Logging Cookies with the Apache httpd web server

An interesting question that came up yesterday - can we extend Apache httpd's logging to include details of cookies sent to the server? The answer is yes, and overnight I have done a little testing.

Let's say I want a log file with records like this:

203.126.136.220 [20/Aug/2008:07:39:25 +0100] "wxt=551e80d6ca00833407af3f85ac8919a5" 200 "GET /forum/The-Tcl-programming-language/File-Searching.html HTTP/1.1"

66.249.65.108 [20/Aug/2008:07:40:44 +0100] "-" 200 "GET /forum/The-MySQL-Relational-Database/Copying-a-table-structure.html HTTP/1.1"

220.227.116.220 [20/Aug/2008:07:40:37 +0100] "wxt=d173ff275e98ed6535eb14ca992976e0; whcmy=whc48abbbef58a62" 200 "GET /resources/P307.html HTTP/1.0"

All I had to do was to add the following two lines to my httpd.conf file:

LogFormat "%h %t \"%{Cookie}i\" %>s \"%r\"" cookie

CustomLog "/home/wellho/logs/cookie_log" cookie

The first line defines a new log file format including the cookie header, and the second describes where that log file is to be generated. And, yes, you could do something similar for acceptable compression types, preferred languages, and much more!

And then stop and restart the server to have the new configuration read and effected (./bin/apachectl stop; ./bin/apachectl start)

Some extra notes:

a) Bare in mind that a nonstandard log file format won't be automatically accepted as an input data source by analog, awstats and all the other web file log analysis packages out there!

b) remember to use crontab or something like it to cycle the log files.

c) There could be privacy issues ... this is JUST an experiment!

Why would I want to note cookies?
• To help tell automata apart from real visitors
• To help establish who's who when I have multiple visitors from the same site
• To help over the long term to trace back multiple accesses from different IP addresses to the same visitor - as will happen from the laptop I'm posting from today for example - which last week was in Melksham, over the weekend was in St Briavels and is now posting from Milton keynes.
(written 2008-08-20, updated 2008-08-21) 244c

Associated topics are indexed under

A606 - Web Application Deployment - Apache httpd - log files and log tools
  [3984] 20 minutes in to our 15 minutes of fame - (2013-01-20)
  [3974] TV show appearance - how does it effect your web site? - (2013-01-13)
  [3670] Reading Google Analytics results, based on the relative populations of countries - (2012-03-24)
  [3554] Learning more about our web site - and learning how to learn about yours - (2011-12-17)
  [3491] Who is knocking at your web site door? Are you well set up to deal with allcomers? - (2011-10-21)
  [3447] Needle in a haystack - finding the web server overload - (2011-09-18)
  [3443] Getting more log information from the Apache http web server - (2011-09-16)
  [3087] Making the most of critical emails - reading behind the scene - (2010-12-16)
  [3027] Server logs - drawing a graph of gathered data - (2010-11-03)
  [3019] Apache httpd Server Status - monitoring your server - (2010-10-28)
  [3015] Logging the performance of the Apache httpd web server - (2010-10-25)
  [1796] libwww-perl and Indy Library in your server logs? - (2008-09-13)
  [1780] Server overloading - turns out to be feof in PHP - (2008-09-01)
  [1656] Be careful of misreading server statistics - (2008-05-28)
  [1598] Every link has two ends - fixing 404s at the recipient - (2008-04-02)
  [1503] Web page (http) error status 405 - (2008-01-12)
  [1237] What proportion of our web traffic is robots? - (2007-06-19)
  [376] What brings people to my web site? - (2005-07-13)

Back to
An opportunity for something new

Previous and next
or
Horse's mouth home

Forward to
WEB-INF (Tomcat) and .htaccess (httpd)

Some other Articles

Dialects of English and Unix
Yank and Push - copy and move in vi
Co-operating to save, yet we dont
WEB-INF (Tomcat) and .htaccess (httpd)
Logging Cookies with the Apache httpd web server
An opportunity for something new
While the world sleeps ...
Lindors Hotel, near St. Briavels, Wye Valley
Preserved railways - struggling to the future?
Ever had One of THOSE mornings?

4086 posts, page by page

Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82 at 50 posts per page

This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).