Currently I have a number of virtualhosts in my Apache 2.4 httpd file. I'd like to be able to capture more info on who is visiting and when, including the IP Address and User Agent in the access_log.
In httpd conf file I have this:
` <IfModule log_config_module>
# info from http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded
</IfModule>
Which results in this:
`At the moment, it shows this:
`::1 - - [05/Aug/2016:02:49:26 +1200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 (internal dummy connection)"``
I also tried various other suggested configs found on here and in google, but so far I am not having any luck.
My understanding is that since the logging directive is outside the record, it should capture the specified traffic (detailed here)- but as you can see from the example, it's not working.
Best Answer
The connection log you posted was a internal connection, used by apache to keep a worker alive. It's not actually a visitor at all! The out-of-the-box "combined" format should by default give you the log entries you seek.
That would be the following LogFormat:
and then, in your VirtualHost block, you want the following:
If you're behind a reverse-proxy cache, this becomes a bit more interesting, but an apache module such as mod-rpaf should help with that.