Access logs
The alscan tool is designed to read web-server access logs. Such access logs were originally generated by the Apache HTTP Server, but the same format can also be used by other web-servers including nginx.
Log file formats
There are two different access log formats which are currently supported. They are the common log file format, and the combined format. In both formats, a single line is generated for each incomming request.
Common format
This format was defined by the W3C working group. It is compatible with standard log tools. See the W3C common log format web site for more information.
Combined format
The Apache Server documentation also describes a combined log format. This included two additional fields in quotes: The Referer and the User-Agent.
Format details
The combined format includes the following fields:
- The request address. usually an IPv4 address in dot-decimal notation, but DNS names and IPv6 addresses are also supported.
- Client identity. This will be a hyphen-minus (U+002D)
'-'
in most cases. The additional overhead of the IdentityCheck directive means that this is information is normally not available. - Authenticated User identity. This information is available when the user is “logged-in”. In most cases this is also hyphen-minus indicating the information is not available.
- Request time stamp. The date and time when the request was made. Unfortunately, the exact format of the time stamp is configurable (read changes for each distribution).
HTTP Request line. The request line exactly as it came from the client. This is normally composed of three fields:
- Protocol request method (i.e. GET, HEAD, POST, PUT, etc.)
- Relative URI (no scheme, host, user, password, port)
- Protocol identifier (HTTP/1.0 or HTTP/1.1)
Status-code Three digit HTTP status code.
Returned object size in octets (bytes). A hyphen-minus indicates no object was returned. Size does not include any headers, or encoding.
The referer (sic). The URI of the page which included a link to this request. A hyphen-minus if the request was not referred.
The User-Agent. A hyphen-minus if no user-agent information was provided.
End-of-line.
Access log selection
Access logs can be selected by file using the --file
option. All the files in a directory can be selected using the --directory
option. When using standard control panel software, they can also be selected by account and domain. Currently the use of cPanel is recognized, when used by the root administrator, or when used by a account holder. Additional control panel software could be supported in the future.
Selection options
--file
--directory
Access log locations
The location of the log files depends upon your web server configuration. The logs themselves are site specific. When using cPanel, the locations of the files can be determined from the account holder name and the domain name.