analysis programs. The log file entries produced in CLF will      look something like this:</p>      <div class="example"><p><code>        127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET        /apache_pb.gif HTTP/1.0" 200 2326      </code></p></div>      <p>Each part of this log entry is described below.</p>      <dl>        <dt><code>127.0.0.1</code> (<code>%h</code>)</dt>        <dd>This is the IP address of the client (remote host) which        made the request to the server. If <code class="directive"><a href="./mod/core.html#hostnamelookups">HostnameLookups</a></code> is        set to <code>On</code>, then the server will try to determine        the hostname and log it in place of the IP address. However,        this configuration is not recommended since it can        significantly slow the server. Instead, it is best to use a        log post-processor such as <code class="program"><a href="./programs/logresolve.html">logresolve</a></code> to determine        the hostnames. The IP address reported here is not        necessarily the address of the machine at which the user is        sitting. If a proxy server exists between the user and the        server, this address will be the address of the proxy, rather        than the originating machine.</dd>        <dt><code>-</code> (<code>%l</code>)</dt>        <dd>The "hyphen" in the output indicates that the requested        piece of information is not available. In this case, the        information that is not available is the RFC 1413 identity of        the client determined by <code>identd</code> on the client's        machine. This information is highly unreliable and should        almost never be used except on tightly controlled internal        networks. Apache httpd will not even attempt to determine        this information unless <code class="directive"><a href="./mod/core.html#identitycheck">IdentityCheck</a></code> is set        to <code>On</code>.</dd>        <dt><code>frank</code> (<code>%u</code>)</dt>        <dd>This is the userid of the person requesting the document        as determined by HTTP authentication. The same value is        typically provided to CGI scripts in the        <code>REMOTE_USER</code> environment variable. If the status        code for the request (see below) is 401, then this value        should not be trusted because the user is not yet        authenticated. If the document is not password protected,        this entry will be "<code>-</code>" just like the previous        one.</dd>        <dt><code>[10/Oct/2000:13:55:36 -0700]</code>        (<code>%t</code>)</dt>        <dd>          The time that the request was received.          The format is:           <p class="indent">            <code>[day/month/year:hour:minute:second zone]<br />             day = 2*digit<br />             month = 3*letter<br />             year = 4*digit<br />             hour = 2*digit<br />             minute = 2*digit<br />             second = 2*digit<br />             zone = (`+' | `-') 4*digit</code>          </p>          It is possible to have the time displayed in another format          by specifying <code>%{format}t</code> in the log format          string, where <code>format</code> is as in          <code>strftime(3)</code> from the C standard library.        </dd>        <dt><code>"GET /apache_pb.gif HTTP/1.0"</code>        (<code>\"%r\"</code>)</dt>        <dd>The request line from the client is given in double        quotes. The request line contains a great deal of useful        information. First, the method used by the client is        <code>GET</code>. Second, the client requested the resource        <code>/apache_pb.gif</code>, and third, the client used the        protocol <code>HTTP/1.0</code>. It is also possible to log        one or more parts of the request line independently. For        example, the format string "<code>%m %U%q %H</code>" will log        the method, path, query-string, and protocol, resulting in        exactly the same output as "<code>%r</code>".</dd>        <dt><code>200</code> (<code>%&gt;s</code>)</dt>        <dd>This is the status code that the server sends back to the        client. This information is very valuable, because it reveals        whether the request resulted in a successful response (codes        beginning in 2), a redirection (codes beginning in 3), an        error caused by the client (codes beginning in 4), or an        error in the server (codes beginning in 5). The full list of        possible status codes can be found in the <a href="http://www.w3.org/Protocols/rfc2616/rfc2616.txt">HTTP        specification</a> (RFC2616 section 10).</dd>        <dt><code>2326</code> (<code>%b</code>)</dt>        <dd>The last entry indicates the size of the object returned        to the client, not including the response headers. If no        content was returned to the client, this value will be        "<code>-</code>". To log "<code>0</code>" for no content, use        <code>%B</code> instead.</dd>      </dl>        <h3><a name="combined" id="combined">Combined Log Format</a></h3>            <p>Another commonly used format string is called the Combined      Log Format. It can be used as follows.</p>      <div class="example"><p><code>        LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\"        \"%{User-agent}i\"" combined<br />         CustomLog log/access_log combined      </code></p></div>      <p>This format is exactly the same as the Common Log Format,      with the addition of two more fields. Each of the additional      fields uses the percent-directive      <code>%{<em>header</em>}i</code>, where <em>header</em> can be      any HTTP request header. The access log under this format will      look like:</p>      <div class="example"><p><code>        127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET        /apache_pb.gif HTTP/1.0" 200 2326        "http://www.example.com/start.html" "Mozilla/4.08 [en]        (Win98; I ;Nav)"      </code></p></div>      <p>The additional fields are:</p>      <dl>        <dt><code>"http://www.example.com/start.html"</code>        (<code>\"%{Referer}i\"</code>)</dt>        <dd>The "Referer" (sic) HTTP request header. This gives the        site that the client reports having been referred from. (This        should be the page that links to or includes        <code>/apache_pb.gif</code>).</dd>        <dt><code>"Mozilla/4.08 [en] (Win98; I ;Nav)"</code>        (<code>\"%{User-agent}i\"</code>)</dt>        <dd>The User-Agent HTTP request header. This is the        identifying information that the client browser reports about        itself.</dd>      </dl>        <h3><a name="multiple" id="multiple">Multiple Access Logs</a></h3>            <p>Multiple access logs can be created simply by specifying      multiple <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code>       directives in the configuration      file. For example, the following directives will create three      access logs. The first contains the basic CLF information,      while the second and third contain referer and browser      information. The last two <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code> lines show how      to mimic the effects of the <code>ReferLog</code> and <code>AgentLog</code> directives.</p>      <div class="example"><p><code>        LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />        CustomLog logs/access_log common<br />        CustomLog logs/referer_log "%{Referer}i -&gt; %U"<br />        CustomLog logs/agent_log "%{User-agent}i"      </code></p></div>      <p>This example also shows that it is not necessary to define a      nickname with the <code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code> directive. Instead,      the log format can be specified directly in the <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code> directive.</p>        <h3><a name="conditional" id="conditional">Conditional Logs</a></h3>            <p>There are times when it is convenient to exclude certain      entries from the access logs based on characteristics of the      client request. This is easily accomplished with the help of <a href="env.html">environment variables</a>. First, an      environment variable must be set to indicate that the request      meets certain conditions. This is usually accomplished with       <code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code>. Then the      <code>env=</code> clause of the <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code> directive is used to	  include or exclude requests where the environment variable is	  set. Some examples:</p>      <div class="example"><p><code>        # Mark requests from the loop-back interface<br />        SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />        # Mark requests for the robots.txt file<br />