 /wcm/app/main/refresh.jsp?r=1473845558269 302 299 "http://static-news.e21.cn 
/wcm/app/main.jsp" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 
211.67.64.23 - 2016-09-14 09:32:37 /wcm/include/not_login.htm 200 571 "http://static-news.e21.cn/wcm/app/main.js 
p" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 
211.67.64.163 - 2016-09-14 09:32:49 /wcm/app/login.jsp 200 3572 "http://211.67.64.24:7001/wcm/" "Mozilla/5.0 (Wind 
ows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 
211.67.64.163 - 2016-09-14 09:32:49 /wcm/app/js/easyversion/extrender.js 304 0 "http://211.67.64.24:7001/wcm/app/ 
login.jsp" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 

可以看到日志的格式发生了变化,多了url跳转来源,用户终端浏览器等信息。那么具体的这个地方要怎么设置呢?可以参考下列表格:

Field Description Example value from above
x-GWXFF actual client IP using custom jar file 11.22.33.44
c-ip IP of client, in this case, IP of the load balancer 22.33.44.55
s-ip IP or hostname of managed
server:port
managed-serve-rhost:port
cs-username Username passed during http authorization “-” implies it was not passed
date date of request in YYYY-MM-DD format 2013-11-20
time time of request in HH:MM:SS format 16:10:19
cs-method Method for this request, can be GET, POST, etc POST
cs-uri URI called /HelloWorld/index.jsp
sc-status HTTP status code, e.g. 200, 301, 403, 500, etc 200
bytes bytes sent 5245
cs(Referer) Referer URL “-” implies direct visit
cs(User-Agent) User-Agent of the client’s browser making the request Axis/1.3

这里需要说明一下x-GWXFF这个参数,如果要使用这个参数,需要创建一个GWXFF.java文件,详情可以参考文档:How to Configure WebLogic Server to Capture Client IP Addresses Behind a Load Balancer Using Extended Log Format (文档 ID 1602379.1)

分享到: 更多

Post a Comment

Your email is never published nor shared. Required fields are marked *