Page Comparison

Tomcat server can be configured to use different type of logging systems, the server has default logging configuration and can be configured to use log4j. Tomcat can also create access logs based on the Access Log Valve.

...

In XpoLog such pattern (combined) will be translated into:

{geoiptext:Client IPRemoteHost,ftype=remoteip;type=;,} {stringtext:Remote Log Namelogname,ftype=remotelog;,} {stringtext:Remote User,ftype=remoteuser;,} [{date:Date,locale=en;,dd/MMM/yyyy:HH:mm:ss z}] "{choice:Method,ftype=reqmethod;,GET;POST;HEAD} {stringurl:URL,paramsFtype=querystring;ftype=requrl;,}{block,start,emptiness=true}?{string:Query,ftype=querystringparamsName=Query;,} {block,end,emptiness=true} {string:reqprotocol,ftype=reqprotocol;,}" {number:StatusResponseStatus,ftype=respstatus;,} {number:Bytes Sent,ftype=bytesent;,} } "{string:RefererQuery,ftype=refererquery;,}{regexp:Referer,ftype=referer;refName=RefererQuery,^([\w-]+://[^?]+|/[^?]+)}" "{string:User Agent,ftype=useragent;,}"{eoe}

...

In XpoLog such pattern (common) will be translated into:

{geoiptext:Client IPRemoteHost,ftype=remoteip;type=;,} {stringtext:Remote Log Namelogname,ftype=remotelog;,} {stringtext:Remote User,ftype=remoteuser;,} [{date:Date,locale=en;,dd/MMM/yyyy:HH:mm:ss z}] "{choice:Method,ftype=reqmethod;,GET;POST;HEAD} {stringurl:URL,paramsFtype=querystring;ftype=requrl;paramsName=Query;,} {block,start,emptiness=true}?{string:Queryreqprotocol,ftype=querystringreqprotocol;,}" {block,end,emptiness=true} {string:reqprotocol,ftype=reqprotocol;,}" {number:Status,ftype=respstatus;,number:ResponseStatus,ftype=respstatus} {number:Bytes Sent,ftype=bytesent;,}{eoe}

XpoLog Pattern Wizard

...

Apache Tomcat Access Log Format Conversion Table both for AccessLogValve and for ExtendedAccessLogValve

logtyep logtype should be set to: tomcat, access

...

{ip:LocalIPlocaliplocalipagentstring Agent;,string}

{string:Query,ftype=querystring} – Optional

%T taken to serve the request, in seconds.

, in the form given by format, which should be in an extended strftime(3) format (potentially localized). If the format starts with begin: (default)

the time is taken at the beginning of the request processing. If it starts with end: it is the time when the log entry gets written, close to the end of the request

processing. In addition to the formats supported by strftime(3), the following format tokens are supported:

Format String	Description	XpoLog Pattern	XpoLog ftype
`%a`	Remote IP-address	{geoip:Client Remote IP,ftype=remoteip;type=;,}	remoteip	`%A`	Local IP-address
%{c}a	Underlying peer IP address and port of the connection	{geoip:Remote IP,ftype=	remoteip}	remoteip
`%B`	`%A`	Local IP-address	{ip:Local IP,ftype=localip}	localip
`%B`	Size of response in bytes, excluding HTTP headers.	{number:BytesSentBytes Sent,ftype=bytesent}	bytesent
`%b`	Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '`-`' rather than a 0 when no bytes are sent.	{textnumber:BytesSentBytes Sent,ftype=bytesent}	bytesent
`%{`Foobar`}C`	The contents of cookie Foobar in the request sent to the server. Only version 0 cookies are fully supported.	{string:Cookie_< FOOBAR >} Replace < FOOBAR > with cookie name
`%D`	The time taken to serve the request, in microseconds.	{number:ResponseTimeMilliSecsResponseTimeMicroSecs,ftype=processrequestmilliprocessrequestmicrosecs} processrequestmilli	processrequestmicrosecs
`%{`FOOBAR`}e`	The contents of the environment variable FOOBAR	{string:EnvVariable_< FOOBAR >} Replace < FOOBAR > with variable name
`%f`	Filename	{text:FileName}
`%h`	Remote host name (or IP address if `resolveHosts` is false)	{text:Remotehost,ftype=remoteip}	remoteip
`%H`	The request protocol	{text:RequestProtocol,ftype=reqprotocol}	reqprotocol
`%{`Foobar`}i`	The contents of Foobar`:` header line(s) in the request sent to the server. Changes made by other modules (e.g. mod_headers) affect this. If you're interested in what the request header was prior to when most modules would have modified it, use mod_setenvif to copy the header into an internal environment variable and log that value with the `%{`VARNAME`}e` described above.	{text:<FOOBAR>} https://en.wikipedia.org/wiki/List_of_HTTP_header_fields and so on it goes for the different headers.
`%{`Referer`}i`	The referer which is associated with the request	{string:RefererQuery,ftype=refererquery;,}{regexp:Referer,ftype=referer;refName=RefererQuery,^([\w-]+://[^?]+\|/[^?]+)}	referer
`%{`User-	Agent`}i`	The User Agent which is associated with the request	{	text:User	-agent,ftype=useragent	}	useragent
`%{`X-Forwarded-For`}i`	Method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.	{iptext:X-Forwarded-For,ftype=forwardforip}	forwardforip
`%k`	Number of keepalive requests handled on this connection. Interesting if KeepAlive is being used, so that, for example, a '1' means the first keepalive request after the initial one, '2' the second, etc...; otherwise this is always 0 (indicating the initial request). Available in versions 2.2.11 and later.	{number:KeepAlive}
`%l`	Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set `On`.	{stringtext:logname,ftype=remotelog;,}	remotelog
`%m`	The request method	{choice:Method,ftype=reqmethod;,GET;POST;HEAD}	reqmethod
`%{`Foobar`}n`	The contents of note Foobar from another module.	{string:<FOOBAR>}
`%{`Foobar`}o`	The contents of Foobar`:` header line(s) in the reply.	{string:<FOOBAR>}
`%p`	The canonical port of the server serving the request	{number:ServerPort,ftype=serverport}	serverport
`%{`format`}p`	The canonical port of the server serving the request or the server's actual port or the client's actual port. Valid formats are `canonical`, `local`, or `remote`. `%{canonical}p` `%{local}p` `%{remote}p`	{number:ServerPort,ftype=serverport} {number:LocalServerPort,ftype=localserverport} {number:RemotePort,ftype=remoteport}	serverport localserverportt remoteport
`%P`	The process ID of the child that serviced the request.	{text:ProcessID,ftype=processid}	processid
`%{`format`}P`	The process ID or thread id of the child that serviced the request. Valid formats are `pid`, `tid`, and `hextid`. `hextid` requires APR 1.2.0 or higher.	{text:ProcessID,ftype=processid} Valid formats are `pid`, `tid`, and `hextid`.	processid
%{pid}P		{text:ProcessID,ftype=processid}	processid
%{tid}P		{text:ThreadID,ftype=threadid}	threadid
%{hextid}P		{text:HexThreadID,ftype=hexthreadid}	hexthreadid
%q	The query string (prepended with a `?` if a query string exists, otherwise an empty string)	{stringtext:QueryQueryString,ftype=querystring;,} OR Suggest a regexp that will build a list of parameters as columnscloumns. The query string (prepended with a `?` if a query string exists, otherwise an empty string)	querystring
`%r`	First line of request	{choice:Method,ftype=reqmethod;,GET;POST}	{	url:URL,paramsFtype=querystring;ftype=requrl	;paramsName=Query;,} {string:reqprotocol,ftype=reqprotocol;,}	reqmethod requrl querystring reqprotocol
`%R`	The handler generating the response (if any).	{text:ResponseHandler}
`%s`	Status. For requests that got internally redirected, this is the status of the original request --- `%>s` for the last.	{number:ResponseStatus,ftype=respstatus} . For requests that got internally redirected, this is the status of the original request --- %>s for the last.	respstatus
%S	User Session ID	{text:UserSessionID,ftype=sessionid}	sessionid
`%t`	Time the request was received (standard english format)	{date:Date,locale=en,dd/MMM/yyyy:HH:mm:ss z}
`%{`format`}t`	The time	{number:ResponseTimeSecs,ftype=processrequestsecs}	processrequestsecs
`%{`UNIT`}T`	The time taken to serve the request, in a time unit given by `UNIT`. Valid units are `ms` for milliseconds, `us` for microseconds, and `s` for seconds. Using `s` gives the same result as `%T` without any format; using `us` gives the same result as `%D`. Combining `%T` with a unit is available in 2.2.30 and later.	{number:ResponseTimeMilliSecs,ftype=processrequestmilli} {number:ResponseTimeMicroSecs,ftype=processrequestmicrosecs} {number:ResponseTimeSecs,ftype=processrequestsecs}	processrequestmilli processrequestmicrosecs processrequestsecs
`%{`format`}t`	The time, in the form given by format, which should be in an extended `strftime(3)` format (potentially localized). If the format starts with `begin:` (default) the time is taken at the beginning of the request processing. If it starts with `end:` it is the time when the log entry gets written, close to the end of the request processing. In addition to the formats supported by `strftime(3)`, the following format tokens are supported:	`sec`

`sec`	number of seconds since the Epoch
`msec`	number of milliseconds since the Epoch
`usec`	number of microseconds since the Epoch
`msec_frac`	millisecond fraction
`usec_frac`	microsecond fraction

These tokens can not be combined with each other or strftime(3) formatting in the same format string. You can use multiple %{format}t tokens instead.

The extended strftime(3) tokens are available in 2.2.30 and later.

{date:Date,locale=en,dd/MMM/yyyy:HH:mm:ss z}

sec number of seconds since the Epoch
msec

number of milliseconds since the Epoch
usec

number of microseconds since the Epoch
msec_frac

millisecond fraction
usec_frac

microsecond fraction

These tokens can not be combined with each other or strftime(3) formatting in the same format string. You can use multiple %{format}t tokens instead.

The extended strftime(3) tokens are available in 2.2.30 and later.

{date:Date,locale=en,dd/MMM/yyyy:HH:mm:ss z}

sec number of seconds since the Epoch
msec number of milliseconds since the Epoch
usec number of microseconds since the Epoch
msec_frac millisecond fraction
usec_frac microsecond fraction

%u

Remote user

%T

The time taken to serve the request, in seconds.

{number:ResponseTimeSecs,ftype=processrequestsecs}

processrequestsecs

%{UNIT}T

The time taken to serve the request, in a time unit given by UNIT. Valid units are ms for milliseconds, us for microseconds, and s for seconds. Using s gives the

same result as %T without any format; using us gives the same result as %D. Combining %T with a unit is available in 2.2.30 and later.

{number:ResponseTimeMilliSecs,ftype=processrequestmilli}
{number:ResponseTimeMicroSecs,ftype=processrequestmicrosecs}
{number:ResponseTimeSecs,ftype=processrequestsecs}

processrequestmilli

processrequestmicrosecs

processrequestsecs

%u

Remote user that was authenticated (from auth; may be bogus if return status (%s) is 401)

{string:Remote User,ftype=remoteuser;,}

Remote user (from auth; may be bogus if return status (%s) is 401)

remoteuser

%U

The URL path requested, not including any query string.

{

string

text:

URL

RequestURL,ftype=requrl

;,

}

The URL path requested, not including any query string.

requrl

%v

The canonical ServerName of the server serving the request.

{text:ServerName,ftype=servername}

servername

%V

The server name according to the UseCanonicalName setting.

{text:ServerName,ftype=servername}

The server name according to the UseCanonicalName setting.

servername

%X

Connection status when response is completed:

`X` =	connection aborted before the response completed.
`+` =	connection may be kept alive after the response is sent.
`-` =	connection will be closed after the response is sent.

(This directive was %c in late versions of Apache 1.3, but this conflicted with the historical ssl %{var}c syntax.)

Versions Compared

Old Version 21

New Version Current

Key